APPLIED: [SRU][F][PATCH 0/1] KVM: PV: ext call delivered twice when receiver in PSW wait (LP: 1995941)

Stefan Bader stefan.bader at canonical.com
Fri Nov 11 11:54:16 UTC 2022 

On 10.11.22 21:06, frank.heimes at canonical.com wrote:
> BugLink: https://bugs.launchpad.net/bugs/1995941
> 
> SRU Justification:
> 
> [Impact]
> 
>   * In a secure execution guest, the external interrupt for the SIGP
>     external call order is delivered twice to a VCPU even though it was
>     only sent once.
> 
>   * Under PV (protected virtualization), external call interrupts are
>     delivered by the SIGP interpretation facility, without KVM's
>     involvement.
>     But, if the receiving CPU is in enabled wait, KVM needs to wake the
>     receiving CPU such that the interrupt can be delivered.
>     Hence, in this case, the SIGP external call order causes
>     an interception.
> 
>   * In response, KVM only needs to wake the receiving VCPU.
>     Interrupt delivery is then handled by the SIGP interpretation facility.
> 
>   * KVM wrongly assumed it also needs to request injection for the
>     external call interrupt after the respective intercept, causing the
>     interrupt to be delivered twice:
>     * once through the SIGP interpretation facility
>     * and once through the interrupt injection control by KVM.
> 
>   * Solution is to add appropriate special handling for 108 external
>     call intercepts.
> 
> [Fix]
> 
>   * c3f0e5fd2d33 c3f0e5fd2d33d80c5a5a8b5e5d2bab2841709cc8
>     "KVM: s390: pv: don't present the ecall interrupt twice"
> 
> [Test Case]
> 
>   * Have an Secure Execution (PV) environment setup on an
>     IBM z15 or LinuxONE III LPAR using Ubuntu Server 20.04 (latest).
> 
>   * Apply kvm-unit-test submitted upstream:
>     "[kvm-unit-tests PATCH v1 0/4] s390x: add tests for SIGP call \
>      orders in enabled wait"
> 
>   * Run the smp_PV kvm-unit-test: ./run_tests.sh smp_PV
> 
>   * Check logs/smp_PV.log.
>     If system is affected, the following line can be found:
>     "ABORT: smp: psw wait: ecall: Unexpected external call interrupt \
>      (code 0x1202): on cpu 1 at 0x11958"
> 
>   * If the system is not affected, the line should look like this:
>     "PASS: smp: psw wait: ecall: received"
> 
> [Regression Potential / What can go wrong]
> 
>   * The handle_pv_notification can be wrong and misleading
>     in case 'ret' is not handled correctly.
> 
>   * trace_kvm_s390_handle_sigp_pei might not be called correctly,
>     now after the if condition.
> 
>   * In worst case the external interrupt could not be delivered
>     at all or still too often.
> 
> [Other]
> 
>   * The fix/patch c3f0e5fd2d33 got upstream accepted with kernel v6.0,
>     so it not only needs to be applied to 20.04/5.4, but also to 22.04/5.15
>     and 22.10/5.19.
> 
>   * But the patch got properly tagged for upstream stable:
>     Cc: <stable at vger.kernel.org> # 5.7
>     Fixes: da24a0cc58ed ("KVM: s390: protvirt: Instruction emulation")
> 
>   * And with that it got already picked up and is included in:
>     22.04 with Ubuntu-5.15.0-53.59 (currently in jammy-proposed)
>     22.10 with Ubuntu-5.19.0-16.16 means incl. in the release kernel.
> 
>   * So the only Ubuntu release that is affected is 20.04/focal.
> 
> Nico Boehr (1):
>    KVM: s390: pv: don't present the ecall interrupt twice
> 
>   arch/s390/kvm/intercept.c | 15 +++++++++++++++
>   arch/s390/kvm/sigp.c      |  4 ++--
>   2 files changed, 17 insertions(+), 2 deletions(-)
> 

Applied to focal:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20221111/77d9a1d0/attachment.sig>

More information about the kernel-team mailing list