From: Martin Schwidefsky <schwidefsky@de.ibm.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Subject: [PATCH 10/19] KVM: s390: force bp isolation for VSIE
Date: Fri, 27 Apr 2018 07:36:48 +0200 [thread overview]
Message-ID: <20180427053657.56944-11-schwidefsky@de.ibm.com> (raw)
In-Reply-To: <20180427053657.56944-1-schwidefsky@de.ibm.com>
From: Christian Borntraeger <borntraeger@de.ibm.com>
[ Upstream commit f315104ad8b0c32be13eac628569ae707c332cb5 ]
If the guest runs with bp isolation when doing a SIE instruction,
we must also run the nested guest with bp isolation when emulating
that SIE instruction.
This is done by activating BPBC in the lpar, which acts as an override
for lower level guests.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.vnet.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
---
arch/s390/kvm/vsie.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index e56b7724054c..ced6c9b8f04d 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -764,6 +764,7 @@ static int do_vsie_run(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
{
struct kvm_s390_sie_block *scb_s = &vsie_page->scb_s;
struct kvm_s390_sie_block *scb_o = vsie_page->scb_o;
+ int guest_bp_isolation;
int rc;
handle_last_fault(vcpu, vsie_page);
@@ -774,6 +775,20 @@ static int do_vsie_run(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
s390_handle_mcck();
srcu_read_unlock(&vcpu->kvm->srcu, vcpu->srcu_idx);
+
+ /* save current guest state of bp isolation override */
+ guest_bp_isolation = test_thread_flag(TIF_ISOLATE_BP_GUEST);
+
+ /*
+ * The guest is running with BPBC, so we have to force it on for our
+ * nested guest. This is done by enabling BPBC globally, so the BPBC
+ * control in the SCB (which the nested guest can modify) is simply
+ * ignored.
+ */
+ if (test_kvm_facility(vcpu->kvm, 82) &&
+ vcpu->arch.sie_block->fpf & FPF_BPBC)
+ set_thread_flag(TIF_ISOLATE_BP_GUEST);
+
local_irq_disable();
guest_enter_irqoff();
local_irq_enable();
@@ -783,6 +798,11 @@ static int do_vsie_run(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page)
local_irq_disable();
guest_exit_irqoff();
local_irq_enable();
+
+ /* restore guest state for bp isolation override */
+ if (!guest_bp_isolation)
+ clear_thread_flag(TIF_ISOLATE_BP_GUEST);
+
vcpu->srcu_idx = srcu_read_lock(&vcpu->kvm->srcu);
if (rc > 0)
--
2.13.5
next prev parent reply other threads:[~2018-04-27 5:37 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-27 5:36 [PATCH 00/19] s390 spectre mititgation for 4.9 Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 01/19] s390: introduce CPU alternatives Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 02/19] s390: enable CPU alternatives unconditionally Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 03/19] KVM: s390: wire up bpb feature Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 04/19] s390: scrub registers on kernel entry and KVM exit Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 05/19] s390: add optimized array_index_mask_nospec Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 06/19] s390/alternative: use a copy of the facility bit mask Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 07/19] s390: add options to change branch prediction behaviour for the kernel Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 08/19] s390: run user space and KVM guests with modified branch prediction Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 09/19] s390: introduce execute-trampolines for branches Martin Schwidefsky
2018-04-27 5:36 ` Martin Schwidefsky [this message]
2018-04-27 5:36 ` [PATCH 11/19] s390: Replace IS_ENABLED(EXPOLINE_*) with IS_ENABLED(CONFIG_EXPOLINE_*) Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 12/19] s390: do not bypass BPENTER for interrupt system calls Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 13/19] s390/entry.S: fix spurious zeroing of r0 Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 14/19] s390: move nobp parameter functions to nospec-branch.c Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 15/19] s390: add automatic detection of the spectre defense Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 16/19] s390: report spectre mitigation via syslog Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 17/19] s390: add sysfs attributes for spectre Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 18/19] s390: correct nospec auto detection init order Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 19/19] s390: correct module section names for expoline code revert Martin Schwidefsky
2018-04-27 10:11 ` [PATCH 00/19] s390 spectre mititgation for 4.9 Greg Kroah-Hartman
-- strict thread matches above, loose matches on Subject: below --
2018-04-27 5:36 [PATCH 00/19] s390 spectre mititgation for 4.14 Martin Schwidefsky
2018-04-27 5:36 ` [PATCH 10/19] KVM: s390: force bp isolation for VSIE Martin Schwidefsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180427053657.56944-11-schwidefsky@de.ibm.com \
--to=schwidefsky@de.ibm.com \
--cc=gregkh@linuxfoundation.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.