From: Janosch Frank <frankja@linux.ibm.com>
To: Thomas Huth <thuth@redhat.com>,
kvm@vger.kernel.org,
Christian Borntraeger <borntraeger@de.ibm.com>
Cc: David Hildenbrand <david@redhat.com>,
Cornelia Huck <cohuck@redhat.com>,
linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] KVM: s390: Disallow invalid bits in kvm_valid_regs and kvm_dirty_regs
Date: Wed, 4 Sep 2019 09:33:45 +0200 [thread overview]
Message-ID: <3b1666ee-0b7f-a775-3622-5ca7f938aeb0@linux.ibm.com> (raw)
In-Reply-To: <20190904071308.25683-1-thuth@redhat.com>
[-- Attachment #1.1: Type: text/plain, Size: 3880 bytes --]
On 9/4/19 9:13 AM, Thomas Huth wrote:
> If unknown bits are set in kvm_valid_regs or kvm_dirty_regs, this
> clearly indicates that something went wrong in the KVM userspace
> application. The x86 variant of KVM already contains a check for
> bad bits (and the corresponding kselftest checks this), so let's
> do the same on s390x now, too.
>
> Signed-off-by: Thomas Huth <thuth@redhat.com>
I think it would make sense to split the kvm changes from the test.
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
> ---
> arch/s390/include/uapi/asm/kvm.h | 6 ++++
> arch/s390/kvm/kvm-s390.c | 4 +++
> .../selftests/kvm/s390x/sync_regs_test.c | 30 +++++++++++++++++++
> 3 files changed, 40 insertions(+)
>
> diff --git a/arch/s390/include/uapi/asm/kvm.h b/arch/s390/include/uapi/asm/kvm.h
> index 47104e5b47fd..436ec7636927 100644
> --- a/arch/s390/include/uapi/asm/kvm.h
> +++ b/arch/s390/include/uapi/asm/kvm.h
> @@ -231,6 +231,12 @@ struct kvm_guest_debug_arch {
> #define KVM_SYNC_GSCB (1UL << 9)
> #define KVM_SYNC_BPBC (1UL << 10)
> #define KVM_SYNC_ETOKEN (1UL << 11)
> +
> +#define KVM_SYNC_S390_VALID_FIELDS \
> + (KVM_SYNC_PREFIX | KVM_SYNC_GPRS | KVM_SYNC_ACRS | KVM_SYNC_CRS | \
> + KVM_SYNC_ARCH0 | KVM_SYNC_PFAULT | KVM_SYNC_VRS | KVM_SYNC_RICCB | \
> + KVM_SYNC_FPRS | KVM_SYNC_GSCB | KVM_SYNC_BPBC | KVM_SYNC_ETOKEN)
> +
> /* length and alignment of the sdnx as a power of two */
> #define SDNXC 8
> #define SDNXL (1UL << SDNXC)
> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> index 49d7722229ae..a7d7dedfe527 100644
> --- a/arch/s390/kvm/kvm-s390.c
> +++ b/arch/s390/kvm/kvm-s390.c
> @@ -3998,6 +3998,10 @@ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run)
> if (kvm_run->immediate_exit)
> return -EINTR;
>
> + if (kvm_run->kvm_valid_regs & ~KVM_SYNC_S390_VALID_FIELDS ||
> + kvm_run->kvm_dirty_regs & ~KVM_SYNC_S390_VALID_FIELDS)
> + return -EINVAL;
> +
> vcpu_load(vcpu);
>
> if (guestdbg_exit_pending(vcpu)) {
> diff --git a/tools/testing/selftests/kvm/s390x/sync_regs_test.c b/tools/testing/selftests/kvm/s390x/sync_regs_test.c
> index bbc93094519b..d5290b4ad636 100644
> --- a/tools/testing/selftests/kvm/s390x/sync_regs_test.c
> +++ b/tools/testing/selftests/kvm/s390x/sync_regs_test.c
> @@ -85,6 +85,36 @@ int main(int argc, char *argv[])
>
> run = vcpu_state(vm, VCPU_ID);
>
> + /* Request reading invalid register set from VCPU. */
> + run->kvm_valid_regs = INVALID_SYNC_FIELD;
> + rv = _vcpu_run(vm, VCPU_ID);
> + TEST_ASSERT(rv < 0 && errno == EINVAL,
> + "Invalid kvm_valid_regs did not cause expected KVM_RUN error: %d\n",
> + rv);
> + vcpu_state(vm, VCPU_ID)->kvm_valid_regs = 0;
> +
> + run->kvm_valid_regs = INVALID_SYNC_FIELD | TEST_SYNC_FIELDS;
> + rv = _vcpu_run(vm, VCPU_ID);
> + TEST_ASSERT(rv < 0 && errno == EINVAL,
> + "Invalid kvm_valid_regs did not cause expected KVM_RUN error: %d\n",
> + rv);
> + vcpu_state(vm, VCPU_ID)->kvm_valid_regs = 0;
> +
> + /* Request setting invalid register set into VCPU. */
> + run->kvm_dirty_regs = INVALID_SYNC_FIELD;
> + rv = _vcpu_run(vm, VCPU_ID);
> + TEST_ASSERT(rv < 0 && errno == EINVAL,
> + "Invalid kvm_dirty_regs did not cause expected KVM_RUN error: %d\n",
> + rv);
> + vcpu_state(vm, VCPU_ID)->kvm_dirty_regs = 0;
> +
> + run->kvm_dirty_regs = INVALID_SYNC_FIELD | TEST_SYNC_FIELDS;
> + rv = _vcpu_run(vm, VCPU_ID);
> + TEST_ASSERT(rv < 0 && errno == EINVAL,
> + "Invalid kvm_dirty_regs did not cause expected KVM_RUN error: %d\n",
> + rv);
> + vcpu_state(vm, VCPU_ID)->kvm_dirty_regs = 0;
> +
> /* Request and verify all valid register sets. */
> run->kvm_valid_regs = TEST_SYNC_FIELDS;
> rv = _vcpu_run(vm, VCPU_ID);
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2019-09-04 7:33 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-04 7:13 [PATCH] KVM: s390: Disallow invalid bits in kvm_valid_regs and kvm_dirty_regs Thomas Huth
2019-09-04 7:33 ` Janosch Frank [this message]
2019-09-04 7:46 ` Christian Borntraeger
2019-09-04 7:54 ` Cornelia Huck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3b1666ee-0b7f-a775-3622-5ca7f938aeb0@linux.ibm.com \
--to=frankja@linux.ibm.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.