[PATCH 0/4] KVM: s390: Fixes for 4.15

[PATCH 0/4] KVM: s390: Fixes for 4.15

[Christian Borntraeger]

This is what I have as fixes for 4.15, please review the new
patch
"KVM: s390: Fix skey emulation permission check"

Pull request will follow if there are no concerns.

text for pull request:

- SPDX tags
- Fence storage key accesses from problem state
- Make sure that irq_state.flags is not used in the future

----------------------------------------------------------------
Christian Borntraeger (1):
      KVM: s390: mark irq_state.flags as non-usable

Greg Kroah-Hartman (2):
      KVM: s390: add SPDX identifiers to the remaining files
      KVM: s390: Remove redundant license text

Janosch Frank (1):
      KVM: s390: Fix skey emulation permission check

 Documentation/virtual/kvm/api.txt | 15 ++++++++++++---
 arch/s390/kvm/Makefile            |  5 +----
 arch/s390/kvm/diag.c              |  5 +----
 arch/s390/kvm/gaccess.h           |  5 +----
 arch/s390/kvm/guestdbg.c          |  5 +----
 arch/s390/kvm/intercept.c         |  5 +----
 arch/s390/kvm/interrupt.c         |  5 +----
 arch/s390/kvm/irq.h               |  5 +----
 arch/s390/kvm/kvm-s390.c          | 11 +++++------
 arch/s390/kvm/kvm-s390.h          |  5 +----
 arch/s390/kvm/priv.c              | 16 ++++++++++------
 arch/s390/kvm/sigp.c              |  5 +----
 arch/s390/kvm/vsie.c              |  5 +----
 include/uapi/linux/kvm.h          |  4 ++--
 14 files changed, 39 insertions(+), 57 deletions(-)

[PATCH 1/4] KVM: s390: add SPDX identifiers to the remaining files

[Christian Borntraeger]

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

It's good to have SPDX identifiers in all files to make it easier to
audit the kernel tree for correct licenses.

Update the arch/s390/kvm/ files with the correct SPDX license
identifier based on the license text in the file itself.  The SPDX
identifier is a legally binding shorthand, which can be used instead of
the full boiler plate text.

This work is based on a script and data from Thomas Gleixner, Philippe
Ombredanne, and Kate Stewart.

Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kate Stewart <kstewart@linuxfoundation.org>
Cc: Philippe Ombredanne <pombredanne@nexb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Message-Id: <20171124140043.10062-3-gregkh@linuxfoundation.org>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 arch/s390/kvm/Makefile    | 1 +
 arch/s390/kvm/diag.c      | 1 +
 arch/s390/kvm/gaccess.h   | 1 +
 arch/s390/kvm/guestdbg.c  | 1 +
 arch/s390/kvm/intercept.c | 1 +
 arch/s390/kvm/interrupt.c | 1 +
 arch/s390/kvm/irq.h       | 1 +
 arch/s390/kvm/kvm-s390.c  | 1 +
 arch/s390/kvm/kvm-s390.h  | 1 +
 arch/s390/kvm/priv.c      | 1 +
 arch/s390/kvm/sigp.c      | 1 +
 arch/s390/kvm/vsie.c      | 1 +
 12 files changed, 12 insertions(+)

diff --git a/arch/s390/kvm/Makefile b/arch/s390/kvm/Makefile
index 6048b1c..2c5a819 100644
--- a/arch/s390/kvm/Makefile
+++ b/arch/s390/kvm/Makefile
@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: GPL-2.0
 # Makefile for kernel virtual machines on s390
 #
 # Copyright IBM Corp. 2008
diff --git a/arch/s390/kvm/diag.c b/arch/s390/kvm/diag.c
index d93a2c0..481e1fe 100644
--- a/arch/s390/kvm/diag.c
+++ b/arch/s390/kvm/diag.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0
 /*
  * handling diagnose instructions
  *
diff --git a/arch/s390/kvm/gaccess.h b/arch/s390/kvm/gaccess.h
index bec42b8..443b7fa 100644
--- a/arch/s390/kvm/gaccess.h
+++ b/arch/s390/kvm/gaccess.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 */
 /*
  * access guest memory
  *
diff --git a/arch/s390/kvm/guestdbg.c b/arch/s390/kvm/guestdbg.c
index bcbd866..d6a1bea 100644
--- a/arch/s390/kvm/guestdbg.c
+++ b/arch/s390/kvm/guestdbg.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0
 /*
  * kvm guest debug support
  *
diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
index 8fe034b..fc76a91 100644
--- a/arch/s390/kvm/intercept.c
+++ b/arch/s390/kvm/intercept.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0
 /*
  * in-kernel handling for sie intercepts
  *
diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index fa55737..f37a34e 100644
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0
 /*
  * handling kvm guest interrupts
  *
diff --git a/arch/s390/kvm/irq.h b/arch/s390/kvm/irq.h
index d98e415..54a4a59 100644
--- a/arch/s390/kvm/irq.h
+++ b/arch/s390/kvm/irq.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 */
 /*
  * s390 irqchip routines
  *
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 98ad8b9..0d45e32 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0
 /*
  * hosting zSeries kernel virtual machines
  *
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index 10d65df..9777924 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0 */
 /*
  * definition for kvm on s390
  *
diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index c954ac4..c9d962a 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0
 /*
  * handling privileged instructions
  *
diff --git a/arch/s390/kvm/sigp.c b/arch/s390/kvm/sigp.c
index 9d592ef..d12ac5d 100644
--- a/arch/s390/kvm/sigp.c
+++ b/arch/s390/kvm/sigp.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0
 /*
  * handling interprocessor communication
  *
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index a311938..d2b7886 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0
 /*
  * kvm nested virtualization support for s390x
  *
-- 
2.9.4

[PATCH 2/4] KVM: s390: Remove redundant license text

[Christian Borntraeger]

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Now that the SPDX tag is in all arch/s390/kvm/ files, that identifies
the license in a specific and legally-defined manner.  So the extra GPL
text wording can be removed as it is no longer needed at all.

This is done on a quest to remove the 700+ different ways that files in
the kernel describe the GPL license text.  And there's unneeded stuff
like the address (sometimes incorrect) for the FSF which is never
needed.

No copyright headers or other non-license-description text was removed.

Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Message-Id: <20171124140043.10062-9-gregkh@linuxfoundation.org>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 arch/s390/kvm/Makefile    | 4 ----
 arch/s390/kvm/diag.c      | 4 ----
 arch/s390/kvm/gaccess.h   | 4 ----
 arch/s390/kvm/guestdbg.c  | 4 ----
 arch/s390/kvm/intercept.c | 4 ----
 arch/s390/kvm/interrupt.c | 4 ----
 arch/s390/kvm/irq.h       | 4 ----
 arch/s390/kvm/kvm-s390.c  | 4 ----
 arch/s390/kvm/kvm-s390.h  | 4 ----
 arch/s390/kvm/priv.c      | 4 ----
 arch/s390/kvm/sigp.c      | 4 ----
 arch/s390/kvm/vsie.c      | 4 ----
 12 files changed, 48 deletions(-)

diff --git a/arch/s390/kvm/Makefile b/arch/s390/kvm/Makefile
index 2c5a819..05ee90a 100644
--- a/arch/s390/kvm/Makefile
+++ b/arch/s390/kvm/Makefile
@@ -2,10 +2,6 @@
 # Makefile for kernel virtual machines on s390
 #
 # Copyright IBM Corp. 2008
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License (version 2 only)
-# as published by the Free Software Foundation.
 
 KVM := ../../../virt/kvm
 common-objs = $(KVM)/kvm_main.o $(KVM)/eventfd.o  $(KVM)/async_pf.o $(KVM)/irqchip.o $(KVM)/vfio.o
diff --git a/arch/s390/kvm/diag.c b/arch/s390/kvm/diag.c
index 481e1fe..89aa114 100644
--- a/arch/s390/kvm/diag.c
+++ b/arch/s390/kvm/diag.c
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2008, 2011
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  *               Christian Borntraeger <borntraeger@de.ibm.com>
  */
diff --git a/arch/s390/kvm/gaccess.h b/arch/s390/kvm/gaccess.h
index 443b7fa..f4c5175 100644
--- a/arch/s390/kvm/gaccess.h
+++ b/arch/s390/kvm/gaccess.h
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2008, 2014
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  */
 
diff --git a/arch/s390/kvm/guestdbg.c b/arch/s390/kvm/guestdbg.c
index d6a1bea..b5f3e82 100644
--- a/arch/s390/kvm/guestdbg.c
+++ b/arch/s390/kvm/guestdbg.c
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2014
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): David Hildenbrand <dahi@linux.vnet.ibm.com>
  */
 #include <linux/kvm_host.h>
diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
index fc76a91..9c7d707 100644
--- a/arch/s390/kvm/intercept.c
+++ b/arch/s390/kvm/intercept.c
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2008, 2014
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  *               Christian Borntraeger <borntraeger@de.ibm.com>
  */
diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
index f37a34e..024ad8bc 100644
--- a/arch/s390/kvm/interrupt.c
+++ b/arch/s390/kvm/interrupt.c
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2008, 2015
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  */
 
diff --git a/arch/s390/kvm/irq.h b/arch/s390/kvm/irq.h
index 54a4a59..484608c 100644
--- a/arch/s390/kvm/irq.h
+++ b/arch/s390/kvm/irq.h
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2014
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
  */
 #ifndef __KVM_IRQ_H
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 0d45e32..34375eed 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2008, 2009
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  *               Christian Borntraeger <borntraeger@de.ibm.com>
  *               Heiko Carstens <heiko.carstens@de.ibm.com>
diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
index 9777924..5e46ba4 100644
--- a/arch/s390/kvm/kvm-s390.h
+++ b/arch/s390/kvm/kvm-s390.h
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2008, 2009
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  *               Christian Borntraeger <borntraeger@de.ibm.com>
  *               Christian Ehrhardt <ehrhardt@de.ibm.com>
diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index c9d962a..28b69ab 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2008, 2013
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  *               Christian Borntraeger <borntraeger@de.ibm.com>
  */
diff --git a/arch/s390/kvm/sigp.c b/arch/s390/kvm/sigp.c
index d12ac5d..c1f5cde 100644
--- a/arch/s390/kvm/sigp.c
+++ b/arch/s390/kvm/sigp.c
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2008, 2013
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  *               Christian Borntraeger <borntraeger@de.ibm.com>
  *               Christian Ehrhardt <ehrhardt@de.ibm.com>
diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
index d2b7886..5d6ae03 100644
--- a/arch/s390/kvm/vsie.c
+++ b/arch/s390/kvm/vsie.c
@@ -4,10 +4,6 @@
  *
  * Copyright IBM Corp. 2016
  *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License (version 2 only)
- * as published by the Free Software Foundation.
- *
  *    Author(s): David Hildenbrand <dahi@linux.vnet.ibm.com>
  */
 #include <linux/vmalloc.h>
-- 
2.9.4

[PATCH 3/4] KVM: s390: mark irq_state.flags as non-usable

[Christian Borntraeger]

Old kernels did not check for zero in the irq_state.flags field and old
QEMUs did not zero the flag/reserved fields when calling
KVM_S390_*_IRQ_STATE.  Let's add comments to prevent future uses of
these fields.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 Documentation/virtual/kvm/api.txt | 15 ++++++++++++---
 arch/s390/kvm/kvm-s390.c          |  6 ++++--
 include/uapi/linux/kvm.h          |  4 ++--
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/Documentation/virtual/kvm/api.txt b/Documentation/virtual/kvm/api.txt
index f670e4b..57d3ee9 100644
--- a/Documentation/virtual/kvm/api.txt
+++ b/Documentation/virtual/kvm/api.txt
@@ -2901,14 +2901,19 @@ userspace buffer and its length:
 
 struct kvm_s390_irq_state {
 	__u64 buf;
-	__u32 flags;
+	__u32 flags;        /* will stay unused for compatibility reasons */
 	__u32 len;
-	__u32 reserved[4];
+	__u32 reserved[4];  /* will stay unused for compatibility reasons */
 };
 
 Userspace passes in the above struct and for each pending interrupt a
 struct kvm_s390_irq is copied to the provided buffer.
 
+The structure contains a flags and a reserved field for future extensions. As
+the kernel never checked for flags == 0 and QEMU never pre-zeroed flags and
+reserved, these fields can not be used in the future without breaking
+compatibility.
+
 If -ENOBUFS is returned the buffer provided was too small and userspace
 may retry with a bigger buffer.
 
@@ -2932,10 +2937,14 @@ containing a struct kvm_s390_irq_state:
 
 struct kvm_s390_irq_state {
 	__u64 buf;
+	__u32 flags;        /* will stay unused for compatibility reasons */
 	__u32 len;
-	__u32 pad;
+	__u32 reserved[4];  /* will stay unused for compatibility reasons */
 };
 
+The restrictions for flags and reserved apply as well.
+(see KVM_S390_GET_IRQ_STATE)
+
 The userspace memory referenced by buf contains a struct kvm_s390_irq
 for each interrupt to be injected into the guest.
 If one of the interrupts could not be injected for some reason the
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 34375eed..efa439f 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1,8 +1,8 @@
 // SPDX-License-Identifier: GPL-2.0
 /*
- * hosting zSeries kernel virtual machines
+ * hosting IBM Z kernel virtual machines (s390x)
  *
- * Copyright IBM Corp. 2008, 2009
+ * Copyright IBM Corp. 2008, 2017
  *
  *    Author(s): Carsten Otte <cotte@de.ibm.com>
  *               Christian Borntraeger <borntraeger@de.ibm.com>
@@ -3808,6 +3808,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
 			r = -EINVAL;
 			break;
 		}
+		/* do not use irq_state.flags, it will break old QEMUs */
 		r = kvm_s390_set_irq_state(vcpu,
 					   (void __user *) irq_state.buf,
 					   irq_state.len);
@@ -3823,6 +3824,7 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
 			r = -EINVAL;
 			break;
 		}
+		/* do not use irq_state.flags, it will break old QEMUs */
 		r = kvm_s390_get_irq_state(vcpu,
 					   (__u8 __user *)  irq_state.buf,
 					   irq_state.len);
diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
index 282d7613..496e59a 100644
--- a/include/uapi/linux/kvm.h
+++ b/include/uapi/linux/kvm.h
@@ -630,9 +630,9 @@ struct kvm_s390_irq {
 
 struct kvm_s390_irq_state {
 	__u64 buf;
-	__u32 flags;
+	__u32 flags;        /* will stay unused for compatibility reasons */
 	__u32 len;
-	__u32 reserved[4];
+	__u32 reserved[4];  /* will stay unused for compatibility reasons */
 };
 
 /* for KVM_SET_GUEST_DEBUG */
-- 
2.9.4

[PATCH 4/4] KVM: s390: Fix skey emulation permission check

[Christian Borntraeger]

From: Janosch Frank <frankja@linux.vnet.ibm.com>

All skey functions call skey_check_enable at their start, which checks
if we are in the PSTATE and injects a privileged operation exception
if we are.

Unfortunately they continue processing afterwards and perform the
operation anyhow as skey_check_enable does not deliver an error if the
exception injection was successful.

Let's move the PSTATE check into the skey functions and exit them on
such an occasion, also we now do not enable skey handling anymore in
such a case.

Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Fixes: a7e19ab ("KVM: s390: handle missing storage-key facility")
Cc: <stable@vger.kernel.org> # v4.8+
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 arch/s390/kvm/priv.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index 28b69ab..572496c 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -232,8 +232,6 @@ static int try_handle_skey(struct kvm_vcpu *vcpu)
 		VCPU_EVENT(vcpu, 4, "%s", "retrying storage key operation");
 		return -EAGAIN;
 	}
-	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
-		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
 	return 0;
 }
 
@@ -244,6 +242,9 @@ static int handle_iske(struct kvm_vcpu *vcpu)
 	int reg1, reg2;
 	int rc;
 
+	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
+		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
+
 	rc = try_handle_skey(vcpu);
 	if (rc)
 		return rc != -EAGAIN ? rc : 0;
@@ -273,6 +274,9 @@ static int handle_rrbe(struct kvm_vcpu *vcpu)
 	int reg1, reg2;
 	int rc;
 
+	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
+		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
+
 	rc = try_handle_skey(vcpu);
 	if (rc)
 		return rc != -EAGAIN ? rc : 0;
@@ -308,6 +312,9 @@ static int handle_sske(struct kvm_vcpu *vcpu)
 	int reg1, reg2;
 	int rc;
 
+	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
+		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
+
 	rc = try_handle_skey(vcpu);
 	if (rc)
 		return rc != -EAGAIN ? rc : 0;
-- 
2.9.4

Re: [PATCH 4/4] KVM: s390: Fix skey emulation permission check

[Thomas Huth]

On 05.12.2017 09:33, Christian Borntraeger wrote:
> From: Janosch Frank <frankja@linux.vnet.ibm.com>
> 
> All skey functions call skey_check_enable at their start, which checks
> if we are in the PSTATE and injects a privileged operation exception
> if we are.
> 
> Unfortunately they continue processing afterwards and perform the
> operation anyhow as skey_check_enable does not deliver an error if the
> exception injection was successful.
> 
> Let's move the PSTATE check into the skey functions and exit them on
> such an occasion, also we now do not enable skey handling anymore in
> such a case.
> 
> Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com>
> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
> Fixes: a7e19ab ("KVM: s390: handle missing storage-key facility")
> Cc: <stable@vger.kernel.org> # v4.8+
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
>  arch/s390/kvm/priv.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)

Reviewed-by: Thomas Huth <thuth@redhat.com>

Re: [PATCH 4/4] KVM: s390: Fix skey emulation permission check

[Cornelia Huck]

On Tue,  5 Dec 2017 09:33:21 +0100
Christian Borntraeger <borntraeger@de.ibm.com> wrote:

> From: Janosch Frank <frankja@linux.vnet.ibm.com>
> 
> All skey functions call skey_check_enable at their start, which checks
> if we are in the PSTATE and injects a privileged operation exception
> if we are.
> 
> Unfortunately they continue processing afterwards and perform the
> operation anyhow as skey_check_enable does not deliver an error if the
> exception injection was successful.
> 
> Let's move the PSTATE check into the skey functions and exit them on
> such an occasion, also we now do not enable skey handling anymore in
> such a case.
> 
> Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com>
> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
> Fixes: a7e19ab ("KVM: s390: handle missing storage-key facility")
> Cc: <stable@vger.kernel.org> # v4.8+
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
>  arch/s390/kvm/priv.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)

Reviewed-by: Cornelia Huck <cohuck@redhat.com>

This reminds me of something I stumbled upon the other day:

handle_ri() and handle_gs() (both implemented in priv.c) don't seem to
have a check for PSTATE, yet they enable ri/gs before retrying the
instruction. Is that correct?

Re: [PATCH 4/4] KVM: s390: Fix skey emulation permission check

[Janosch Frank]

[-- Attachment #1.1: Type: text/plain, Size: 1672 bytes --]

On 05.12.2017 10:13, Cornelia Huck wrote:
> On Tue,  5 Dec 2017 09:33:21 +0100
> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> 
>> From: Janosch Frank <frankja@linux.vnet.ibm.com>
>>
>> All skey functions call skey_check_enable at their start, which checks
>> if we are in the PSTATE and injects a privileged operation exception
>> if we are.
>>
>> Unfortunately they continue processing afterwards and perform the
>> operation anyhow as skey_check_enable does not deliver an error if the
>> exception injection was successful.
>>
>> Let's move the PSTATE check into the skey functions and exit them on
>> such an occasion, also we now do not enable skey handling anymore in
>> such a case.
>>
>> Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com>
>> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
>> Fixes: a7e19ab ("KVM: s390: handle missing storage-key facility")
>> Cc: <stable@vger.kernel.org> # v4.8+
>> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
>> ---
>>  arch/s390/kvm/priv.c | 11 +++++++++--
>>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> Reviewed-by: Cornelia Huck <cohuck@redhat.com>

Thanks!

> 
> This reminds me of something I stumbled upon the other day:
> 
> handle_ri() and handle_gs() (both implemented in priv.c) don't seem to
> have a check for PSTATE, yet they enable ri/gs before retrying the
> instruction. Is that correct?
> 

None of the gs instructions are privileged as far as I know. Same seems
to be true for ri as far as I've scanned the spec.

The privileged parts are the control register and PSW changes which are
handled elsewhere.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [PATCH 4/4] KVM: s390: Fix skey emulation permission check

[Christian Borntraeger]

On 12/05/2017 10:13 AM, Cornelia Huck wrote:
> On Tue,  5 Dec 2017 09:33:21 +0100
> Christian Borntraeger <borntraeger@de.ibm.com> wrote:
> 
>> From: Janosch Frank <frankja@linux.vnet.ibm.com>
>>
>> All skey functions call skey_check_enable at their start, which checks
>> if we are in the PSTATE and injects a privileged operation exception
>> if we are.
>>
>> Unfortunately they continue processing afterwards and perform the
>> operation anyhow as skey_check_enable does not deliver an error if the
>> exception injection was successful.
>>
>> Let's move the PSTATE check into the skey functions and exit them on
>> such an occasion, also we now do not enable skey handling anymore in
>> such a case.
>>
>> Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com>
>> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
>> Fixes: a7e19ab ("KVM: s390: handle missing storage-key facility")
>> Cc: <stable@vger.kernel.org> # v4.8+
>> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
>> ---
>>  arch/s390/kvm/priv.c | 11 +++++++++--
>>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> Reviewed-by: Cornelia Huck <cohuck@redhat.com>
> 
> This reminds me of something I stumbled upon the other day:
> 
> handle_ri() and handle_gs() (both implemented in priv.c) don't seem to
> have a check for PSTATE, yet they enable ri/gs before retrying the
> instruction. Is that correct?

The guarded storage ops (e3 49 and e3 4d) are problem state.
Most of the ri instruction are as well, so problem state can enable RI
interpretion.

We could do some optimization to only enable RI if the
instruction would enable in for the guest (e.g. an inspection of the
control block could leave RI disabled). On the other hand that would
require to implement these instruction in KVM, which I would like
to avoid. Right now we enable RI and re-drive the instruction.

Re: [PATCH 4/4] KVM: s390: Fix skey emulation permission check

[Cornelia Huck]

On Tue, 5 Dec 2017 10:32:03 +0100
Janosch Frank <frankja@linux.vnet.ibm.com> wrote:

> On 05.12.2017 10:13, Cornelia Huck wrote:

> > This reminds me of something I stumbled upon the other day:
> > 
> > handle_ri() and handle_gs() (both implemented in priv.c) don't seem to
> > have a check for PSTATE, yet they enable ri/gs before retrying the
> > instruction. Is that correct?
> >   
> 
> None of the gs instructions are privileged as far as I know. Same seems
> to be true for ri as far as I've scanned the spec.
> 
> The privileged parts are the control register and PSW changes which are
> handled elsewhere.

OK, thanks. I found the z14 PoP, but the ri instructions don't seem to
be documented in there.

Re: [PATCH 4/4] KVM: s390: Fix skey emulation permission check

[Cornelia Huck]

On Tue, 5 Dec 2017 10:39:26 +0100
Christian Borntraeger <borntraeger@de.ibm.com> wrote:

> On 12/05/2017 10:13 AM, Cornelia Huck wrote:

> > This reminds me of something I stumbled upon the other day:
> > 
> > handle_ri() and handle_gs() (both implemented in priv.c) don't seem to
> > have a check for PSTATE, yet they enable ri/gs before retrying the
> > instruction. Is that correct?  
> 
> The guarded storage ops (e3 49 and e3 4d) are problem state.
> Most of the ri instruction are as well, so problem state can enable RI
> interpretion.
> 
> We could do some optimization to only enable RI if the
> instruction would enable in for the guest (e.g. an inspection of the
> control block could leave RI disabled). On the other hand that would
> require to implement these instruction in KVM, which I would like
> to avoid. Right now we enable RI and re-drive the instruction.

It's probably not worth it, I think.

Re: [PATCH 2/4] KVM: s390: Remove redundant license text

[Paul E. McKenney]

On Tue, Dec 05, 2017 at 09:33:19AM +0100, Christian Borntraeger wrote:
> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> 
> Now that the SPDX tag is in all arch/s390/kvm/ files, that identifies
> the license in a specific and legally-defined manner.  So the extra GPL
> text wording can be removed as it is no longer needed at all.
> 
> This is done on a quest to remove the 700+ different ways that files in
> the kernel describe the GPL license text.  And there's unneeded stuff
> like the address (sometimes incorrect) for the FSF which is never
> needed.
> 
> No copyright headers or other non-license-description text was removed.
> 
> Cc: Christian Borntraeger <borntraeger@de.ibm.com>
> Cc: Cornelia Huck <cohuck@redhat.com>
> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
> Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
> Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> Message-Id: <20171124140043.10062-9-gregkh@linuxfoundation.org>
> Acked-by: Cornelia Huck <cohuck@redhat.com>
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>

Acked-by: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>

> ---
>  arch/s390/kvm/Makefile    | 4 ----
>  arch/s390/kvm/diag.c      | 4 ----
>  arch/s390/kvm/gaccess.h   | 4 ----
>  arch/s390/kvm/guestdbg.c  | 4 ----
>  arch/s390/kvm/intercept.c | 4 ----
>  arch/s390/kvm/interrupt.c | 4 ----
>  arch/s390/kvm/irq.h       | 4 ----
>  arch/s390/kvm/kvm-s390.c  | 4 ----
>  arch/s390/kvm/kvm-s390.h  | 4 ----
>  arch/s390/kvm/priv.c      | 4 ----
>  arch/s390/kvm/sigp.c      | 4 ----
>  arch/s390/kvm/vsie.c      | 4 ----
>  12 files changed, 48 deletions(-)
> 
> diff --git a/arch/s390/kvm/Makefile b/arch/s390/kvm/Makefile
> index 2c5a819..05ee90a 100644
> --- a/arch/s390/kvm/Makefile
> +++ b/arch/s390/kvm/Makefile
> @@ -2,10 +2,6 @@
>  # Makefile for kernel virtual machines on s390
>  #
>  # Copyright IBM Corp. 2008
> -#
> -# This program is free software; you can redistribute it and/or modify
> -# it under the terms of the GNU General Public License (version 2 only)
> -# as published by the Free Software Foundation.
> 
>  KVM := ../../../virt/kvm
>  common-objs = $(KVM)/kvm_main.o $(KVM)/eventfd.o  $(KVM)/async_pf.o $(KVM)/irqchip.o $(KVM)/vfio.o
> diff --git a/arch/s390/kvm/diag.c b/arch/s390/kvm/diag.c
> index 481e1fe..89aa114 100644
> --- a/arch/s390/kvm/diag.c
> +++ b/arch/s390/kvm/diag.c
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2008, 2011
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): Carsten Otte <cotte@de.ibm.com>
>   *               Christian Borntraeger <borntraeger@de.ibm.com>
>   */
> diff --git a/arch/s390/kvm/gaccess.h b/arch/s390/kvm/gaccess.h
> index 443b7fa..f4c5175 100644
> --- a/arch/s390/kvm/gaccess.h
> +++ b/arch/s390/kvm/gaccess.h
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2008, 2014
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): Carsten Otte <cotte@de.ibm.com>
>   */
> 
> diff --git a/arch/s390/kvm/guestdbg.c b/arch/s390/kvm/guestdbg.c
> index d6a1bea..b5f3e82 100644
> --- a/arch/s390/kvm/guestdbg.c
> +++ b/arch/s390/kvm/guestdbg.c
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2014
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): David Hildenbrand <dahi@linux.vnet.ibm.com>
>   */
>  #include <linux/kvm_host.h>
> diff --git a/arch/s390/kvm/intercept.c b/arch/s390/kvm/intercept.c
> index fc76a91..9c7d707 100644
> --- a/arch/s390/kvm/intercept.c
> +++ b/arch/s390/kvm/intercept.c
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2008, 2014
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): Carsten Otte <cotte@de.ibm.com>
>   *               Christian Borntraeger <borntraeger@de.ibm.com>
>   */
> diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c
> index f37a34e..024ad8bc 100644
> --- a/arch/s390/kvm/interrupt.c
> +++ b/arch/s390/kvm/interrupt.c
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2008, 2015
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): Carsten Otte <cotte@de.ibm.com>
>   */
> 
> diff --git a/arch/s390/kvm/irq.h b/arch/s390/kvm/irq.h
> index 54a4a59..484608c 100644
> --- a/arch/s390/kvm/irq.h
> +++ b/arch/s390/kvm/irq.h
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2014
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): Cornelia Huck <cornelia.huck@de.ibm.com>
>   */
>  #ifndef __KVM_IRQ_H
> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> index 0d45e32..34375eed 100644
> --- a/arch/s390/kvm/kvm-s390.c
> +++ b/arch/s390/kvm/kvm-s390.c
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2008, 2009
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): Carsten Otte <cotte@de.ibm.com>
>   *               Christian Borntraeger <borntraeger@de.ibm.com>
>   *               Heiko Carstens <heiko.carstens@de.ibm.com>
> diff --git a/arch/s390/kvm/kvm-s390.h b/arch/s390/kvm/kvm-s390.h
> index 9777924..5e46ba4 100644
> --- a/arch/s390/kvm/kvm-s390.h
> +++ b/arch/s390/kvm/kvm-s390.h
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2008, 2009
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): Carsten Otte <cotte@de.ibm.com>
>   *               Christian Borntraeger <borntraeger@de.ibm.com>
>   *               Christian Ehrhardt <ehrhardt@de.ibm.com>
> diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
> index c9d962a..28b69ab 100644
> --- a/arch/s390/kvm/priv.c
> +++ b/arch/s390/kvm/priv.c
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2008, 2013
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): Carsten Otte <cotte@de.ibm.com>
>   *               Christian Borntraeger <borntraeger@de.ibm.com>
>   */
> diff --git a/arch/s390/kvm/sigp.c b/arch/s390/kvm/sigp.c
> index d12ac5d..c1f5cde 100644
> --- a/arch/s390/kvm/sigp.c
> +++ b/arch/s390/kvm/sigp.c
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2008, 2013
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): Carsten Otte <cotte@de.ibm.com>
>   *               Christian Borntraeger <borntraeger@de.ibm.com>
>   *               Christian Ehrhardt <ehrhardt@de.ibm.com>
> diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c
> index d2b7886..5d6ae03 100644
> --- a/arch/s390/kvm/vsie.c
> +++ b/arch/s390/kvm/vsie.c
> @@ -4,10 +4,6 @@
>   *
>   * Copyright IBM Corp. 2016
>   *
> - * This program is free software; you can redistribute it and/or modify
> - * it under the terms of the GNU General Public License (version 2 only)
> - * as published by the Free Software Foundation.
> - *
>   *    Author(s): David Hildenbrand <dahi@linux.vnet.ibm.com>
>   */
>  #include <linux/vmalloc.h>
> -- 
> 2.9.4
> 

Re: [PATCH 4/4] KVM: s390: Fix skey emulation permission check

[David Hildenbrand]

On 05.12.2017 09:33, Christian Borntraeger wrote:
> From: Janosch Frank <frankja@linux.vnet.ibm.com>
> 
> All skey functions call skey_check_enable at their start, which checks
> if we are in the PSTATE and injects a privileged operation exception
> if we are.

Correct thing to do, are we sure we even get an intercept?
(no documentation at hand :( )

> 
> Unfortunately they continue processing afterwards and perform the
> operation anyhow as skey_check_enable does not deliver an error if the
> exception injection was successful.
> 
> Let's move the PSTATE check into the skey functions and exit them on
> such an occasion, also we now do not enable skey handling anymore in
> such a case.
> 
> Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com>
> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
> Fixes: a7e19ab ("KVM: s390: handle missing storage-key facility")
> Cc: <stable@vger.kernel.org> # v4.8+
> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
> ---
>  arch/s390/kvm/priv.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
> index 28b69ab..572496c 100644
> --- a/arch/s390/kvm/priv.c
> +++ b/arch/s390/kvm/priv.c
> @@ -232,8 +232,6 @@ static int try_handle_skey(struct kvm_vcpu *vcpu)
>  		VCPU_EVENT(vcpu, 4, "%s", "retrying storage key operation");
>  		return -EAGAIN;
>  	}
> -	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
> -		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
>  	return 0;
>  }
>  
> @@ -244,6 +242,9 @@ static int handle_iske(struct kvm_vcpu *vcpu)
>  	int reg1, reg2;
>  	int rc;
>  
> +	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
> +		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
> +
>  	rc = try_handle_skey(vcpu);
>  	if (rc)
>  		return rc != -EAGAIN ? rc : 0;
> @@ -273,6 +274,9 @@ static int handle_rrbe(struct kvm_vcpu *vcpu)
>  	int reg1, reg2;
>  	int rc;
>  
> +	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
> +		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
> +
>  	rc = try_handle_skey(vcpu);
>  	if (rc)
>  		return rc != -EAGAIN ? rc : 0;
> @@ -308,6 +312,9 @@ static int handle_sske(struct kvm_vcpu *vcpu)
>  	int reg1, reg2;
>  	int rc;
>  
> +	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
> +		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
> +
>  	rc = try_handle_skey(vcpu);
>  	if (rc)
>  		return rc != -EAGAIN ? rc : 0;
> 


-- 

Thanks,

David / dhildenb

Re: [PATCH 4/4] KVM: s390: Fix skey emulation permission check

[Christian Borntraeger]

On 12/05/2017 05:53 PM, David Hildenbrand wrote:
> On 05.12.2017 09:33, Christian Borntraeger wrote:
>> From: Janosch Frank <frankja@linux.vnet.ibm.com>
>>
>> All skey functions call skey_check_enable at their start, which checks
>> if we are in the PSTATE and injects a privileged operation exception
>> if we are.
> 
> Correct thing to do, are we sure we even get an intercept?
> (no documentation at hand :( )


If we run keyless we certainly get intercepts. The good thing is that
Linux hosts do not use the keys and run with PSW key 0, so this does not
open any protection issue for those. 
If we run with keys enabled, we might also get exits if the host holds
the pgste lock for too long.

[PATCH 4/4] KVM: s390: Fix skey emulation permission check

[Christian Borntraeger]

From: Janosch Frank <frankja@linux.vnet.ibm.com>

All skey functions call skey_check_enable at their start, which checks
if we are in the PSTATE and injects a privileged operation exception
if we are.

Unfortunately they continue processing afterwards and perform the
operation anyhow as skey_check_enable does not deliver an error if the
exception injection was successful.

Let's move the PSTATE check into the skey functions and exit them on
such an occasion, also we now do not enable skey handling anymore in
such a case.

Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Fixes: a7e19ab ("KVM: s390: handle missing storage-key facility")
Cc: <stable@vger.kernel.org> # v4.8+
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 arch/s390/kvm/priv.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c
index 28b69ab..572496c 100644
--- a/arch/s390/kvm/priv.c
+++ b/arch/s390/kvm/priv.c
@@ -232,8 +232,6 @@ static int try_handle_skey(struct kvm_vcpu *vcpu)
 		VCPU_EVENT(vcpu, 4, "%s", "retrying storage key operation");
 		return -EAGAIN;
 	}
-	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
-		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
 	return 0;
 }
 
@@ -244,6 +242,9 @@ static int handle_iske(struct kvm_vcpu *vcpu)
 	int reg1, reg2;
 	int rc;
 
+	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
+		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
+
 	rc = try_handle_skey(vcpu);
 	if (rc)
 		return rc != -EAGAIN ? rc : 0;
@@ -273,6 +274,9 @@ static int handle_rrbe(struct kvm_vcpu *vcpu)
 	int reg1, reg2;
 	int rc;
 
+	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
+		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
+
 	rc = try_handle_skey(vcpu);
 	if (rc)
 		return rc != -EAGAIN ? rc : 0;
@@ -308,6 +312,9 @@ static int handle_sske(struct kvm_vcpu *vcpu)
 	int reg1, reg2;
 	int rc;
 
+	if (vcpu->arch.sie_block->gpsw.mask & PSW_MASK_PSTATE)
+		return kvm_s390_inject_program_int(vcpu, PGM_PRIVILEGED_OP);
+
 	rc = try_handle_skey(vcpu);
 	if (rc)
 		return rc != -EAGAIN ? rc : 0;
-- 
2.9.4