From patchwork Fri Dec 18 14:18:08 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Claudio Imbrenda X-Patchwork-Id: 345943 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CC425C2BBD4 for ; Fri, 18 Dec 2020 14:19:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A715223AC8 for ; Fri, 18 Dec 2020 14:19:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727320AbgLROTA (ORCPT ); Fri, 18 Dec 2020 09:19:00 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:35302 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725883AbgLROS7 (ORCPT ); Fri, 18 Dec 2020 09:18:59 -0500 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0BIECwCW154079; Fri, 18 Dec 2020 09:18:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=aKpVq/XXmlbmksUUEQfZRzUNkWSdVwgJWNs4QCIYb+g=; b=nI5N54pkILIUWO0+CSWtEeTDjgUtNWAWt/0npRSu/Oq56JHn6NyyScdNGCMnm3/P+SdQ /Em0YSOo5llQa5hbwE8aLyfQQgqV2OLcpoReFj7WtpwdJW/IKW/u50ubagIIpUUEH6Q2 DlPmc/RICla61G0tgPHa4l/fhwSMtiFaUx/lLupebOP6ihALdqkkQeV4Ln4VQsPkmsBr JZPEg6YuKSn3MqE0BU0KSpFfg1+FfqQFFEx+/jQWHECb8cgnF+J9y2B3CepmAZwSpZhL +1oYVi2qYdbxitll5VaF+SdgDWD0oaluE2g8mMKaB2Ci8hFZDX117zEQ/v4wg1W1lms0 Bg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 35gx01850p-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Dec 2020 09:18:17 -0500 Received: from m0098413.ppops.net (m0098413.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0BIEDn4F155745; Fri, 18 Dec 2020 09:18:17 -0500 Received: from ppma02fra.de.ibm.com (47.49.7a9f.ip4.static.sl-reverse.com [159.122.73.71]) by mx0b-001b2d01.pphosted.com with ESMTP id 35gx018501-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Dec 2020 09:18:17 -0500 Received: from pps.filterd (ppma02fra.de.ibm.com [127.0.0.1]) by ppma02fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0BIEIFSh012363; Fri, 18 Dec 2020 14:18:15 GMT Received: from b06cxnps3074.portsmouth.uk.ibm.com (d06relay09.portsmouth.uk.ibm.com [9.149.109.194]) by ppma02fra.de.ibm.com with ESMTP id 35cng889na-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Dec 2020 14:18:15 +0000 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0BIEICcK37224838 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Dec 2020 14:18:12 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A298DA405B; Fri, 18 Dec 2020 14:18:12 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 453EDA4064; Fri, 18 Dec 2020 14:18:12 +0000 (GMT) Received: from ibm-vm.ibmuc.com (unknown [9.145.12.102]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 18 Dec 2020 14:18:12 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: borntraeger@de.ibm.com, frankja@linux.ibm.com, david@redhat.com, kvm@vger.kernel.org, linux-s390@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH v1 1/4] s390/kvm: VSIE: stop leaking host addresses Date: Fri, 18 Dec 2020 15:18:08 +0100 Message-Id: <20201218141811.310267-2-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201218141811.310267-1-imbrenda@linux.ibm.com> References: <20201218141811.310267-1-imbrenda@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-18_09:2020-12-18,2020-12-18 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 priorityscore=1501 phishscore=0 spamscore=0 mlxlogscore=999 impostorscore=0 malwarescore=0 adultscore=0 clxscore=1011 mlxscore=0 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012180095 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org The addresses in the SIE control block of the host should not be forwarded to the guest. They are only meaningful to the host, and moreover it would be a clear security issue. Subsequent patches will actually put the right values in the guest SIE control block. Fixes: a3508fbe9dc6d ("KVM: s390: vsie: initial support for nested virtualization") Cc: stable@vger.kernel.org Signed-off-by: Claudio Imbrenda --- arch/s390/kvm/vsie.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/arch/s390/kvm/vsie.c b/arch/s390/kvm/vsie.c index 4f3cbf6003a9..ada49583e530 100644 --- a/arch/s390/kvm/vsie.c +++ b/arch/s390/kvm/vsie.c @@ -416,11 +416,6 @@ static void unshadow_scb(struct kvm_vcpu *vcpu, struct vsie_page *vsie_page) memcpy((void *)((u64)scb_o + 0xc0), (void *)((u64)scb_s + 0xc0), 0xf0 - 0xc0); break; - case ICPT_PARTEXEC: - /* MVPG only */ - memcpy((void *)((u64)scb_o + 0xc0), - (void *)((u64)scb_s + 0xc0), 0xd0 - 0xc0); - break; } if (scb_s->ihcpu != 0xffffU) From patchwork Fri Dec 18 14:18:09 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Claudio Imbrenda X-Patchwork-Id: 345944 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-16.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AC4EC3526D for ; Fri, 18 Dec 2020 14:19:18 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 0952B23ACA for ; Fri, 18 Dec 2020 14:19:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727403AbgLROTC (ORCPT ); Fri, 18 Dec 2020 09:19:02 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:5082 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725911AbgLROTA (ORCPT ); Fri, 18 Dec 2020 09:19:00 -0500 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 0BIE2xYK063507; Fri, 18 Dec 2020 09:18:18 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=pp1; bh=THKVBcdGhN1X/toN+0kOB7VjP8oEr99mpBGOO2BGxNU=; b=SUR3pHHwMRsxRvzmliOhvCAL/IVoF7ahriolPt9egrMHxx5rOk6l+qs2rIv/aTGLHxuJ DPntxLzcQ5JzyWsyDUnH1p1WH33NSkV9J6Km7hAcBa2Qpsj2Sljm6WGF2nEF+AGpD1gF 67crGqZmHpy2I9eVw++MZlv3a8rTt9laX6VuG3T0SK/JOmqpidh5y5KAcK5D/8PwyfIV IBvp0qzq5LVdXFcMPXiCy4LA+0rRFM+Cvf+F56HFgGS+s3SkKxi+oTboZFyStdRx35MU qpbQbPl5lMkFWcAKuOpv9XdBhVVCJMqPSqovGqJ6/ziyj5nlOABdNrFC0l0iIQt8T3k4 yg== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com with ESMTP id 35gwk7h2bh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Dec 2020 09:18:18 -0500 Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.16.0.36/8.16.0.36) with SMTP id 0BIE57Do076147; Fri, 18 Dec 2020 09:18:18 -0500 Received: from ppma04fra.de.ibm.com (6a.4a.5195.ip4.static.sl-reverse.com [149.81.74.106]) by mx0b-001b2d01.pphosted.com with ESMTP id 35gwk7h2aw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Dec 2020 09:18:18 -0500 Received: from pps.filterd (ppma04fra.de.ibm.com [127.0.0.1]) by ppma04fra.de.ibm.com (8.16.0.42/8.16.0.42) with SMTP id 0BIEGle6015069; Fri, 18 Dec 2020 14:18:16 GMT Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by ppma04fra.de.ibm.com with ESMTP id 35cng8bbw4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 18 Dec 2020 14:18:16 +0000 Received: from b06wcsmtp001.portsmouth.uk.ibm.com (b06wcsmtp001.portsmouth.uk.ibm.com [9.149.105.160]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 0BIEIDU850987518 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 18 Dec 2020 14:18:13 GMT Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1E22BA4062; Fri, 18 Dec 2020 14:18:13 +0000 (GMT) Received: from b06wcsmtp001.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B40FCA4060; Fri, 18 Dec 2020 14:18:12 +0000 (GMT) Received: from ibm-vm.ibmuc.com (unknown [9.145.12.102]) by b06wcsmtp001.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 18 Dec 2020 14:18:12 +0000 (GMT) From: Claudio Imbrenda To: linux-kernel@vger.kernel.org Cc: borntraeger@de.ibm.com, frankja@linux.ibm.com, david@redhat.com, kvm@vger.kernel.org, linux-s390@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH v1 2/4] s390/kvm: extend guest_translate for MVPG interpretation Date: Fri, 18 Dec 2020 15:18:09 +0100 Message-Id: <20201218141811.310267-3-imbrenda@linux.ibm.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20201218141811.310267-1-imbrenda@linux.ibm.com> References: <20201218141811.310267-1-imbrenda@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.343, 18.0.737 definitions=2020-12-18_09:2020-12-18,2020-12-18 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 lowpriorityscore=0 adultscore=0 spamscore=0 malwarescore=0 bulkscore=0 mlxscore=0 phishscore=0 mlxlogscore=999 clxscore=1015 priorityscore=1501 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2012180095 Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org Extend guest_translate to optionally return the address of the guest DAT table which caused the exception, and change the return value to int. Also return the appropriate values in the low order bits of the address indicating protection or EDAT. Cc: stable@vger.kernel.org Signed-off-by: Claudio Imbrenda --- arch/s390/kvm/gaccess.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/arch/s390/kvm/gaccess.c b/arch/s390/kvm/gaccess.c index 6d6b57059493..8e256a233583 100644 --- a/arch/s390/kvm/gaccess.c +++ b/arch/s390/kvm/gaccess.c @@ -598,6 +598,10 @@ static int deref_table(struct kvm *kvm, unsigned long gpa, unsigned long *val) * @asce: effective asce * @mode: indicates the access mode to be used * @prot: returns the type for protection exceptions + * @entryptr: returns the physical address of the last DAT table entry + * processed, additionally setting a few flags in the lower bits + * to indicate whether a translation exception or a protection + * exception were encountered during the address translation. * * Translate a guest virtual address into a guest absolute address by means * of dynamic address translation as specified by the architecture. @@ -611,9 +615,10 @@ static int deref_table(struct kvm *kvm, unsigned long gpa, unsigned long *val) * the returned value is the program interruption code as defined * by the architecture */ -static unsigned long guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, - unsigned long *gpa, const union asce asce, - enum gacc_mode mode, enum prot_type *prot) +static int guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, + unsigned long *gpa, const union asce asce, + enum gacc_mode mode, enum prot_type *prot, + unsigned long *entryptr) { union vaddress vaddr = {.addr = gva}; union raddress raddr = {.addr = gva}; @@ -628,6 +633,8 @@ static unsigned long guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, edat1 = ctlreg0.edat && test_kvm_facility(vcpu->kvm, 8); edat2 = edat1 && test_kvm_facility(vcpu->kvm, 78); iep = ctlreg0.iep && test_kvm_facility(vcpu->kvm, 130); + if (entryptr) + *entryptr = 0; if (asce.r) goto real_address; ptr = asce.origin * PAGE_SIZE; @@ -667,6 +674,8 @@ static unsigned long guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, return PGM_ADDRESSING; if (deref_table(vcpu->kvm, ptr, &rfte.val)) return -EFAULT; + if (entryptr) + *entryptr = ptr; if (rfte.i) return PGM_REGION_FIRST_TRANS; if (rfte.tt != TABLE_TYPE_REGION1) @@ -685,6 +694,8 @@ static unsigned long guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, return PGM_ADDRESSING; if (deref_table(vcpu->kvm, ptr, &rste.val)) return -EFAULT; + if (entryptr) + *entryptr = ptr; if (rste.i) return PGM_REGION_SECOND_TRANS; if (rste.tt != TABLE_TYPE_REGION2) @@ -703,6 +714,8 @@ static unsigned long guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, return PGM_ADDRESSING; if (deref_table(vcpu->kvm, ptr, &rtte.val)) return -EFAULT; + if (entryptr) + *entryptr = ptr; if (rtte.i) return PGM_REGION_THIRD_TRANS; if (rtte.tt != TABLE_TYPE_REGION3) @@ -713,6 +726,8 @@ static unsigned long guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, dat_protection |= rtte.fc1.p; iep_protection = rtte.fc1.iep; raddr.rfaa = rtte.fc1.rfaa; + if (entryptr) + *entryptr |= dat_protection ? 6 : 4; goto absolute_address; } if (vaddr.sx01 < rtte.fc0.tf) @@ -731,6 +746,8 @@ static unsigned long guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, return PGM_ADDRESSING; if (deref_table(vcpu->kvm, ptr, &ste.val)) return -EFAULT; + if (entryptr) + *entryptr = ptr; if (ste.i) return PGM_SEGMENT_TRANSLATION; if (ste.tt != TABLE_TYPE_SEGMENT) @@ -741,6 +758,8 @@ static unsigned long guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, dat_protection |= ste.fc1.p; iep_protection = ste.fc1.iep; raddr.sfaa = ste.fc1.sfaa; + if (entryptr) + *entryptr |= dat_protection ? 6 : 4; goto absolute_address; } dat_protection |= ste.fc0.p; @@ -751,10 +770,14 @@ static unsigned long guest_translate(struct kvm_vcpu *vcpu, unsigned long gva, return PGM_ADDRESSING; if (deref_table(vcpu->kvm, ptr, &pte.val)) return -EFAULT; + if (entryptr) + *entryptr = ptr; if (pte.i) return PGM_PAGE_TRANSLATION; if (pte.z) return PGM_TRANSLATION_SPEC; + if (entryptr && dat_protection) + *entryptr |= 2; dat_protection |= pte.p; iep_protection = pte.iep; raddr.pfra = pte.pfra; @@ -810,7 +833,7 @@ static int guest_page_range(struct kvm_vcpu *vcpu, unsigned long ga, u8 ar, PROT_TYPE_LA); ga &= PAGE_MASK; if (psw_bits(*psw).dat) { - rc = guest_translate(vcpu, ga, pages, asce, mode, &prot); + rc = guest_translate(vcpu, ga, pages, asce, mode, &prot, NULL); if (rc < 0) return rc; } else { @@ -920,7 +943,7 @@ int guest_translate_address(struct kvm_vcpu *vcpu, unsigned long gva, u8 ar, } if (psw_bits(*psw).dat && !asce.r) { /* Use DAT? */ - rc = guest_translate(vcpu, gva, gpa, asce, mode, &prot); + rc = guest_translate(vcpu, gva, gpa, asce, mode, &prot, NULL); if (rc > 0) return trans_exc(vcpu, rc, gva, 0, mode, prot); } else {