KVM: s390: protvirt: disallow one_reg

A lot of the registers are controlled by the Ultravisor and never visible to KVM. Some fields in the sie control block are overlayed, like gbea. As no known userspace uses the ONE_REG interface on s390 if sync regs are available, no functionality is lost if it is disabled for protected guests. Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com> [borntraeger@de.ibm.com: patch merging, splitting, fixing] Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
author: Janosch Frank <frankja@linux.ibm.com> 2019-06-14 13:11:21 +0200
committer: Christian Borntraeger <borntraeger@de.ibm.com> 2020-02-27 19:47:12 +0100
commit: 68cf7b1f137e61cea71925e48bc0c6d7bcfc637c (patch)
tree: 0dd130452d7ad3ba036c260e56981cc4d61416d7
parent: KVM: s390: protvirt: STSI handling (diff)
download: linux-68cf7b1f137e61cea71925e48bc0c6d7bcfc637c.tar.gz
linux-68cf7b1f137e61cea71925e48bc0c6d7bcfc637c.tar.bz2
linux-68cf7b1f137e61cea71925e48bc0c6d7bcfc637c.zip
2 files changed, 7 insertions, 2 deletions
diff --git a/Documentation/virt/kvm/api.rst b/Documentation/virt/kvm/api.rst
index 97a72a53fa4b..7505d7a6c0d8 100644
--- a/Documentation/virt/kvm/api.rst
+++ b/Documentation/virt/kvm/api.rst
@@ -2117,7 +2117,8 @@ Errors:
 
   ======   ============================================================
   ENOENT   no such register
-  EINVAL   invalid register ID, or no such register
+  EINVAL   invalid register ID, or no such register or used with VMs in
+           protected virtualization mode on s390
   EPERM    (arm64) register access not allowed before vcpu finalization
   ======   ============================================================
 
@@ -2552,7 +2553,8 @@ Errors include:
 
   ======== ============================================================
   ENOENT   no such register
-  EINVAL   invalid register ID, or no such register
+  EINVAL   invalid register ID, or no such register or used with VMs in
+           protected virtualization mode on s390
   EPERM    (arm64) register access not allowed before vcpu finalization
   ======== ============================================================
 
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index efbbcd2948a3..797b4031ed4d 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -4674,6 +4674,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp,
 	case KVM_SET_ONE_REG:
 	case KVM_GET_ONE_REG: {
 		struct kvm_one_reg reg;
+		r = -EINVAL;
+		if (kvm_s390_pv_cpu_is_protected(vcpu))
+			break;
 		r = -EFAULT;
 		if (copy_from_user(&reg, argp, sizeof(reg)))
 			break;
author	Janosch Frank <frankja@linux.ibm.com>	2019-06-14 13:11:21 +0200
committer	Christian Borntraeger <borntraeger@de.ibm.com>	2020-02-27 19:47:12 +0100
commit	68cf7b1f137e61cea71925e48bc0c6d7bcfc637c (patch)
tree	0dd130452d7ad3ba036c260e56981cc4d61416d7
parent	KVM: s390: protvirt: STSI handling (diff)
download	linux-68cf7b1f137e61cea71925e48bc0c6d7bcfc637c.tar.gz linux-68cf7b1f137e61cea71925e48bc0c6d7bcfc637c.tar.bz2 linux-68cf7b1f137e61cea71925e48bc0c6d7bcfc637c.zip