On Fri Aug 23, 2024 at 9:59 AM CEST, Janosch Frank wrote: > On 8/19/24 6:00 PM, Christoph Schlameuss wrote: > > On Fri Aug 16, 2024 at 4:36 PM CEST, Janosch Frank wrote: > >> On 8/15/24 5:45 PM, Christoph Schlameuss wrote: > [...] > >>> +TEST_F(uc_kvm, uc_skey) > >>> +{ > >>> + u64 test_vaddr = self->base_gpa + VM_MEM_SIZE - (SZ_1M / 2); > >>> + struct kvm_sync_regs *sync_regs = &self->run->s.regs; > >>> + struct kvm_run *run = self->run; > >>> + u8 skeyvalue = 0x34; > >>> + > >>> + /* copy test_skey_asm to code_hva / code_gpa */ > >>> + TH_LOG("copy code %p to vm mapped memory %p / %p", > >>> + &test_skey_asm, (void *)self->code_hva, (void *)self->code_gpa); > >>> + memcpy((void *)self->code_hva, &test_skey_asm, PAGE_SIZE); > >>> + > >>> + /* set register content for test_skey_asm to access not mapped memory */ > >>> + sync_regs->gprs[1] = skeyvalue; > >>> + sync_regs->gprs[5] = self->base_gpa; > >>> + sync_regs->gprs[6] = test_vaddr; > >>> + run->kvm_dirty_regs |= KVM_SYNC_GPRS; > >>> + > >>> + self->sie_block->ictl |= ICTL_OPEREXC | ICTL_PINT; > >>> + self->sie_block->cpuflags &= ~CPUSTAT_KSS; > >> > >> So you don't want KVM to initialize skeys? > >> Or am I missing a ucontrol skey interaction? > >> > >> What about the ICTLs if KSS is not available on the machine? > > > > This is explicitly disabling KSS, not enabling it. > > Doing that explicitly might not strictly be necessary but I thought this > > does > > provide some clarity about the state. > > > > The 3 skey ICTLs and KSS are used by KVM to get an intercept on the > first skey instruction that the guest issues. KVM uses that intercept to > initialize the keys and setup skey handling since it's an edge case > because Linux doesn't use skeys. > > If KSS is available KVM will not set the skey ICTLs but KSS is a > "recent" addition (my guess would be ~z13). So if you want to disable > skey intercepts regardless of the machine you need to clear all 4 bits. > > Are you sure that disabling KSS makes sense and does what you think it does?
I did revisit the normal skey initialization. It is as you say triggered by the first KSS intercept. But this is where it actually differs in uncontrol VMs. kvm_handle_sie_intercept() would normally call kvm_s390_skey_check_enable(). But in the ucontrol case it exists early and sets KVM_EXIT_S390_SIEIC with the KSS intercept code. So I think the best coverage we can produce here is to mimic that within the tests userspace code. I will restore the KSS interception and handle it in the next patch version.