summaryrefslogtreecommitdiffstats
path: root/arch/s390/kvm/sthyi.c
diff options
context:
space:
mode:
authorJanosch Frank <frankja@linux.vnet.ibm.com>2016-05-10 15:03:42 +0200
committerChristian Borntraeger <borntraeger@de.ibm.com>2016-06-10 12:07:12 +0200
commit7d0a5e62411a9223512c6af2e4c08a2d7c00fa2e (patch)
tree1c735ee1c90c691b0246c9bb07811030734d14e4 /arch/s390/kvm/sthyi.c
parentKVM: s390: Add sthyi emulation (diff)
downloadlinux-7d0a5e62411a9223512c6af2e4c08a2d7c00fa2e.tar.xz
linux-7d0a5e62411a9223512c6af2e4c08a2d7c00fa2e.zip
KVM: s390: Limit sthyi execution
Store hypervisor information is a valid instruction not only in supervisor state but also in problem state, i.e. the guest's userspace. Its execution is not only computational and memory intensive, but also has to get hold of the ipte lock to write to the guest's memory. This lock is not intended to be held often and long, especially not from the untrusted guest userspace. Therefore we apply rate limiting of sthyi executions per VM. Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com> Acked-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Diffstat (limited to 'arch/s390/kvm/sthyi.c')
-rw-r--r--arch/s390/kvm/sthyi.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/arch/s390/kvm/sthyi.c b/arch/s390/kvm/sthyi.c
index 894d5626f18d..bd98b7d25200 100644
--- a/arch/s390/kvm/sthyi.c
+++ b/arch/s390/kvm/sthyi.c
@@ -12,6 +12,7 @@
#include <linux/errno.h>
#include <linux/pagemap.h>
#include <linux/vmalloc.h>
+#include <linux/ratelimit.h>
#include <asm/kvm_host.h>
#include <asm/asm-offsets.h>
@@ -403,6 +404,16 @@ int handle_sthyi(struct kvm_vcpu *vcpu)
u64 code, addr, cc = 0;
struct sthyi_sctns *sctns = NULL;
+ /*
+ * STHYI requires extensive locking in the higher hypervisors
+ * and is very computational/memory expensive. Therefore we
+ * ratelimit the executions per VM.
+ */
+ if (!__ratelimit(&vcpu->kvm->arch.sthyi_limit)) {
+ kvm_s390_retry_instr(vcpu);
+ return 0;
+ }
+
kvm_s390_get_regs_rre(vcpu, &reg1, &reg2);
code = vcpu->run->s.regs.gprs[reg1];
addr = vcpu->run->s.regs.gprs[reg2];