KVM: s390: Limit sthyi execution

Store hypervisor information is a valid instruction not only in supervisor state but also in problem state, i.e. the guest's userspace. Its execution is not only computational and memory intensive, but also has to get hold of the ipte lock to write to the guest's memory. This lock is not intended to be held often and long, especially not from the untrusted guest userspace. Therefore we apply rate limiting of sthyi executions per VM. Signed-off-by: Janosch Frank <frankja@linux.vnet.ibm.com> Acked-by: David Hildenbrand <dahi@linux.vnet.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
author: Janosch Frank <frankja@linux.vnet.ibm.com> 2016-05-10 16:03:42 +0300
committer: Christian Borntraeger <borntraeger@de.ibm.com> 2016-06-10 13:07:12 +0300
commit: 7d0a5e62411a9223512c6af2e4c08a2d7c00fa2e (patch)
tree: 1c735ee1c90c691b0246c9bb07811030734d14e4 /arch/s390/kvm/kvm-s390.c
parent: 95ca2cb57985b07f5b136405f80a5106f5b06641 (diff)
download: linux-7d0a5e62411a9223512c6af2e4c08a2d7c00fa2e.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
index 1c10254119b3..44297ff53b44 100644
--- a/arch/s390/kvm/kvm-s390.c
+++ b/arch/s390/kvm/kvm-s390.c
@@ -1151,6 +1151,8 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
 
 	rc = -ENOMEM;
 
+	ratelimit_state_init(&kvm->arch.sthyi_limit, 5 * HZ, 500);
+
 	kvm->arch.use_esca = 0; /* start with basic SCA */
 	rwlock_init(&kvm->arch.sca_lock);
 	kvm->arch.sca = (struct bsca_block *) get_zeroed_page(GFP_KERNEL);
author	Janosch Frank <frankja@linux.vnet.ibm.com>	2016-05-10 16:03:42 +0300
committer	Christian Borntraeger <borntraeger@de.ibm.com>	2016-06-10 13:07:12 +0300
commit	7d0a5e62411a9223512c6af2e4c08a2d7c00fa2e (patch)
tree	1c735ee1c90c691b0246c9bb07811030734d14e4 /arch/s390/kvm/kvm-s390.c
parent	95ca2cb57985b07f5b136405f80a5106f5b06641 (diff)
download	linux-7d0a5e62411a9223512c6af2e4c08a2d7c00fa2e.tar.xz