| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200526061459.GC13247@kernel.org>
Date: Tue, 26 May 2020 09:14:59 +0300
From: Mike Rapoport <rppt@...nel.org>
To: "Kirill A. Shutemov" <kirill@...temov.name>
Cc: Dave Hansen <dave.hansen@...ux.intel.com>,
Andy Lutomirski <luto@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <sean.j.christopherson@...el.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>,
David Rientjes <rientjes@...gle.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Kees Cook <keescook@...omium.org>,
Will Drewry <wad@...omium.org>,
"Edgecombe, Rick P" <rick.p.edgecombe@...el.com>,
"Kleen, Andi" <andi.kleen@...el.com>, x86@...nel.org,
kvm@...r.kernel.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org,
"Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>
Subject: Re: [RFC 06/16] KVM: Use GUP instead of copy_from/to_user() to
access guest memory
On Fri, May 22, 2020 at 03:52:04PM +0300, Kirill A. Shutemov wrote:
> New helpers copy_from_guest()/copy_to_guest() to be used if KVM memory
> protection feature is enabled.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com>
> ---
> include/linux/kvm_host.h | 4 +++
> virt/kvm/kvm_main.c | 78 ++++++++++++++++++++++++++++++++++------
> 2 files changed, 72 insertions(+), 10 deletions(-)
>
> static int __kvm_read_guest_page(struct kvm_memory_slot *slot, gfn_t gfn,
> - void *data, int offset, int len)
> + void *data, int offset, int len,
> + bool protected)
> {
> int r;
> unsigned long addr;
> @@ -2257,7 +2297,10 @@ static int __kvm_read_guest_page(struct kvm_memory_slot *slot, gfn_t gfn,
> addr = gfn_to_hva_memslot_prot(slot, gfn, NULL);
> if (kvm_is_error_hva(addr))
> return -EFAULT;
> - r = __copy_from_user(data, (void __user *)addr + offset, len);
> + if (protected)
> + r = copy_from_guest(data, addr + offset, len);
> + else
> + r = __copy_from_user(data, (void __user *)addr + offset, len);
Maybe always use copy_{from,to}_guest() and move the 'if (protected)'
there?
If kvm is added to memory slot, it cab be the passed to copy_{to,from}_guest.
> if (r)
> return -EFAULT;
> return 0;
> @@ -2268,7 +2311,8 @@ int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset,
> {
> struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
>
> - return __kvm_read_guest_page(slot, gfn, data, offset, len);
> + return __kvm_read_guest_page(slot, gfn, data, offset, len,
> + kvm->mem_protected);
> }
> EXPORT_SYMBOL_GPL(kvm_read_guest_page);
>
> @@ -2277,7 +2321,8 @@ int kvm_vcpu_read_guest_page(struct kvm_vcpu *vcpu, gfn_t gfn, void *data,
> {
> struct kvm_memory_slot *slot = kvm_vcpu_gfn_to_memslot(vcpu, gfn);
>
> - return __kvm_read_guest_page(slot, gfn, data, offset, len);
> + return __kvm_read_guest_page(slot, gfn, data, offset, len,
> + vcpu->kvm->mem_protected);
> }
> EXPORT_SYMBOL_GPL(kvm_vcpu_read_guest_page);
>
--
Sincerely yours,
Mike.
Powered by blists - more mailing lists