lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20211013155831.943476-15-qperret@google.com>
Date:   Wed, 13 Oct 2021 16:58:29 +0100
From:   Quentin Perret <qperret@...gle.com>
To:     Marc Zyngier <maz@...nel.org>, James Morse <james.morse@....com>,
        Alexandru Elisei <alexandru.elisei@....com>,
        Suzuki K Poulose <suzuki.poulose@....com>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will@...nel.org>, Fuad Tabba <tabba@...gle.com>,
        David Brazdil <dbrazdil@...gle.com>
Cc:     linux-arm-kernel@...ts.infradead.org, kvmarm@...ts.cs.columbia.edu,
        linux-kernel@...r.kernel.org, kernel-team@...roid.com
Subject: [PATCH 14/16] KVM: arm64: Refcount shared pages at EL2

We currently allow double sharing of pages from the hypervisor to the
host, but don't track how many times each page is shared. In order to
prepare the introduction of an unshare operation in the hypervisor,
refcount the physical pages which the host shares more than once.

Signed-off-by: Quentin Perret <qperret@...gle.com>
---
 arch/arm64/kvm/hyp/nvhe/mem_protect.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/kvm/hyp/nvhe/mem_protect.c b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
index 3378117d010c..cad76bc68e53 100644
--- a/arch/arm64/kvm/hyp/nvhe/mem_protect.c
+++ b/arch/arm64/kvm/hyp/nvhe/mem_protect.c
@@ -560,6 +560,9 @@ static int hyp_check_incoming_share(struct pkvm_page_req *req,
 	if (ack->completer.prot != prot)
 		return -EPERM;
 
+	if (WARN_ON(!hyp_phys_to_page(req->phys)->refcount))
+		return -EINVAL;
+
 	return 0;
 }
 
@@ -619,13 +622,22 @@ static int hyp_complete_share(struct pkvm_page_req *req,
 			      enum kvm_pgtable_prot perms)
 {
 	void *start = (void *)req->completer.addr, *end = start + PAGE_SIZE;
+	struct hyp_page *page = hyp_phys_to_page(req->phys);
 	enum kvm_pgtable_prot prot;
+	int ret = 0;
 
-	if (req->initiator.state == PKVM_PAGE_SHARED_OWNED)
+	if (req->initiator.state == PKVM_PAGE_SHARED_OWNED) {
+		hyp_page_ref_inc(page);
 		return 0;
+	}
 
 	prot = pkvm_mkstate(perms, PKVM_PAGE_SHARED_BORROWED);
-	return pkvm_create_mappings_locked(start, end, prot);
+	ret = pkvm_create_mappings_locked(start, end, prot);
+
+	if (!ret)
+		hyp_set_page_refcounted(page);
+
+	return ret;
 }
 
 /* Update the completer's page-table for the page-sharing request */
-- 
2.33.0.882.g93a45727a2-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ