lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <096cf759-5859-f073-2641-3c8527210045@linux.ibm.com>
Date:   Thu, 13 Jan 2022 11:38:34 +0100
From:   Janosch Frank <frankja@...ux.ibm.com>
To:     Claudio Imbrenda <imbrenda@...ux.ibm.com>, kvm@...r.kernel.org
Cc:     cohuck@...hat.com, borntraeger@...ibm.com, thuth@...hat.com,
        pasic@...ux.ibm.com, david@...hat.com, linux-s390@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v6 11/17] s390/mm: KVM: pv: when tearing down, try to
 destroy protected pages

On 12/3/21 17:58, Claudio Imbrenda wrote:
> When ptep_get_and_clear_full is called for a mm teardown, we will now
> attempt to destroy the secure pages. This will be faster than export.
> 
> In case it was not a teardown, or if for some reason the destroy page
> UVC failed, we try with an export page, like before.
> 
> Signed-off-by: Claudio Imbrenda <imbrenda@...ux.ibm.com>

Acked-by: Janosch Frank <frankja@...ux.ibm.com>

> ---
>   arch/s390/include/asm/pgtable.h | 9 +++++++--
>   1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h
> index 23ca0d8e058a..c008b354573e 100644
> --- a/arch/s390/include/asm/pgtable.h
> +++ b/arch/s390/include/asm/pgtable.h
> @@ -1118,9 +1118,14 @@ static inline pte_t ptep_get_and_clear_full(struct mm_struct *mm,
>   	} else {
>   		res = ptep_xchg_lazy(mm, addr, ptep, __pte(_PAGE_INVALID));
>   	}
> +	/* Nothing to do */
> +	if (!mm_is_protected(mm) || !pte_present(res))
> +		return res;
>   	/* At this point the reference through the mapping is still present */
> -	if (mm_is_protected(mm) && pte_present(res))
> -		uv_convert_owned_from_secure(pte_val(res) & PAGE_MASK);

Add comment:
The notifier should have tried to destroy the cpus which allows us to 
destroy pages. So here we'll try to destroy the pages but if that fails 
we fall back to a normal but slower export.

> +	if (full && !uv_destroy_owned_page(pte_val(res) & PAGE_MASK))
> +		return res;
> +	/* If could not destroy, we try export */
> +	uv_convert_owned_from_secure(pte_val(res) & PAGE_MASK);
>   	return res;
>   }
>   
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ