| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c5d8e633-c0cd-91d4-723b-abf26c01fd6d@linux.ibm.com>
Date: Thu, 10 Feb 2022 10:29:45 +0100
From: Christian Borntraeger <borntraeger@...ux.ibm.com>
To: Janis Schoetterl-Glausch <scgl@...ux.ibm.com>,
Janosch Frank <frankja@...ux.ibm.com>,
Claudio Imbrenda <imbrenda@...ux.ibm.com>
Cc: Alexander Gordeev <agordeev@...ux.ibm.com>,
David Hildenbrand <david@...hat.com>,
Jonathan Corbet <corbet@....net>, kvm@...r.kernel.org,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-s390@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>,
Sven Schnelle <svens@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>
Subject: Re: [PATCH v3 05/10] KVM: s390: Add optional storage key checking to
MEMOP IOCTL
Am 09.02.22 um 18:04 schrieb Janis Schoetterl-Glausch:
> User space needs a mechanism to perform key checked accesses when
> emulating instructions.
>
> The key can be passed as an additional argument.
> Having an additional argument is flexible, as user space can
> pass the guest PSW's key, in order to make an access the same way the
> CPU would, or pass another key if necessary.
>
> Signed-off-by: Janis Schoetterl-Glausch <scgl@...ux.ibm.com>
> Acked-by: Janosch Frank <frankja@...ux.ibm.com>
> Reviewed-by: Claudio Imbrenda <imbrenda@...ux.ibm.com>
Claudio, Janosch, can you confirm that this is still valid?
Reviewed-by: Christian Borntraeger <borntraeger@...ibm.com>
minor thing below
> ---
> arch/s390/kvm/kvm-s390.c | 30 ++++++++++++++++++++----------
> include/uapi/linux/kvm.h | 6 +++++-
> 2 files changed, 25 insertions(+), 11 deletions(-)
>
> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> index cf347e1a4f17..85763ec7bc60 100644
> --- a/arch/s390/kvm/kvm-s390.c
> +++ b/arch/s390/kvm/kvm-s390.c
> @@ -32,6 +32,7 @@
> #include <linux/sched/signal.h>
> #include <linux/string.h>
> #include <linux/pgtable.h>
> +#include <linux/bitfield.h>
do we still need that after the changes?
>
> #include <asm/asm-offsets.h>
> #include <asm/lowcore.h>
> @@ -2359,6 +2360,11 @@ static int kvm_s390_handle_pv(struct kvm *kvm, struct kvm_pv_cmd *cmd)
> return r;
> }
>
> +static bool access_key_invalid(u8 access_key)
> +{
> + return access_key > 0xf;
> +}
> +
> long kvm_arch_vm_ioctl(struct file *filp,
> unsigned int ioctl, unsigned long arg)
> {
> @@ -4690,17 +4696,19 @@ static long kvm_s390_guest_mem_op(struct kvm_vcpu *vcpu,
> void *tmpbuf = NULL;
> int r = 0;
> const u64 supported_flags = KVM_S390_MEMOP_F_INJECT_EXCEPTION
> - | KVM_S390_MEMOP_F_CHECK_ONLY;
> + | KVM_S390_MEMOP_F_CHECK_ONLY
> + | KVM_S390_MEMOP_F_SKEY_PROTECTION;
>
> if (mop->flags & ~supported_flags || mop->ar >= NUM_ACRS || !mop->size)
> return -EINVAL;
> -
> if (mop->size > MEM_OP_MAX_SIZE)
> return -E2BIG;
> -
> if (kvm_s390_pv_cpu_is_protected(vcpu))
> return -EINVAL;
> -
> + if (mop->flags & KVM_S390_MEMOP_F_SKEY_PROTECTION) {
> + if (access_key_invalid(mop->key))
> + return -EINVAL;
> + }
> if (!(mop->flags & KVM_S390_MEMOP_F_CHECK_ONLY)) {
> tmpbuf = vmalloc(mop->size);
> if (!tmpbuf)
> @@ -4710,11 +4718,12 @@ static long kvm_s390_guest_mem_op(struct kvm_vcpu *vcpu,
> switch (mop->op) {
> case KVM_S390_MEMOP_LOGICAL_READ:
> if (mop->flags & KVM_S390_MEMOP_F_CHECK_ONLY) {
> - r = check_gva_range(vcpu, mop->gaddr, mop->ar,
> - mop->size, GACC_FETCH, 0);
> + r = check_gva_range(vcpu, mop->gaddr, mop->ar, mop->size,
> + GACC_FETCH, mop->key);
> break;
> }
> - r = read_guest(vcpu, mop->gaddr, mop->ar, tmpbuf, mop->size);
> + r = read_guest_with_key(vcpu, mop->gaddr, mop->ar, tmpbuf,
> + mop->size, mop->key);
> if (r == 0) {
> if (copy_to_user(uaddr, tmpbuf, mop->size))
> r = -EFAULT;
> @@ -4722,15 +4731,16 @@ static long kvm_s390_guest_mem_op(struct kvm_vcpu *vcpu,
> break;
> case KVM_S390_MEMOP_LOGICAL_WRITE:
> if (mop->flags & KVM_S390_MEMOP_F_CHECK_ONLY) {
> - r = check_gva_range(vcpu, mop->gaddr, mop->ar,
> - mop->size, GACC_STORE, 0);
> + r = check_gva_range(vcpu, mop->gaddr, mop->ar, mop->size,
> + GACC_STORE, mop->key);
> break;
> }
> if (copy_from_user(tmpbuf, uaddr, mop->size)) {
> r = -EFAULT;
> break;
> }
> - r = write_guest(vcpu, mop->gaddr, mop->ar, tmpbuf, mop->size);
> + r = write_guest_with_key(vcpu, mop->gaddr, mop->ar, tmpbuf,
> + mop->size, mop->key);
> break;
> }
>
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index b46bcdb0cab1..44558cf4c52e 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -562,7 +562,10 @@ struct kvm_s390_mem_op {
> __u32 op; /* type of operation */
> __u64 buf; /* buffer in userspace */
> union {
> - __u8 ar; /* the access register number */
> + struct {
> + __u8 ar; /* the access register number */
> + __u8 key; /* access key, ignored if flag unset */
> + };
> __u32 sida_offset; /* offset into the sida */
> __u8 reserved[32]; /* should be set to 0 */
> };
> @@ -575,6 +578,7 @@ struct kvm_s390_mem_op {
> /* flags for kvm_s390_mem_op->flags */
> #define KVM_S390_MEMOP_F_CHECK_ONLY (1ULL << 0)
> #define KVM_S390_MEMOP_F_INJECT_EXCEPTION (1ULL << 1)
> +#define KVM_S390_MEMOP_F_SKEY_PROTECTION (1ULL << 2)
>
> /* for KVM_INTERRUPT */
> struct kvm_interrupt {
Powered by blists - more mailing lists