| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Jan 2023 19:15:22 +0100
From: Janis Schoetterl-Glausch <scgl@...ux.ibm.com>
To: Janosch Frank <frankja@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Claudio Imbrenda <imbrenda@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Alexander Gordeev <agordeev@...ux.ibm.com>
Cc: David Hildenbrand <david@...hat.com>,
Jonathan Corbet <corbet@....net>, kvm@...r.kernel.org,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-s390@...r.kernel.org,
Paolo Bonzini <pbonzini@...hat.com>,
Shuah Khan <shuah@...nel.org>,
Sven Schnelle <svens@...ux.ibm.com>
Subject: Re: [PATCH v6 12/14] KVM: s390: Extend MEM_OP ioctl by storage key
checked cmpxchg
On Thu, 2023-01-26 at 17:10 +0100, Janosch Frank wrote:
> On 1/25/23 22:26, Janis Schoetterl-Glausch wrote:
> > User space can use the MEM_OP ioctl to make storage key checked reads
> > and writes to the guest, however, it has no way of performing atomic,
> > key checked, accesses to the guest.
> > Extend the MEM_OP ioctl in order to allow for this, by adding a cmpxchg
> > op. For now, support this op for absolute accesses only.
> >
> > This op can be use, for example, to set the device-state-change
>
> s/use/used/
>
> > indicator and the adapter-local-summary indicator atomically.
> >
> > Signed-off-by: Janis Schoetterl-Glausch <scgl@...ux.ibm.com>
> > ---
> [...]
> > +/**
> > + * cmpxchg_guest_abs_with_key() - Perform cmpxchg on guest absolute address.
> > + * @kvm: Virtual machine instance.
> > + * @gpa: Absolute guest address of the location to be changed.
> > + * @len: Operand length of the cmpxchg, required: 1 <= len <= 16. Providing a
> > + * non power of two will result in failure.
> > + * @old_addr: Pointer to old value. If the location at @gpa contains this value,
> > + * the exchange will succeed. After calling cmpxchg_guest_abs_with_key()
> > + * *@..._addr contains the value at @gpa before the attempt to
> > + * exchange the value.
> > + * @new: The value to place at @gpa.
> > + * @access_key: The access key to use for the guest access.
> > + * @success: output value indicating if an exchange occurred.
> > + *
> > + * Atomically exchange the value at @gpa by @new, if it contains *@....
> > + * Honors storage keys.
> > + *
> > + * Return: * 0: successful exchange
> > + * * a program interruption code indicating the reason cmpxchg could
> > + * not be attempted
>
> Nit:
> >0: a program interruption code...
>
>
> > + * * -EINVAL: address misaligned or len not power of two
> > + * * -EAGAIN: transient failure (len 1 or 2)
> > + * * -EOPNOTSUPP: read-only memslot (should never occur)
> > + */
> > +int cmpxchg_guest_abs_with_key(struct kvm *kvm, gpa_t gpa, int len,
> > + __uint128_t *old_addr, __uint128_t new,
> > + u8 access_key, bool *success)
> > +{
> > + gfn_t gfn = gpa >> PAGE_SHIFT;
>
> gpa_to_gfn()?
Yes.
>
> > + struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn);
> > + bool writable;
> > + hva_t hva;
> > + int ret;
> > +
> > + if (!IS_ALIGNED(gpa, len))
> > + return -EINVAL;
> > +
> > + hva = gfn_to_hva_memslot_prot(slot, gfn, &writable);
> > + if (kvm_is_error_hva(hva))
> > + return PGM_ADDRESSING;
> > + /*
> > + * Check if it's a read-only memslot, even though that cannot occur
> > + * since those are unsupported.
> > + * Don't try to actually handle that case.
> > + */
> > + if (!writable)
> > + return -EOPNOTSUPP;
> > +
> > + hva += offset_in_page(gpa);
>
> Hmm if we don't use a macro to generate these then I'd add an explanation:
>
> cmpxchg_user_key() is a macro that is dependent on the type of "old" so
> there's no deduplication possible without further macros.
Can do.
Btw. I could move the other two statements out of the switch by using a union of old values,
memcmp and memcpy, but I think that would be less readable.
>
> > + switch (len) {
> > + case 1: {
> > + u8 old;
> > +
> > + ret = cmpxchg_user_key((u8 *)hva, &old, *old_addr, new, access_key);
> > + *success = !ret && old == *old_addr;
> > + *old_addr = old;
> > + break;
> > + }
> > + case 2: {
> > + u16 old;
> > +
> > + ret = cmpxchg_user_key((u16 *)hva, &old, *old_addr, new, access_key);
> > + *success = !ret && old == *old_addr;
> > + *old_addr = old;
> > + break;
> > + }
> > + case 4: {
> > + u32 old;
> > +
> > + ret = cmpxchg_user_key((u32 *)hva, &old, *old_addr, new, access_key);
> > + *success = !ret && old == *old_addr;
> > + *old_addr = old;
> > + break;
> > + }
> > + case 8: {
> > + u64 old;
> > +
> > + ret = cmpxchg_user_key((u64 *)hva, &old, *old_addr, new, access_key);
> > + *success = !ret && old == *old_addr;
> > + *old_addr = old;
> > + break;
> > + }
> > + case 16: {
> > + __uint128_t old;
> > +
> > + ret = cmpxchg_user_key((__uint128_t *)hva, &old, *old_addr, new, access_key);
> > + *success = !ret && old == *old_addr;
> > + *old_addr = old;
> > + break;
> > + }
> > + default:
> > + return -EINVAL;
> > + }
> > + mark_page_dirty_in_slot(kvm, slot, gfn);
>
> Is that needed if we failed the store?
Indeed it isn't.
[...]
Powered by blists - more mailing lists