lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <f0f6c83f7d38a24234203849e116516ab7ac32f7.camel@linux.ibm.com> Date: Fri, 27 Jan 2023 19:15:22 +0100 From: Janis Schoetterl-Glausch <scgl@...ux.ibm.com> To: Janosch Frank <frankja@...ux.ibm.com>, Christian Borntraeger <borntraeger@...ux.ibm.com>, Claudio Imbrenda <imbrenda@...ux.ibm.com>, Heiko Carstens <hca@...ux.ibm.com>, Vasily Gorbik <gor@...ux.ibm.com>, Alexander Gordeev <agordeev@...ux.ibm.com> Cc: David Hildenbrand <david@...hat.com>, Jonathan Corbet <corbet@....net>, kvm@...r.kernel.org, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org, linux-s390@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>, Shuah Khan <shuah@...nel.org>, Sven Schnelle <svens@...ux.ibm.com> Subject: Re: [PATCH v6 12/14] KVM: s390: Extend MEM_OP ioctl by storage key checked cmpxchg On Thu, 2023-01-26 at 17:10 +0100, Janosch Frank wrote: > On 1/25/23 22:26, Janis Schoetterl-Glausch wrote: > > User space can use the MEM_OP ioctl to make storage key checked reads > > and writes to the guest, however, it has no way of performing atomic, > > key checked, accesses to the guest. > > Extend the MEM_OP ioctl in order to allow for this, by adding a cmpxchg > > op. For now, support this op for absolute accesses only. > > > > This op can be use, for example, to set the device-state-change > > s/use/used/ > > > indicator and the adapter-local-summary indicator atomically. > > > > Signed-off-by: Janis Schoetterl-Glausch <scgl@...ux.ibm.com> > > --- > [...] > > +/** > > + * cmpxchg_guest_abs_with_key() - Perform cmpxchg on guest absolute address. > > + * @kvm: Virtual machine instance. > > + * @gpa: Absolute guest address of the location to be changed. > > + * @len: Operand length of the cmpxchg, required: 1 <= len <= 16. Providing a > > + * non power of two will result in failure. > > + * @old_addr: Pointer to old value. If the location at @gpa contains this value, > > + * the exchange will succeed. After calling cmpxchg_guest_abs_with_key() > > + * *@..._addr contains the value at @gpa before the attempt to > > + * exchange the value. > > + * @new: The value to place at @gpa. > > + * @access_key: The access key to use for the guest access. > > + * @success: output value indicating if an exchange occurred. > > + * > > + * Atomically exchange the value at @gpa by @new, if it contains *@.... > > + * Honors storage keys. > > + * > > + * Return: * 0: successful exchange > > + * * a program interruption code indicating the reason cmpxchg could > > + * not be attempted > > Nit: > >0: a program interruption code... > > > > + * * -EINVAL: address misaligned or len not power of two > > + * * -EAGAIN: transient failure (len 1 or 2) > > + * * -EOPNOTSUPP: read-only memslot (should never occur) > > + */ > > +int cmpxchg_guest_abs_with_key(struct kvm *kvm, gpa_t gpa, int len, > > + __uint128_t *old_addr, __uint128_t new, > > + u8 access_key, bool *success) > > +{ > > + gfn_t gfn = gpa >> PAGE_SHIFT; > > gpa_to_gfn()? Yes. > > > + struct kvm_memory_slot *slot = gfn_to_memslot(kvm, gfn); > > + bool writable; > > + hva_t hva; > > + int ret; > > + > > + if (!IS_ALIGNED(gpa, len)) > > + return -EINVAL; > > + > > + hva = gfn_to_hva_memslot_prot(slot, gfn, &writable); > > + if (kvm_is_error_hva(hva)) > > + return PGM_ADDRESSING; > > + /* > > + * Check if it's a read-only memslot, even though that cannot occur > > + * since those are unsupported. > > + * Don't try to actually handle that case. > > + */ > > + if (!writable) > > + return -EOPNOTSUPP; > > + > > + hva += offset_in_page(gpa); > > Hmm if we don't use a macro to generate these then I'd add an explanation: > > cmpxchg_user_key() is a macro that is dependent on the type of "old" so > there's no deduplication possible without further macros. Can do. Btw. I could move the other two statements out of the switch by using a union of old values, memcmp and memcpy, but I think that would be less readable. > > > + switch (len) { > > + case 1: { > > + u8 old; > > + > > + ret = cmpxchg_user_key((u8 *)hva, &old, *old_addr, new, access_key); > > + *success = !ret && old == *old_addr; > > + *old_addr = old; > > + break; > > + } > > + case 2: { > > + u16 old; > > + > > + ret = cmpxchg_user_key((u16 *)hva, &old, *old_addr, new, access_key); > > + *success = !ret && old == *old_addr; > > + *old_addr = old; > > + break; > > + } > > + case 4: { > > + u32 old; > > + > > + ret = cmpxchg_user_key((u32 *)hva, &old, *old_addr, new, access_key); > > + *success = !ret && old == *old_addr; > > + *old_addr = old; > > + break; > > + } > > + case 8: { > > + u64 old; > > + > > + ret = cmpxchg_user_key((u64 *)hva, &old, *old_addr, new, access_key); > > + *success = !ret && old == *old_addr; > > + *old_addr = old; > > + break; > > + } > > + case 16: { > > + __uint128_t old; > > + > > + ret = cmpxchg_user_key((__uint128_t *)hva, &old, *old_addr, new, access_key); > > + *success = !ret && old == *old_addr; > > + *old_addr = old; > > + break; > > + } > > + default: > > + return -EINVAL; > > + } > > + mark_page_dirty_in_slot(kvm, slot, gfn); > > Is that needed if we failed the store? Indeed it isn't. [...]
Powered by blists - more mailing lists