| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Feb 2023 14:03:32 +0100
From: Janosch Frank <frankja@...ux.ibm.com>
To: Janis Schoetterl-Glausch <scgl@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Claudio Imbrenda <imbrenda@...ux.ibm.com>,
Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Alexander Gordeev <agordeev@...ux.ibm.com>
Cc: David Hildenbrand <david@...hat.com>,
Jonathan Corbet <corbet@....net>, kvm@...r.kernel.org,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-s390@...r.kernel.org,
Paolo Bonzini <pbonzini@...hat.com>,
Shuah Khan <shuah@...nel.org>,
Sven Schnelle <svens@...ux.ibm.com>
Subject: Re: [PATCH v7 08/14] KVM: s390: Move common code of mem_op functions
into function
On 2/6/23 17:45, Janis Schoetterl-Glausch wrote:
> The vcpu and vm mem_op ioctl implementations share some functionality.
> Move argument checking into a function and call it from both
> implementations. This allows code reuse in case of additional future
> mem_op operations.
>
> Suggested-by: Janosch Frank <frankja@...ux.ibm.com>
> Signed-off-by: Janis Schoetterl-Glausch <scgl@...ux.ibm.com>
Reviewed-by: Janosch Frank <frankja@...ux.ibm.com>
> ---
> arch/s390/kvm/kvm-s390.c | 52 +++++++++++++++++++---------------------
> 1 file changed, 24 insertions(+), 28 deletions(-)
>
> diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c
> index e4890e04b210..0367c1a7e69a 100644
> --- a/arch/s390/kvm/kvm-s390.c
> +++ b/arch/s390/kvm/kvm-s390.c
> @@ -2764,24 +2764,32 @@ static int kvm_s390_handle_pv(struct kvm *kvm, struct kvm_pv_cmd *cmd)
> return r;
> }
>
> -static bool access_key_invalid(u8 access_key)
> +static int mem_op_validate_common(struct kvm_s390_mem_op *mop, u64 supported_flags)
> {
> - return access_key > 0xf;
> + if (mop->flags & ~supported_flags || !mop->size)
> + return -EINVAL;
> + if (mop->size > MEM_OP_MAX_SIZE)
> + return -E2BIG;
> + if (mop->flags & KVM_S390_MEMOP_F_SKEY_PROTECTION) {
> + if (mop->key > 0xf)
> + return -EINVAL;
> + } else {
> + mop->key = 0;
> + }
> + return 0;
> }
>
> static int kvm_s390_vm_mem_op(struct kvm *kvm, struct kvm_s390_mem_op *mop)
> {
> void __user *uaddr = (void __user *)mop->buf;
> - u64 supported_flags;
> void *tmpbuf = NULL;
> int r, srcu_idx;
>
> - supported_flags = KVM_S390_MEMOP_F_SKEY_PROTECTION
> - | KVM_S390_MEMOP_F_CHECK_ONLY;
> - if (mop->flags & ~supported_flags || !mop->size)
> - return -EINVAL;
> - if (mop->size > MEM_OP_MAX_SIZE)
> - return -E2BIG;
> + r = mem_op_validate_common(mop, KVM_S390_MEMOP_F_SKEY_PROTECTION |
> + KVM_S390_MEMOP_F_CHECK_ONLY);
> + if (r)
> + return r;
> +
> /*
> * This is technically a heuristic only, if the kvm->lock is not
> * taken, it is not guaranteed that the vm is/remains non-protected.
> @@ -2793,12 +2801,6 @@ static int kvm_s390_vm_mem_op(struct kvm *kvm, struct kvm_s390_mem_op *mop)
> */
> if (kvm_s390_pv_get_handle(kvm))
> return -EINVAL;
> - if (mop->flags & KVM_S390_MEMOP_F_SKEY_PROTECTION) {
> - if (access_key_invalid(mop->key))
> - return -EINVAL;
> - } else {
> - mop->key = 0;
> - }
> if (!(mop->flags & KVM_S390_MEMOP_F_CHECK_ONLY)) {
> tmpbuf = vmalloc(mop->size);
> if (!tmpbuf)
> @@ -5250,23 +5252,17 @@ static long kvm_s390_vcpu_mem_op(struct kvm_vcpu *vcpu,
> {
> void __user *uaddr = (void __user *)mop->buf;
> void *tmpbuf = NULL;
> - int r = 0;
> - const u64 supported_flags = KVM_S390_MEMOP_F_INJECT_EXCEPTION
> - | KVM_S390_MEMOP_F_CHECK_ONLY
> - | KVM_S390_MEMOP_F_SKEY_PROTECTION;
> + int r;
>
> - if (mop->flags & ~supported_flags || mop->ar >= NUM_ACRS || !mop->size)
> + r = mem_op_validate_common(mop, KVM_S390_MEMOP_F_INJECT_EXCEPTION |
> + KVM_S390_MEMOP_F_CHECK_ONLY |
> + KVM_S390_MEMOP_F_SKEY_PROTECTION);
> + if (r)
> + return r;
> + if (mop->ar >= NUM_ACRS)
> return -EINVAL;
> - if (mop->size > MEM_OP_MAX_SIZE)
> - return -E2BIG;
> if (kvm_s390_pv_cpu_is_protected(vcpu))
> return -EINVAL;
> - if (mop->flags & KVM_S390_MEMOP_F_SKEY_PROTECTION) {
> - if (access_key_invalid(mop->key))
> - return -EINVAL;
> - } else {
> - mop->key = 0;
> - }
> if (!(mop->flags & KVM_S390_MEMOP_F_CHECK_ONLY)) {
> tmpbuf = vmalloc(mop->size);
> if (!tmpbuf)
Powered by blists - more mailing lists