From: Claudio Imbrenda <imbrenda@linux.ibm.com>
To: Janosch Frank <frankja@linux.ibm.com>
Cc: kvm@vger.kernel.org, linux-s390@vger.kernel.org,
thuth@redhat.com, seiden@linux.ibm.com, nrb@linux.ibm.com,
scgl@linux.ibm.com
Subject: Re: [kvm-unit-tests PATCH v3] s390x: uv-host: Add access checks for donated memory
Date: Wed, 3 Aug 2022 11:46:02 +0200 [thread overview]
Message-ID: <20220803114602.5359a8a4@p-imbrenda> (raw)
In-Reply-To: <20220725130859.48740-1-frankja@linux.ibm.com>
On Mon, 25 Jul 2022 13:08:59 +0000
Janosch Frank <frankja@linux.ibm.com> wrote:
> Let's check if the UV really protected all the memory we donated.
>
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> ---
> s390x/uv-host.c | 37 +++++++++++++++++++++++++++++++++++++
> 1 file changed, 37 insertions(+)
>
> diff --git a/s390x/uv-host.c b/s390x/uv-host.c
> index dfcebe10..ba6c9008 100644
> --- a/s390x/uv-host.c
> +++ b/s390x/uv-host.c
> @@ -45,6 +45,32 @@ static void cpu_loop(void)
> for (;;) {}
> }
>
> +/*
> + * Checks if a memory area is protected as secure memory.
> + * Will return true if all pages are protected, false otherwise.
> + */
> +static bool access_check_3d(uint64_t *access_ptr, uint64_t len)
> +{
> + assert(!(len & ~PAGE_MASK));
> + assert(!((uint64_t)access_ptr & ~PAGE_MASK));
> +
> + while (len) {
> + expect_pgm_int();
> + READ_ONCE(*access_ptr);
> + if (clear_pgm_int() != PGM_INT_CODE_SECURE_STOR_ACCESS)
> + return false;
> + expect_pgm_int();
> + WRITE_ONCE(*access_ptr, 42);
> + if (clear_pgm_int() != PGM_INT_CODE_SECURE_STOR_ACCESS)
> + return false;
> +
> + access_ptr += PAGE_SIZE / sizeof(access_ptr);
this looks ugly, although in principle the correct way to handle a
pointer. In this specific case it's techically wrong though (you
actually want sizeof(*access_ptr) )
what about making access_ptr a char*?
then you can do just
access_ptr += PAGE_SIZE;
and you can keep the READ_ONCE and WRITE_ONCE as they are
> + len -= PAGE_SIZE;
> + }
> +
> + return true;
> +}
> +
> static struct cmd_list cmds[] = {
> { "init", UVC_CMD_INIT_UV, sizeof(struct uv_cb_init), BIT_UVC_CMD_INIT_UV },
> { "create conf", UVC_CMD_CREATE_SEC_CONF, sizeof(struct uv_cb_cgc), BIT_UVC_CMD_CREATE_SEC_CONF },
> @@ -332,6 +358,10 @@ static void test_cpu_create(void)
> report(rc == 0 && uvcb_csc.header.rc == UVC_RC_EXECUTED &&
> uvcb_csc.cpu_handle, "success");
>
> + rc = access_check_3d((uint64_t *)uvcb_csc.stor_origin,
> + uvcb_qui.cpu_stor_len);
> + report(rc, "Storage protection");
> +
> tmp = uvcb_csc.stor_origin;
> uvcb_csc.stor_origin = (unsigned long)memalign(PAGE_SIZE, uvcb_qui.cpu_stor_len);
> rc = uv_call(0, (uint64_t)&uvcb_csc);
> @@ -430,6 +460,13 @@ static void test_config_create(void)
> rc = uv_call(0, (uint64_t)&uvcb_cgc);
> report(rc == 0 && uvcb_cgc.header.rc == UVC_RC_EXECUTED, "successful");
>
> + rc = access_check_3d((uint64_t *)uvcb_cgc.conf_var_stor_origin, vsize);
> + report(rc, "Base storage protection");
> +
> + rc = access_check_3d((uint64_t *)uvcb_cgc.conf_base_stor_origin,
> + uvcb_qui.conf_base_phys_stor_len);
> + report(rc, "Variable storage protection");
> +
> uvcb_cgc.header.rc = 0;
> uvcb_cgc.header.rrc = 0;
> tmp = uvcb_cgc.guest_handle;
next prev parent reply other threads:[~2022-08-03 9:46 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-06 6:40 [kvm-unit-tests PATCH v2 0/8] s390x: uv-host: Access check extensions and improvements Janosch Frank
2022-07-06 6:40 ` [kvm-unit-tests PATCH v2 1/8] s390x: uv-host: Add access checks for donated memory Janosch Frank
2022-07-06 16:33 ` Claudio Imbrenda
2022-07-07 8:16 ` Janosch Frank
2022-07-07 9:19 ` Claudio Imbrenda
2022-07-25 13:08 ` [kvm-unit-tests PATCH v3] " Janosch Frank
2022-08-03 7:22 ` Nico Boehr
2022-08-03 9:46 ` Claudio Imbrenda [this message]
2022-08-03 11:18 ` Janosch Frank
2022-08-11 13:18 ` [kvm-unit-tests PATCH v4] " Janosch Frank
2022-08-11 14:17 ` Claudio Imbrenda
2022-08-11 15:00 ` [kvm-unit-tests PATCH v5] " Janosch Frank
2022-08-11 15:15 ` Claudio Imbrenda
2022-07-07 8:11 ` [kvm-unit-tests PATCH v2 1/8] " Steffen Eiden
2022-07-07 8:20 ` Janosch Frank
2022-07-06 6:40 ` [kvm-unit-tests PATCH v2 2/8] s390x: uv-host: Add uninitialized UV tests Janosch Frank
2022-07-08 9:10 ` Steffen Eiden
2022-07-06 6:40 ` [kvm-unit-tests PATCH v2 3/8] s390x: uv-host: Test uv immediate parameter Janosch Frank
2022-07-08 10:02 ` Steffen Eiden
2022-07-06 6:40 ` [kvm-unit-tests PATCH v2 4/8] s390x: uv-host: Add access exception test Janosch Frank
2022-07-06 6:40 ` [kvm-unit-tests PATCH v2 5/8] s390x: uv-host: Add a set secure config parameters test function Janosch Frank
2022-07-06 6:40 ` [kvm-unit-tests PATCH v2 6/8] s390x: uv-host: Remove duplicated + Janosch Frank
2022-07-06 6:40 ` [kvm-unit-tests PATCH v2 7/8] s390x: uv-host: Fence against being run as a PV guest Janosch Frank
2022-07-08 10:08 ` Steffen Eiden
2022-07-06 6:40 ` [kvm-unit-tests PATCH v2 8/8] s390x: uv-host: Fix init storage origin and length check Janosch Frank
2022-07-08 10:19 ` Steffen Eiden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220803114602.5359a8a4@p-imbrenda \
--to=imbrenda@linux.ibm.com \
--cc=frankja@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=nrb@linux.ibm.com \
--cc=scgl@linux.ibm.com \
--cc=seiden@linux.ibm.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox