| Message ID | 20211203165814.73016-4-imbrenda@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: s390: pv: implement lazy destroy for reboot | expand |
On 12/3/21 17:58, Claudio Imbrenda wrote: > With upcoming patches, normal guests might touch secure pages. > > This patch extends the existing exception handler to convert the pages > to non secure also when the exception is triggered by a normal guest. > > This can happen for example when a secure guest reboots; the first > stage of a secure guest is non secure, and in general a secure guest > can reboot into non-secure mode. > > If the secure memory of the previous boot has not been cleared up > completely yet (which will be allowed to happen in an upcoming patch), > a non-secure guest might touch secure memory, which will need to be > handled properly. > > Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com> > --- > arch/s390/mm/fault.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c > index a1928c89bbfa..a644e593eef9 100644 > --- a/arch/s390/mm/fault.c > +++ b/arch/s390/mm/fault.c > @@ -770,6 +770,7 @@ void do_secure_storage_access(struct pt_regs *regs) > struct vm_area_struct *vma; > struct mm_struct *mm; > struct page *page; > + struct gmap *gmap; > int rc; > > /* > @@ -799,6 +800,14 @@ void do_secure_storage_access(struct pt_regs *regs) > } > > switch (get_fault_type(regs)) { > + case GMAP_FAULT: > + gmap = (struct gmap *)S390_lowcore.gmap; > + addr = __gmap_translate(gmap, addr); __gmap_translate() needs the mmap_read_lock(mm), no? > + if (IS_ERR_VALUE(addr)) { > + do_fault_error(regs, VM_ACCESS_FLAGS, VM_FAULT_BADMAP); > + break; > + } > + fallthrough; > case USER_FAULT: > mm = current->mm; > mmap_read_lock(mm); > @@ -827,7 +836,6 @@ void do_secure_storage_access(struct pt_regs *regs) > if (rc) > BUG(); > break; > - case GMAP_FAULT: > default: > do_fault_error(regs, VM_READ | VM_WRITE, VM_FAULT_BADMAP); > WARN_ON_ONCE(1); >
diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c index a1928c89bbfa..a644e593eef9 100644 --- a/arch/s390/mm/fault.c +++ b/arch/s390/mm/fault.c @@ -770,6 +770,7 @@ void do_secure_storage_access(struct pt_regs *regs) struct vm_area_struct *vma; struct mm_struct *mm; struct page *page; + struct gmap *gmap; int rc; /* @@ -799,6 +800,14 @@ void do_secure_storage_access(struct pt_regs *regs) } switch (get_fault_type(regs)) { + case GMAP_FAULT: + gmap = (struct gmap *)S390_lowcore.gmap; + addr = __gmap_translate(gmap, addr); + if (IS_ERR_VALUE(addr)) { + do_fault_error(regs, VM_ACCESS_FLAGS, VM_FAULT_BADMAP); + break; + } + fallthrough; case USER_FAULT: mm = current->mm; mmap_read_lock(mm); @@ -827,7 +836,6 @@ void do_secure_storage_access(struct pt_regs *regs) if (rc) BUG(); break; - case GMAP_FAULT: default: do_fault_error(regs, VM_READ | VM_WRITE, VM_FAULT_BADMAP); WARN_ON_ONCE(1);
With upcoming patches, normal guests might touch secure pages. This patch extends the existing exception handler to convert the pages to non secure also when the exception is triggered by a normal guest. This can happen for example when a secure guest reboots; the first stage of a secure guest is non secure, and in general a secure guest can reboot into non-secure mode. If the secure memory of the previous boot has not been cleared up completely yet (which will be allowed to happen in an upcoming patch), a non-secure guest might touch secure memory, which will need to be handled properly. Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com> --- arch/s390/mm/fault.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)