Due to upcoming changes, it will be possible to temporarily have
multiple protected VMs in the same address space. When that happens,
it is necessary to perform an export of every page that is to be
imported.
Signed-off-by: Claudio Imbrenda <[email protected]>
---
arch/s390/kernel/uv.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
index b19b1a1444ec..dbcf4434eb53 100644
--- a/arch/s390/kernel/uv.c
+++ b/arch/s390/kernel/uv.c
@@ -242,6 +242,12 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr,
return rc;
}
+static bool should_export_before_import(struct uv_cb_header *uvcb, struct mm_struct *mm)
+{
+ return uvcb->cmd != UVC_CMD_UNPIN_PAGE_SHARED &&
+ atomic_read(&mm->context.is_protected) > 1;
+}
+
/*
* Requests the Ultravisor to make a page accessible to a guest.
* If it's brought in the first time, it will be cleared. If
@@ -285,6 +291,8 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb)
lock_page(page);
ptep = get_locked_pte(gmap->mm, uaddr, &ptelock);
+ if (should_export_before_import(uvcb, gmap->mm))
+ uv_convert_from_secure(page_to_phys(page));
rc = make_secure_pte(ptep, uaddr, page, uvcb);
pte_unmap_unlock(ptep, ptelock);
unlock_page(page);
--
2.31.1
On 5/17/21 10:07 PM, Claudio Imbrenda wrote:
> Due to upcoming changes, it will be possible to temporarily have
> multiple protected VMs in the same address space. When that happens,
> it is necessary to perform an export of every page that is to be
> imported.
... since the Ultravisor doesn't allow KVM to import a secure page
belonging to guest A to be imported for guest B in order to guarantee
proper guest isolation.
Reviewed-by: Janosch Frank <[email protected]>
>
> Signed-off-by: Claudio Imbrenda <[email protected]>
> ---
> arch/s390/kernel/uv.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
> index b19b1a1444ec..dbcf4434eb53 100644
> --- a/arch/s390/kernel/uv.c
> +++ b/arch/s390/kernel/uv.c
> @@ -242,6 +242,12 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr,
> return rc;
> }
>
> +static bool should_export_before_import(struct uv_cb_header *uvcb, struct mm_struct *mm)
> +{
> + return uvcb->cmd != UVC_CMD_UNPIN_PAGE_SHARED &&
> + atomic_read(&mm->context.is_protected) > 1;
> +}
> +
> /*
> * Requests the Ultravisor to make a page accessible to a guest.
> * If it's brought in the first time, it will be cleared. If
> @@ -285,6 +291,8 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb)
>
> lock_page(page);
> ptep = get_locked_pte(gmap->mm, uaddr, &ptelock);
> + if (should_export_before_import(uvcb, gmap->mm))
> + uv_convert_from_secure(page_to_phys(page));
> rc = make_secure_pte(ptep, uaddr, page, uvcb);
> pte_unmap_unlock(ptep, ptelock);
> unlock_page(page);
>