Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1163187pxb; Fri, 21 Jan 2022 11:11:26 -0800 (PST) X-Google-Smtp-Source: ABdhPJxYcanptn9uWriEPWFHd3ZPOfKfbKIkuhmmJmiXZU6DwtaGqcQia9Q2z+BsbbsoE2nUeM6X X-Received: by 2002:a17:902:c40a:b0:14b:276d:1bb with SMTP id k10-20020a170902c40a00b0014b276d01bbmr2082020plk.26.1642792285946; Fri, 21 Jan 2022 11:11:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642792285; cv=none; d=google.com; s=arc-20160816; b=DnVVnNKed7UvnuANsU9CbUMRy+/6FrocdY9fjtbi5Mn26GZYxPuw5unWa1j3ZilgA3 iKDALeiyQA5XB+S6lFBt6rQi7mfXDdpC3NoF8uuoOKI/VhOFTCLBe7rm7VdIrDeF3cmu QkAy8s/Tpov7o7uXTZVL+LmR0/cAj4JZDi0iRpQhu59LboeICy9yJBbhMHp9h6GE8DB1 ta0VFilYOlc5cNz/816ONhEgV9zOecI5ghWyite/SSbp613qGifxzmw6bclq6ERzy2Dj 9qAtf7R1WaAij39VoPN4Wenq4BzuNvFLJR8OxlQFtsUjZJZqgSmgmApVC2vR6LfsnBLU e+lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=vuQsa7jcrh5TcCyBbceIuHnE31xEDzVmMebCUoCOxYw=; b=fzazeRdS4cYuh087BSSz2ER1Mt0HTeNU0jzoE2h8aLPEvzTs+yzs5Qyt/QPRMcaRFs luRfyTuXGCSAOg1j+s0dc6moweyRjTO3IvUD4t8w4uvniKoF0seASmbzlNzACQ7wGaf1 0ilgp8/kh8tjlODiTGW/M39u7NsR3eI2Gk0q09+UXWQk0/iQLLcHYB+gCs/n7TvRvV9a ij+3i6VItlgi1A8XlGjMOumwqlkD9hBBw9mrTkFW0tQckXeO3r4cAxfe3YKFxTSX7v60 9IgHhp7XEwQd3FNCbL2iZ7dcXz+/GwElbGMQI5ZoSVqsg/49nY6I6IO1nW4OTPpbH/JF V5fw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=LCoboYKC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r10si6214519plo.33.2022.01.21.11.11.13; Fri, 21 Jan 2022 11:11:25 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=LCoboYKC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1353930AbiASLCm (ORCPT + 99 others); Wed, 19 Jan 2022 06:02:42 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:40716 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1353857AbiASLCl (ORCPT ); Wed, 19 Jan 2022 06:02:41 -0500 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 20J9vnpx022766; Wed, 19 Jan 2022 11:02:40 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=vuQsa7jcrh5TcCyBbceIuHnE31xEDzVmMebCUoCOxYw=; b=LCoboYKCoL0/c06e4dDPbiATikYLGlXP2MrHYAB91djchq5IQMINmb2MQyq7WoeIEAUm rapdlRaHo6j8ZNnMG1iZDtfanZLA6cWrbH2br8Jw6JogLCrqRjhXGbs6DwKK8djqNeiG NQAQnCs4HuxWa95WeFQKGp+xCTRiGYkH4skX53doPhqWvjO+8hKEZAOsO0v1ZCzrHZyP 52fMw6Sl9hXap9FHibpH06jRa/PXHwnVCiBNywqWQz/8fBjLmaODOj7Jvf9bDCGbWzrZ 5ZojM97tthNVnymGwlZry4SB17lrKPsg7E55AfNUY2h5TJv/MRK6mo6oBitQAiw3LEhN Ow== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0a-001b2d01.pphosted.com with ESMTP id 3dpgfm158r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 19 Jan 2022 11:02:40 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 20JAxlsk001602; Wed, 19 Jan 2022 11:02:38 GMT Received: from b06avi18878370.portsmouth.uk.ibm.com (b06avi18878370.portsmouth.uk.ibm.com [9.149.26.194]) by ppma06ams.nl.ibm.com with ESMTP id 3dknhjmhwr-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 19 Jan 2022 11:02:38 +0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 20JB2Zu436635094 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 19 Jan 2022 11:02:35 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E100DA417A; Wed, 19 Jan 2022 11:02:34 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 91FD4A4177; Wed, 19 Jan 2022 11:02:34 +0000 (GMT) Received: from [9.171.12.6] (unknown [9.171.12.6]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 19 Jan 2022 11:02:34 +0000 (GMT) Message-ID: <422595a5-b24b-8760-ff0e-112322142de7@linux.ibm.com> Date: Wed, 19 Jan 2022 12:02:34 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [RFC PATCH v1 01/10] s390/uaccess: Add storage key checked access to user memory Content-Language: en-US To: Heiko Carstens Cc: Vasily Gorbik , Christian Borntraeger , Sven Schnelle , Nico Boehr , Alexander Gordeev , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org References: <20220118095210.1651483-1-scgl@linux.ibm.com> <20220118095210.1651483-2-scgl@linux.ibm.com> From: Janis Schoetterl-Glausch In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: SORBrbFPWDMzbdnpNb8-49k4NAN0QjSu X-Proofpoint-GUID: SORBrbFPWDMzbdnpNb8-49k4NAN0QjSu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-19_07,2022-01-19_01,2021-12-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1015 impostorscore=0 mlxscore=0 bulkscore=0 priorityscore=1501 malwarescore=0 suspectscore=0 mlxlogscore=999 spamscore=0 lowpriorityscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2201190061 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/19/22 10:48, Heiko Carstens wrote: > > On Tue, Jan 18, 2022 at 10:52:01AM +0100, Janis Schoetterl-Glausch wrote: >> KVM needs a mechanism to do accesses to guest memory that honor >> storage key protection. >> Since the copy_to/from_user implementation makes use of move >> instructions that support having an additional access key supplied, >> we can implement __copy_from/to_user_with_key by enhancing the >> existing implementation. >> >> Signed-off-by: Janis Schoetterl-Glausch >> --- >> arch/s390/include/asm/uaccess.h | 32 ++++++++++++++++++ >> arch/s390/lib/uaccess.c | 57 +++++++++++++++++++++++---------- >> 2 files changed, 72 insertions(+), 17 deletions(-) >> >> diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h >> index 02b467461163..5138040348cc 100644 >> --- a/arch/s390/include/asm/uaccess.h >> +++ b/arch/s390/include/asm/uaccess.h >> @@ -33,6 +33,38 @@ static inline int __range_ok(unsigned long addr, unsigned long size) >> >> #define access_ok(addr, size) __access_ok(addr, size) >> >> +unsigned long __must_check >> +raw_copy_from_user_with_key(void *to, const void __user *from, unsigned long n, >> + char key); >> + >> +unsigned long __must_check >> +raw_copy_to_user_with_key(void __user *to, const void *from, unsigned long n, >> + char key); >> + >> +static __always_inline __must_check unsigned long >> +__copy_from_user_with_key(void *to, const void __user *from, unsigned long n, >> + char key) >> +{ >> + might_fault(); >> + if (should_fail_usercopy()) >> + return n; >> + instrument_copy_from_user(to, from, n); >> + check_object_size(to, n, false); >> + return raw_copy_from_user_with_key(to, from, n, key); >> +} >> + >> +static __always_inline __must_check unsigned long >> +__copy_to_user_with_key(void __user *to, const void *from, unsigned long n, >> + char key) >> +{ >> + might_fault(); >> + if (should_fail_usercopy()) >> + return n; >> + instrument_copy_to_user(to, from, n); >> + check_object_size(from, n, true); >> + return raw_copy_to_user_with_key(to, from, n, key); >> +} >> + >> unsigned long __must_check >> raw_copy_from_user(void *to, const void __user *from, unsigned long n); > > That's a lot of code churn... I would have expected that the existing > functions will be renamed, get an additional key parameter, and the > current API is implemented by defines which map copy_to_user() & > friends to the new functions, and add a zero key. I don't think I understand you. I can implement raw_copy_from/to_user in terms of raw_copy_from/to_user_with_key, which does save a few lines, but that's it, isn't it? Thanks! > > This would avoid a lot of code duplication, even though the kernel > image would get slightly larger. > > Could you do that, please, and also provide bloat-a-meter results? > > And as already mentioned: please don't use "char" for passing a > key. Besides that this leads to the overflow question as pointed out > by Sven, this might as usual also raise the question if there might be > any bugs wrt to sign extension. That is: for anything but characters, > please always explicitely use signed or unsigned char (or u8/s8), so > nobody has to think about this. Will do. > > Thanks!