Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp1396004pxb; Fri, 21 Jan 2022 17:35:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJy7OhYBAxNWl9Dve7+IH1qmHOZselO/UVnHHEr7A4++Fb2837lGg8DH/sUmBM1ET0ug+FPC X-Received: by 2002:a17:90b:4a45:: with SMTP id lb5mr3265979pjb.220.1642815317076; Fri, 21 Jan 2022 17:35:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1642815317; cv=none; d=google.com; s=arc-20160816; b=BvzRcj/W0+B1rzdT3biqQayzmH5Bm9pzrG4t7EWUYJHg5mNyzM4eoZXgwv8a9Qogms HS3yh62dgBkv3Xrx0txnp2HhQty9UnNnGzDr9ZVTvp0eSGqjpeve3qUX5Q+gGwmlzPjT Ag3P/QAHbFBAhRWBgR9esNkRYEkg7ykEgvczSu3bSftLEGicprymH3zQJZztlgsDB8Jq wz8kMg3TN6bDxsBg8s1b33coQyReOlZyGSZ2u3luuu6mtaVPBe9PH05QmNEUQNfcsadE HL7t8hDQgmM15b9SmBgZK2z6c2spuLbiKbyY5WDiRS7H11Jgtj2QV+Iq8lG4/DwPAS9E cNbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=JXyGD+6qyYAPrwJA+4HRaiK0sTCQlCIuJ/AqErjzjN4=; b=c7orxkTjs9ntWSUzy7mYPxJSBnyv09JEcXK/6V/4xoTEtQwEfNZ1Hv5tWQWSyZYj21 ZSlLj8fKTLWW3ksEQpE+ScZeubSaSPLLUvN2DAvgq7Vzthry1Q8cDQ6VdgSpSVB/mtBQ Dr8VOtslakzejcCSASsQ0FbwwxckS4qFZYPS1EgkJuqQh0mTI4zmDFZw54uHV/L0POm/ XqwRlRvpgmsfT1JiQHvNSbhFYGG+9h1aD/LSCApJMhtsnp+y5/fTw0E2PiAvSwDANFD0 +DULkv48flsmdrL+yqY1jmjYggEtURxY1rh5M0QBQ9Q3rYdGRqikxBeaWP0weXtfvjdC XcTQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=TQzHbWCC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n13si8860406pgc.177.2022.01.21.17.35.05; Fri, 21 Jan 2022 17:35:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=TQzHbWCC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1380756AbiAUNqL (ORCPT + 99 others); Fri, 21 Jan 2022 08:46:11 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:18536 "EHLO mx0b-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1380567AbiAUNqJ (ORCPT ); Fri, 21 Jan 2022 08:46:09 -0500 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 20LBGTPh002895; Fri, 21 Jan 2022 13:46:08 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=JXyGD+6qyYAPrwJA+4HRaiK0sTCQlCIuJ/AqErjzjN4=; b=TQzHbWCC44q+25nLp8fgfQOYMqziD50gC3IZT1ok9yDxsP3bwHNF8iyo8JxgCmk1Oe4r dBvEoYLzjrF4rP70sASI7UOFYzNNa80cVfIntoCN3wbRVAQwxpAe74yYhVEFdQf8k7tD ZV0y1gLtqL41xEL601gNFJyW7x4ZRJNW3LqDWhYRWaqi9vN1dyqF516YgDM4jKh0M4wl 55vZ9lCiYxp8BbExrrlwZewNdjh75nSCyiwOeQ5vt5yDZfzGn1API2kHMQF+RCMORYQ8 J7TFsFnxV2IbYrxBr0ucUs4IPSO+z11qA/Zcb4gaJCAXm7S81Nlck/Q/2Q3vt8anjq+3 pw== Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com with ESMTP id 3dqutjtw6x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 21 Jan 2022 13:46:08 +0000 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 20LDg1LF023181; Fri, 21 Jan 2022 13:46:06 GMT Received: from b06cxnps3075.portsmouth.uk.ibm.com (d06relay10.portsmouth.uk.ibm.com [9.149.109.195]) by ppma01fra.de.ibm.com with ESMTP id 3dqjegcx8h-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 21 Jan 2022 13:46:06 +0000 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 20LDk3Hf43516284 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 21 Jan 2022 13:46:03 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 067F552054; Fri, 21 Jan 2022 13:46:03 +0000 (GMT) Received: from [9.171.30.56] (unknown [9.171.30.56]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id 9CEEF52059; Fri, 21 Jan 2022 13:46:02 +0000 (GMT) Message-ID: <13a03972-0020-b8e7-2fc0-def8a164eb10@linux.ibm.com> Date: Fri, 21 Jan 2022 14:46:02 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [RFC PATCH v1 01/10] s390/uaccess: Add storage key checked access to user memory Content-Language: en-US To: Heiko Carstens , Christian Borntraeger Cc: Vasily Gorbik , Sven Schnelle , Nico Boehr , Alexander Gordeev , linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org References: <20220118095210.1651483-1-scgl@linux.ibm.com> <20220118095210.1651483-2-scgl@linux.ibm.com> <422595a5-b24b-8760-ff0e-112322142de7@linux.ibm.com> From: Janis Schoetterl-Glausch In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 1J7rmFUY1BDT5y93PM8CZth9xWuTxnVw X-Proofpoint-GUID: 1J7rmFUY1BDT5y93PM8CZth9xWuTxnVw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-21_06,2022-01-21_01,2021-12-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 lowpriorityscore=0 bulkscore=0 mlxlogscore=999 mlxscore=0 impostorscore=0 phishscore=0 adultscore=0 clxscore=1015 spamscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000 definitions=main-2201210091 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/21/22 12:04, Heiko Carstens wrote: > On Fri, Jan 21, 2022 at 08:32:25AM +0100, Christian Borntraeger wrote: >> So in essence adding something like this and then providing raw_copy_from/to_user_key? >> (whitespace damaged, just pasted in) >> >> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h >> index ac0394087f7d..3b6e78ee211c 100644 >> --- a/include/linux/uaccess.h >> +++ b/include/linux/uaccess.h >> @@ -201,6 +201,59 @@ copy_to_user(void __user *to, const void *from, unsigned long n) >> return n; >> } >> + >> +#if defined(__s390x__) && defined(CONFIG_KVM) >> +/* >> + * Variants that pass along an access key. Uses by KVM on s390x to implement >> + * key checks for guests that use storage keys Must be kept in sync with the >> + * non-key variants from above. The only difference is the _key suffix when >> + * calling raw_copy_from/to_user_key. >> + */ > > This is too architecture specific, I wouldn't like to see __s390__ or > KVM dependencies. This should be a bit more generic, so other > architectures _might_ also make use of this interface that is: > >> +static inline __must_check unsigned long >> +_copy_from_user_key(void *to, const void __user *from, unsigned long n, u8 key) > > Make key unsigned long, add support for INLINE_COPY_TO_USER, and maybe > add a wrapper, so this works on all architectures, e.g. if > raw_copy_to_user_key() is not defined, then fall back to > raw_copy_to_user() and ignore the key parameter. > Since we only need the double underscore variants, even if we're going to be more general than we need to be, we can restrict ourselves to those, can't we? I don't understand your comment about the wrapper. You'd want an error on misuse, that is, if you try to use a _with_key function if the functionality is not defined, no? I see the following possibilities: 1. raw_copy_from/to_user is declared by each architecture. Mirror that for raw_copy_from/to_user_with_key. Linker error on misuse. 2. Opt in with #define UACCESS_WITH_KEY or similar. Undeclared function on misuse. 3. Opt in by requiring that raw_copy_from/to_user_with_key are macros. Undeclared function on misuse. 4. Declare raw_copy_from/to_user_with_key in include/linux/uacess.h. Linker error on misuse.