From: Janis Schoetterl-Glausch <scgl@linux.ibm.com>
To: Heiko Carstens <hca@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>
Cc: Vasily Gorbik <gor@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Nico Boehr <nrb@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
linux-s390@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH v1 01/10] s390/uaccess: Add storage key checked access to user memory
Date: Fri, 21 Jan 2022 14:46:02 +0100 [thread overview]
Message-ID: <13a03972-0020-b8e7-2fc0-def8a164eb10@linux.ibm.com> (raw)
In-Reply-To: <YeqTP6WDbZzEJUbJ@osiris>
On 1/21/22 12:04, Heiko Carstens wrote:
> On Fri, Jan 21, 2022 at 08:32:25AM +0100, Christian Borntraeger wrote:
>> So in essence adding something like this and then providing raw_copy_from/to_user_key?
>> (whitespace damaged, just pasted in)
>>
>> diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h
>> index ac0394087f7d..3b6e78ee211c 100644
>> --- a/include/linux/uaccess.h
>> +++ b/include/linux/uaccess.h
>> @@ -201,6 +201,59 @@ copy_to_user(void __user *to, const void *from, unsigned long n)
>> return n;
>> }
>> +
>> +#if defined(__s390x__) && defined(CONFIG_KVM)
>> +/*
>> + * Variants that pass along an access key. Uses by KVM on s390x to implement
>> + * key checks for guests that use storage keys Must be kept in sync with the
>> + * non-key variants from above. The only difference is the _key suffix when
>> + * calling raw_copy_from/to_user_key.
>> + */
>
> This is too architecture specific, I wouldn't like to see __s390__ or
> KVM dependencies. This should be a bit more generic, so other
> architectures _might_ also make use of this interface that is:
>
>> +static inline __must_check unsigned long
>> +_copy_from_user_key(void *to, const void __user *from, unsigned long n, u8 key)
>
> Make key unsigned long, add support for INLINE_COPY_TO_USER, and maybe
> add a wrapper, so this works on all architectures, e.g. if
> raw_copy_to_user_key() is not defined, then fall back to
> raw_copy_to_user() and ignore the key parameter.
>
Since we only need the double underscore variants, even if we're going to be more
general than we need to be, we can restrict ourselves to those, can't we?
I don't understand your comment about the wrapper. You'd want an error on misuse,
that is, if you try to use a _with_key function if the functionality is not defined, no?
I see the following possibilities:
1. raw_copy_from/to_user is declared by each architecture.
Mirror that for raw_copy_from/to_user_with_key.
Linker error on misuse.
2. Opt in with #define UACCESS_WITH_KEY or similar.
Undeclared function on misuse.
3. Opt in by requiring that raw_copy_from/to_user_with_key are macros.
Undeclared function on misuse.
4. Declare raw_copy_from/to_user_with_key in include/linux/uacess.h.
Linker error on misuse.
next prev parent reply other threads:[~2022-01-21 13:46 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 9:52 [RFC PATCH v1 00/10] KVM: s390: Do storage key checking Janis Schoetterl-Glausch
2022-01-18 9:52 ` [RFC PATCH v1 01/10] s390/uaccess: Add storage key checked access to user memory Janis Schoetterl-Glausch
2022-01-18 13:18 ` Janosch Frank
2022-01-18 15:37 ` Sven Schnelle
2022-01-18 15:52 ` Janis Schoetterl-Glausch
2022-01-19 9:48 ` Heiko Carstens
2022-01-19 11:02 ` Janis Schoetterl-Glausch
2022-01-19 13:20 ` Heiko Carstens
2022-01-20 8:34 ` Janis Schoetterl-Glausch
2022-01-20 12:56 ` Heiko Carstens
2022-01-20 18:19 ` Heiko Carstens
2022-01-21 7:32 ` Christian Borntraeger
2022-01-21 11:04 ` Heiko Carstens
2022-01-21 13:46 ` Janis Schoetterl-Glausch [this message]
2022-01-21 14:26 ` Heiko Carstens
2022-01-24 10:38 ` [RFC PATCH] uaccess: Add mechanism for " Janis Schoetterl-Glausch
2022-01-24 17:41 ` Heiko Carstens
2022-01-25 12:35 ` Janis Schoetterl-Glausch
2022-01-25 13:23 ` Heiko Carstens
2022-01-18 9:52 ` [RFC PATCH v1 02/10] KVM: s390: Honor storage keys when accessing guest memory Janis Schoetterl-Glausch
2022-01-18 14:38 ` Janosch Frank
2022-01-20 10:27 ` Christian Borntraeger
2022-01-20 10:30 ` Janis Schoetterl-Glausch
2022-01-19 19:27 ` Christian Borntraeger
2022-01-20 8:11 ` Janis Schoetterl-Glausch
2022-01-20 8:50 ` Christian Borntraeger
2022-01-20 8:58 ` Janis Schoetterl-Glausch
2022-01-20 9:06 ` Christian Borntraeger
2022-01-18 9:52 ` [RFC PATCH v1 03/10] KVM: s390: handle_tprot: Honor storage keys Janis Schoetterl-Glausch
2022-01-18 9:52 ` [RFC PATCH v1 04/10] KVM: s390: selftests: Test TEST PROTECTION emulation Janis Schoetterl-Glausch
2022-01-20 15:40 ` Janosch Frank
2022-01-21 11:03 ` Janis Schoetterl-Glausch
2022-01-21 12:28 ` Claudio Imbrenda
2022-01-21 13:50 ` Janis Schoetterl-Glausch
2022-01-18 9:52 ` [RFC PATCH v1 05/10] KVM: s390: Add optional storage key checking to MEMOP IOCTL Janis Schoetterl-Glausch
2022-01-18 11:51 ` Christian Borntraeger
2022-01-18 9:52 ` [RFC PATCH v1 06/10] KVM: s390: Add vm IOCTL for key checked guest absolute memory access Janis Schoetterl-Glausch
2022-01-19 11:52 ` Thomas Huth
2022-01-19 12:46 ` Christian Borntraeger
2022-01-19 12:53 ` Thomas Huth
2022-01-19 13:17 ` Janis Schoetterl-Glausch
2022-01-20 10:38 ` Thomas Huth
2022-01-20 11:20 ` Christian Borntraeger
2022-01-20 12:23 ` Janis Schoetterl-Glausch
2022-01-25 12:00 ` Thomas Huth
2022-01-27 16:29 ` Janis Schoetterl-Glausch
2022-01-27 17:34 ` Claudio Imbrenda
2022-01-18 9:52 ` [RFC PATCH v1 07/10] KVM: s390: Rename existing vcpu memop functions Janis Schoetterl-Glausch
2022-01-18 9:52 ` [RFC PATCH v1 08/10] KVM: s390: selftests: Test memops with storage keys Janis Schoetterl-Glausch
2022-01-18 9:52 ` [RFC PATCH v1 09/10] KVM: s390: Add capability for storage key extension of MEM_OP IOCTL Janis Schoetterl-Glausch
2022-01-18 15:12 ` Christian Borntraeger
2022-01-18 9:52 ` [RFC PATCH v1 10/10] KVM: s390: selftests: Make use of capability in MEM_OP test Janis Schoetterl-Glausch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=13a03972-0020-b8e7-2fc0-def8a164eb10@linux.ibm.com \
--to=scgl@linux.ibm.com \
--cc=agordeev@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=nrb@linux.ibm.com \
--cc=svens@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Powered by JetHome