On 7/6/22 18:33, Claudio Imbrenda wrote:
On Wed, 6 Jul 2022 06:40:17 +0000
Janosch Frank <frankja@xxxxxxxxxxxxx> wrote:
Let's check if the UV really protected all the memory we donated.
Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
---
s390x/uv-host.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/s390x/uv-host.c b/s390x/uv-host.c
index a1a6d120..983cb4a1 100644
--- a/s390x/uv-host.c
+++ b/s390x/uv-host.c
@@ -43,6 +43,24 @@ static void cpu_loop(void)
for (;;) {}
}
+/*
+ * Checks if a memory area is protected as secure memory.
+ * Will return true if all pages are protected, false otherwise.
+ */
+static bool access_check_3d(uint64_t *access_ptr, uint64_t len)
+{
+ while (len) {
+ expect_pgm_int();
+ *access_ptr += 42;
I'm surprised this works, you will get an (expected) exception when
reading from the pointer, and then you should get another one (at this
point unexpected) when writing
Let me introduce you to "AGSI" add grand storage immediate.
But I get your point, inline assembly would make this much more explicit.
+ if (clear_pgm_int() != PGM_INT_CODE_SECURE_STOR_ACCESS)
+ return false;
+ access_ptr += PAGE_SIZE / sizeof(access_ptr);
+ len -= PAGE_SIZE;
+ }
+
+ return true;
+}
+
static struct cmd_list cmds[] = {
{ "init", UVC_CMD_INIT_UV, sizeof(struct uv_cb_init), BIT_UVC_CMD_INIT_UV },
{ "create conf", UVC_CMD_CREATE_SEC_CONF, sizeof(struct uv_cb_cgc), BIT_UVC_CMD_CREATE_SEC_CONF },
@@ -194,6 +212,10 @@ static void test_cpu_create(void)
report(rc == 0 && uvcb_csc.header.rc == UVC_RC_EXECUTED &&
uvcb_csc.cpu_handle, "success");
+ rc = access_check_3d((uint64_t *)uvcb_csc.stor_origin,
+ uvcb_qui.cpu_stor_len);
+ report(rc, "Storage protection");
+
tmp = uvcb_csc.stor_origin;
uvcb_csc.stor_origin = (unsigned long)memalign(PAGE_SIZE, uvcb_qui.cpu_stor_len);
rc = uv_call(0, (uint64_t)&uvcb_csc);
@@ -292,6 +314,13 @@ static void test_config_create(void)
rc = uv_call(0, (uint64_t)&uvcb_cgc);
report(rc == 0 && uvcb_cgc.header.rc == UVC_RC_EXECUTED, "successful");
+ rc = access_check_3d((uint64_t *)uvcb_cgc.conf_var_stor_origin, vsize);
+ report(rc, "Base storage protection");
+
+ rc = access_check_3d((uint64_t *)uvcb_cgc.conf_base_stor_origin,
+ uvcb_qui.conf_base_phys_stor_len);
+ report(rc, "Variable storage protection");
+
uvcb_cgc.header.rc = 0;
uvcb_cgc.header.rrc = 0;
tmp = uvcb_cgc.guest_handle;