Re: [kvm-unit-tests PATCH v2 1/8] s390x: uv-host: Add access checks for donated memory

[Janosch Frank <frankja@xxxxxxxxxxxxx>]

On 7/6/22 18:33, Claudio Imbrenda wrote:
> On Wed,  6 Jul 2022 06:40:17 +0000
> Janosch Frank <frankja@xxxxxxxxxxxxx> wrote:
>
> > Let's check if the UV really protected all the memory we donated.
> >
> > Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
> > ---
> >   s390x/uv-host.c | 29 +++++++++++++++++++++++++++++
> >   1 file changed, 29 insertions(+)
> >
> > diff --git a/s390x/uv-host.c b/s390x/uv-host.c
> > index a1a6d120..983cb4a1 100644
> > --- a/s390x/uv-host.c
> > +++ b/s390x/uv-host.c
> > @@ -43,6 +43,24 @@ static void cpu_loop(void)
> >   	for (;;) {}
> >   }
> >   
> > +/*
> > + * Checks if a memory area is protected as secure memory.
> > + * Will return true if all pages are protected, false otherwise.
> > + */
> > +static bool access_check_3d(uint64_t *access_ptr, uint64_t len)
> > +{
> > +	while (len) {
> > +		expect_pgm_int();
> > +		*access_ptr += 42;
>
> I'm surprised this works, you will get an (expected) exception when
> reading from the pointer, and then you should get another one (at this
> point unexpected) when writing

Let me introduce you to "AGSI" add grand storage immediate.
But I get your point, inline assembly would make this much more explicit.

> > +		if (clear_pgm_int() != PGM_INT_CODE_SECURE_STOR_ACCESS)
> > +			return false;
> > +		access_ptr += PAGE_SIZE / sizeof(access_ptr);
> > +		len -= PAGE_SIZE;
> > +	}
> > +
> > +	return true;
> > +}
> > +
> >   static struct cmd_list cmds[] = {
> >   	{ "init", UVC_CMD_INIT_UV, sizeof(struct uv_cb_init), BIT_UVC_CMD_INIT_UV },
> >   	{ "create conf", UVC_CMD_CREATE_SEC_CONF, sizeof(struct uv_cb_cgc), BIT_UVC_CMD_CREATE_SEC_CONF },
> > @@ -194,6 +212,10 @@ static void test_cpu_create(void)
> >   	report(rc == 0 && uvcb_csc.header.rc == UVC_RC_EXECUTED &&
> >   	       uvcb_csc.cpu_handle, "success");
> >   
> > +	rc = access_check_3d((uint64_t *)uvcb_csc.stor_origin,
> > +			     uvcb_qui.cpu_stor_len);
> > +	report(rc, "Storage protection");
> > +
> >   	tmp = uvcb_csc.stor_origin;
> >   	uvcb_csc.stor_origin = (unsigned long)memalign(PAGE_SIZE, uvcb_qui.cpu_stor_len);
> >   	rc = uv_call(0, (uint64_t)&uvcb_csc);
> > @@ -292,6 +314,13 @@ static void test_config_create(void)
> >   	rc = uv_call(0, (uint64_t)&uvcb_cgc);
> >   	report(rc == 0 && uvcb_cgc.header.rc == UVC_RC_EXECUTED, "successful");
> >   
> > +	rc = access_check_3d((uint64_t *)uvcb_cgc.conf_var_stor_origin, vsize);
> > +	report(rc, "Base storage protection");
> > +
> > +	rc = access_check_3d((uint64_t *)uvcb_cgc.conf_base_stor_origin,
> > +			     uvcb_qui.conf_base_phys_stor_len);
> > +	report(rc, "Variable storage protection");
> > +
> >   	uvcb_cgc.header.rc = 0;
> >   	uvcb_cgc.header.rrc = 0;
> >   	tmp = uvcb_cgc.guest_handle;