On Thu, Dec 15, 2011 at 11:28:03AM +0100, Carsten Otte wrote:
> New version below. Changes:
> - __pmdp_for_addr and ptep_for_addr now take a vma as argument
> - check if a vma exists has moved to gmap_fault and kvm_s390_keyop
> - kvm_s390_keyop verifies that a vma is writable so that it's safe to
> set the SWC bit
oh.. cool.
[...]
> + spin_lock(¤t->mm->page_table_lock);
> + pgste = pgste_get_lock(ptep);
> +
> + switch (kop->operation) {
> + case KVM_S390_KEYOP_SSKE:
> + if (!(vma->vm_flags & (VM_WRITE | VM_MAYWRITE))) {
> + r = -EACCES;
> + break;
> + }
Why again is this needed? Or put in other words: what prevents a guest to
change the storage key contents via sske of a page that is mapped read-only
into the guest address space?
As far as I can see: nothing. Interestingly I could -in theory- do some nice
stuff like:
- map a file from a read-only filesystem (which doesn't have a writepage
aops function) into guest address space
- let the guest set the change bit in the storage key of a page that belongs
to that file mapping via sske
- watch the fun that happens when the host tries to write the page back
But of course I could be totally wrong ;)
This doesn't have to do anything with your patch, it's just that I think
you shouldn't check if the vma is writable or not. It doesn't matter.
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
