Patch "KVM: s390: pv: add export before import" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    KVM: s390: pv: add export before import

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kvm-s390-pv-add-export-before-import.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 342e0e171ab722c50937ffc2a897fa50f9eb9bb2
Author: Claudio Imbrenda <imbrenda@xxxxxxxxxxxxx>
Date:   Tue Jun 28 15:56:07 2022 +0200

    KVM: s390: pv: add export before import
    
    [ Upstream commit 72b1daff2671cef2c8cccc6c4e52f8d5ce4ebe58 ]
    
    Due to upcoming changes, it will be possible to temporarily have
    multiple protected VMs in the same address space, although only one
    will be actually active.
    
    In that scenario, it is necessary to perform an export of every page
    that is to be imported, since the hardware does not allow a page
    belonging to a protected guest to be imported into a different
    protected guest.
    
    This also applies to pages that are shared, and thus accessible by the
    host.
    
    Signed-off-by: Claudio Imbrenda <imbrenda@xxxxxxxxxxxxx>
    Reviewed-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
    Link: https://lore.kernel.org/r/20220628135619.32410-7-imbrenda@xxxxxxxxxxxxx
    Message-Id: <20220628135619.32410-7-imbrenda@xxxxxxxxxxxxx>
    Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx>
    Stable-dep-of: 3f29f6537f54 ("s390/uv: Don't call folio_wait_writeback() without a folio reference")
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/arch/s390/kernel/uv.c b/arch/s390/kernel/uv.c
index 8b0e62507d62e..56bb0a4829770 100644
--- a/arch/s390/kernel/uv.c
+++ b/arch/s390/kernel/uv.c
@@ -234,6 +234,32 @@ static int make_secure_pte(pte_t *ptep, unsigned long addr,
 	return uvcb->rc == 0x10a ? -ENXIO : -EINVAL;
 }
 
+/**
+ * should_export_before_import - Determine whether an export is needed
+ * before an import-like operation
+ * @uvcb: the Ultravisor control block of the UVC to be performed
+ * @mm: the mm of the process
+ *
+ * Returns whether an export is needed before every import-like operation.
+ * This is needed for shared pages, which don't trigger a secure storage
+ * exception when accessed from a different guest.
+ *
+ * Although considered as one, the Unpin Page UVC is not an actual import,
+ * so it is not affected.
+ *
+ * No export is needed also when there is only one protected VM, because the
+ * page cannot belong to the wrong VM in that case (there is no "other VM"
+ * it can belong to).
+ *
+ * Return: true if an export is needed before every import, otherwise false.
+ */
+static bool should_export_before_import(struct uv_cb_header *uvcb, struct mm_struct *mm)
+{
+	if (uvcb->cmd == UVC_CMD_UNPIN_PAGE_SHARED)
+		return false;
+	return atomic_read(&mm->context.protected_count) > 1;
+}
+
 /*
  * Requests the Ultravisor to make a page accessible to a guest.
  * If it's brought in the first time, it will be cleared. If
@@ -277,6 +303,8 @@ int gmap_make_secure(struct gmap *gmap, unsigned long gaddr, void *uvcb)
 
 	lock_page(page);
 	ptep = get_locked_pte(gmap->mm, uaddr, &ptelock);
+	if (should_export_before_import(uvcb, gmap->mm))
+		uv_convert_from_secure(page_to_phys(page));
 	rc = make_secure_pte(ptep, uaddr, page, uvcb);
 	pte_unmap_unlock(ptep, ptelock);
 	unlock_page(page);




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux