From: Paul Mackerras <paulus@samba.org> To: Alexander Graf <agraf@suse.de> Cc: kvm-ppc@vger.kernel.org, kvm@vger.kernel.org Subject: [PATCH 4/5] KVM: PPC: Book3S HV: Don't give the guest RW access to RO pages Date: Thu, 22 Nov 2012 20:28:41 +1100 [thread overview] Message-ID: <20121122092841.GE31117@bloggs.ozlabs.ibm.com> (raw) In-Reply-To: <20121122092442.GA31117@bloggs.ozlabs.ibm.com> Currently, if the guest does an H_PROTECT hcall requesting that the permissions on a HPT entry be changed to allow writing, we make the requested change even if the page is marked read-only in the host Linux page tables. This is a problem since it would for instance allow a guest to modify a page that KSM has decided can be shared between multiple guests. To fix this, if the new permissions for the page allow writing, we need to look up the memslot for the page, work out the host virtual address, and look up the Linux page tables to get the PTE for the page. If that PTE is read-only, we reduce the HPTE permissions to read-only. Signed-off-by: Paul Mackerras <paulus@samba.org> --- arch/powerpc/kvm/book3s_hv_rm_mmu.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/arch/powerpc/kvm/book3s_hv_rm_mmu.c b/arch/powerpc/kvm/book3s_hv_rm_mmu.c index 7e1f7e2..19c93ba 100644 --- a/arch/powerpc/kvm/book3s_hv_rm_mmu.c +++ b/arch/powerpc/kvm/book3s_hv_rm_mmu.c @@ -629,6 +629,28 @@ long kvmppc_h_protect(struct kvm_vcpu *vcpu, unsigned long flags, asm volatile("tlbiel %0" : : "r" (rb)); asm volatile("ptesync" : : : "memory"); } + /* + * If the host has this page as readonly but the guest + * wants to make it read/write, reduce the permissions. + * Checking the host permissions involves finding the + * memslot and then the Linux PTE for the page. + */ + if (hpte_is_writable(r) && kvm->arch.using_mmu_notifiers) { + unsigned long psize, gfn, hva; + struct kvm_memory_slot *memslot; + pgd_t *pgdir = vcpu->arch.pgdir; + pte_t pte; + + psize = hpte_page_size(v, r); + gfn = ((r & HPTE_R_RPN) & ~(psize - 1)) >> PAGE_SHIFT; + memslot = __gfn_to_memslot(kvm_memslots(kvm), gfn); + if (memslot) { + hva = __gfn_to_hva_memslot(memslot, gfn); + pte = lookup_linux_pte(pgdir, hva, 1, &psize); + if (pte_present(pte) && !pte_write(pte)) + r = hpte_make_readonly(r); + } + } } hpte[1] = r; eieio(); -- 1.7.10.rc3.219.g53414
WARNING: multiple messages have this Message-ID (diff)
From: Paul Mackerras <paulus@samba.org> To: Alexander Graf <agraf@suse.de> Cc: kvm-ppc@vger.kernel.org, kvm@vger.kernel.org Subject: [PATCH 4/5] KVM: PPC: Book3S HV: Don't give the guest RW access to RO pages Date: Thu, 22 Nov 2012 09:28:41 +0000 [thread overview] Message-ID: <20121122092841.GE31117@bloggs.ozlabs.ibm.com> (raw) In-Reply-To: <20121122092442.GA31117@bloggs.ozlabs.ibm.com> Currently, if the guest does an H_PROTECT hcall requesting that the permissions on a HPT entry be changed to allow writing, we make the requested change even if the page is marked read-only in the host Linux page tables. This is a problem since it would for instance allow a guest to modify a page that KSM has decided can be shared between multiple guests. To fix this, if the new permissions for the page allow writing, we need to look up the memslot for the page, work out the host virtual address, and look up the Linux page tables to get the PTE for the page. If that PTE is read-only, we reduce the HPTE permissions to read-only. Signed-off-by: Paul Mackerras <paulus@samba.org> --- arch/powerpc/kvm/book3s_hv_rm_mmu.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/arch/powerpc/kvm/book3s_hv_rm_mmu.c b/arch/powerpc/kvm/book3s_hv_rm_mmu.c index 7e1f7e2..19c93ba 100644 --- a/arch/powerpc/kvm/book3s_hv_rm_mmu.c +++ b/arch/powerpc/kvm/book3s_hv_rm_mmu.c @@ -629,6 +629,28 @@ long kvmppc_h_protect(struct kvm_vcpu *vcpu, unsigned long flags, asm volatile("tlbiel %0" : : "r" (rb)); asm volatile("ptesync" : : : "memory"); } + /* + * If the host has this page as readonly but the guest + * wants to make it read/write, reduce the permissions. + * Checking the host permissions involves finding the + * memslot and then the Linux PTE for the page. + */ + if (hpte_is_writable(r) && kvm->arch.using_mmu_notifiers) { + unsigned long psize, gfn, hva; + struct kvm_memory_slot *memslot; + pgd_t *pgdir = vcpu->arch.pgdir; + pte_t pte; + + psize = hpte_page_size(v, r); + gfn = ((r & HPTE_R_RPN) & ~(psize - 1)) >> PAGE_SHIFT; + memslot = __gfn_to_memslot(kvm_memslots(kvm), gfn); + if (memslot) { + hva = __gfn_to_hva_memslot(memslot, gfn); + pte = lookup_linux_pte(pgdir, hva, 1, &psize); + if (pte_present(pte) && !pte_write(pte)) + r = hpte_make_readonly(r); + } + } } hpte[1] = r; eieio(); -- 1.7.10.rc3.219.g53414
next prev parent reply other threads:[~2012-11-22 19:19 UTC|newest] Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-11-22 9:24 [PATCH 0/5] KVM: PPC: Fix various bugs and vulnerabilities in HV KVM Paul Mackerras 2012-11-22 9:24 ` Paul Mackerras 2012-11-22 9:25 ` [PATCH 1/5] KVM: PPC: Book3S HV: Handle guest-caused machine checks on POWER7 without panicking Paul Mackerras 2012-11-22 9:25 ` Paul Mackerras 2012-11-23 14:13 ` Alexander Graf 2012-11-23 14:13 ` Alexander Graf 2012-11-23 21:42 ` Paul Mackerras 2012-11-23 21:42 ` Paul Mackerras 2012-11-26 13:15 ` Alexander Graf 2012-11-26 13:15 ` Alexander Graf 2012-11-26 21:33 ` Paul Mackerras 2012-11-26 21:33 ` Paul Mackerras 2012-11-26 21:55 ` Alexander Graf 2012-11-26 21:55 ` Alexander Graf 2012-11-26 22:03 ` Alexander Graf 2012-11-26 22:03 ` Alexander Graf 2012-11-26 23:11 ` Paul Mackerras 2012-11-26 23:11 ` Paul Mackerras 2012-11-24 8:37 ` [PATCH v2] " Paul Mackerras 2012-11-24 8:37 ` Paul Mackerras 2012-11-26 23:16 ` Alexander Graf 2012-11-26 23:16 ` Alexander Graf 2012-11-26 23:18 ` Paul Mackerras 2012-11-26 23:18 ` Paul Mackerras 2012-11-26 23:20 ` Alexander Graf 2012-11-26 23:20 ` Alexander Graf 2012-11-27 0:20 ` Paul Mackerras 2012-11-27 0:20 ` Paul Mackerras 2012-12-22 14:09 ` [PATCH] KVM: PPC: Book3S HV: Fix compilation without CONFIG_PPC_POWERNV Andreas Schwab 2012-12-22 14:09 ` Andreas Schwab 2013-01-06 13:05 ` Alexander Graf 2013-01-06 13:05 ` Alexander Graf 2012-11-22 9:27 ` [PATCH 2/5] KVM: PPC: Book3S HV: Reset reverse-map chains when resetting the HPT Paul Mackerras 2012-11-22 9:27 ` Paul Mackerras 2012-11-22 9:28 ` [PATCH 3/5] KVM: PPC: Book3S HV: Improve handling of local vs. global TLB invalidations Paul Mackerras 2012-11-22 9:28 ` Paul Mackerras 2012-11-23 15:43 ` Alexander Graf 2012-11-23 15:43 ` Alexander Graf 2012-11-23 22:07 ` Paul Mackerras 2012-11-23 22:07 ` Paul Mackerras 2012-11-26 13:10 ` Alexander Graf 2012-11-26 13:10 ` Alexander Graf 2012-11-26 21:48 ` Paul Mackerras 2012-11-26 21:48 ` Paul Mackerras 2012-11-26 22:03 ` Alexander Graf 2012-11-26 22:03 ` Alexander Graf 2012-11-26 23:16 ` Paul Mackerras 2012-11-26 23:16 ` Paul Mackerras 2012-11-26 23:18 ` Alexander Graf 2012-11-26 23:18 ` Alexander Graf 2012-11-22 9:28 ` Paul Mackerras [this message] 2012-11-22 9:28 ` [PATCH 4/5] KVM: PPC: Book3S HV: Don't give the guest RW access to RO pages Paul Mackerras 2012-11-23 15:47 ` Alexander Graf 2012-11-23 15:47 ` Alexander Graf 2012-11-23 22:13 ` Paul Mackerras 2012-11-23 22:13 ` Paul Mackerras 2012-11-24 9:05 ` Alexander Graf 2012-11-24 9:05 ` Alexander Graf 2012-11-24 9:32 ` Paul Mackerras 2012-11-24 9:32 ` Paul Mackerras 2012-11-26 13:09 ` Alexander Graf 2012-11-26 13:09 ` Alexander Graf 2012-11-22 9:29 ` [PATCH 5/5] KVM: PPC: Book3S HV: Report correct HPT entry index when reading HPT Paul Mackerras 2012-11-22 9:29 ` Paul Mackerras 2012-11-23 15:48 ` [PATCH 0/5] KVM: PPC: Fix various bugs and vulnerabilities in HV KVM Alexander Graf 2012-11-23 15:48 ` Alexander Graf
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20121122092841.GE31117@bloggs.ozlabs.ibm.com \ --to=paulus@samba.org \ --cc=agraf@suse.de \ --cc=kvm-ppc@vger.kernel.org \ --cc=kvm@vger.kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.