From: Christian Borntraeger <borntraeger@de.ibm.com>
To: Janosch Frank <frankja@linux.ibm.com>, linux-kernel@vger.kernel.org
Cc: kvm@vger.kernel.org, thuth@redhat.com, david@redhat.com,
imbrenda@linux.ibm.com, cohuck@redhat.com,
linux-s390@vger.kernel.org, gor@linux.ibm.com,
mihajlov@linux.ibm.com
Subject: Re: [PATCH 2/2] s390: mm: Fix secure storage access exception handling
Date: Tue, 19 Jan 2021 11:25:01 +0100 [thread overview]
Message-ID: <3e1978c6-4462-1de6-e1aa-e664ffa633c1@de.ibm.com> (raw)
In-Reply-To: <20210119100402.84734-3-frankja@linux.ibm.com>
On 19.01.21 11:04, Janosch Frank wrote:
> Turns out that the bit 61 in the TEID is not always 1 and if that's
> the case the address space ID and the address are
> unpredictable. Without an address and it's address space ID we can't
> export memory and hence we can only send a SIGSEGV to the process or
> panic the kernel depending on who caused the exception.
>
> Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
> Fixes: 084ea4d611a3d ("s390/mm: add (non)secure page access exceptions handlers")
> Cc: stable@vger.kernel.org
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
some small things to consider (or to reject)
> ---
> arch/s390/mm/fault.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c
> index e30c7c781172..5442937e5b4b 100644
> --- a/arch/s390/mm/fault.c
> +++ b/arch/s390/mm/fault.c
> @@ -791,6 +791,20 @@ void do_secure_storage_access(struct pt_regs *regs)
> struct page *page;
> int rc;
>
> + /* There are cases where we don't have a TEID. */
> + if (!(regs->int_parm_long & 0x4)) {
> + /*
> + * Userspace could for example try to execute secure
> + * storage and trigger this. We should tell it that it
> + * shouldn't do that.
Maybe something like
/*
* when this happens, userspace did something that it
* was not supposed to do, e.g. branching into secure
* secure memory. Trigger a segmentation fault.
> + */
> + if (user_mode(regs)) {
> + send_sig(SIGSEGV, current, 0);
> + return;
> + } else
> + panic("Unexpected PGM 0x3d with TEID bit 61=0");
use BUG instead of panic? That would kill this process, but it allows
people to maybe save unaffected data.
next prev parent reply other threads:[~2021-01-19 14:52 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-19 10:04 [PATCH 0/2] s390: uv: small UV fixes Janosch Frank
2021-01-19 10:04 ` [PATCH 1/2] s390: uv: Fix sysfs max number of VCPUs reporting Janosch Frank
2021-01-19 10:11 ` Christian Borntraeger
2021-01-19 10:15 ` Janosch Frank
2021-01-19 10:19 ` Christian Borntraeger
2021-01-19 13:11 ` Claudio Imbrenda
2021-01-19 16:19 ` Cornelia Huck
2021-01-19 10:04 ` [PATCH 2/2] s390: mm: Fix secure storage access exception handling Janosch Frank
2021-01-19 10:25 ` Christian Borntraeger [this message]
2021-01-19 10:38 ` Janosch Frank
2021-01-19 16:24 ` Cornelia Huck
2021-01-20 13:42 ` Heiko Carstens
2021-01-20 14:39 ` Christian Borntraeger
2021-01-20 15:24 ` Heiko Carstens
2021-01-19 13:09 ` Claudio Imbrenda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3e1978c6-4462-1de6-e1aa-e664ffa633c1@de.ibm.com \
--to=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=gor@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mihajlov@linux.ibm.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).