linux-arm-kernel.lists.infradead.org archive mirror
 help / color / mirror / Atom feed
From: Joey Gouly <joey.gouly@arm.com>
To: <linux-arm-kernel@lists.infradead.org>
Cc: <nd@arm.com>, <broonie@kernel.org>, <catalin.marinas@arm.com>,
	<james.morse@arm.com>, <joey.gouly@arm.com>,
	<mark.rutland@arm.com>, <maz@kernel.org>,
	<oliver.upton@linux.dev>, <suzuki.poulose@arm.com>,
	<will@kernel.org>, <yuzenghui@huawei.com>
Subject: [PATCH v2 00/19] Permission Indirection Extension
Date: Thu, 13 Apr 2023 12:04:54 +0100	[thread overview]
Message-ID: <20230413110513.243326-1-joey.gouly@arm.com> (raw)

Hi all,

This series implements the Permission Indirection Extension introduced in 2022
VMSA enhancements [1].

Changes since v1 [2]:
	- Renamed PIRx_ELx_PERMIDX and reversed the arguments
	- Added new registers to get-reg-list selftest
	- Added booting requirements
	- Add TCR2_EL2 and PIR_EL2 registers
	- Collected review tags
	- Rebased onto arm64/for-next/core (b2ad9d4e249), to get Mark Brown's
	  HFG* register commit.

The Permission Indirection Extension is a new way to set memory permissions.
Instead of directly encoding the permission in the Page Table Entry (PTE),
fields in the PTEs are used to index into an array of permissions specified in
a register. This indirection provides greater flexibility, greater encoding
density and enables the representation of new permissions.

The PTEs bit that are repurposed for use with permission indirection are:
	54 PTE_UXN
	53 PTE_PXN
	51 PTE_DBM
	6 PTE_USER

The way that PIE is implemented in this patchset is that the encodings are
picked such that they match how Linux currently sets the bits in the PTEs, so
none of the page table handling has changed. This means this patchset keeps the
same functionality as currently implemented, but allows for future expansion.

Enabling PIE is also a prerequisite for implementing the Guarded Control Stack
Extension (GCS).

Another related extension is the Permission Overlay Extension, which is not
covered by this patch set, but is mentioned in patch 5 as half of PIE encoding
values apply an overlay. However, since overlays are not currently enabled, they
act as all the other permissions do.

This first few patches are adding the new system registers, and cpufeature
capabilities. Then KVM support for save/restore of the new registers is added.
Finally the new Permission Indirection registers are set and the new feature is
enabled.

Kristina's series [3] changes how HCRX_EL2 is handled, so there will be need to be
some minor changes, depending on which series goes in first.

Thanks,
Joey

Joey Gouly (19):
  arm64/sysreg: Add ID register ID_AA64MMFR3
  arm64/sysreg: add system registers TCR2_ELx
  arm64/sysreg: update HCRX_EL2 register
  arm64/sysreg: add PIR*_ELx registers
  arm64: cpufeature: add system register ID_AA64MMFR3
  arm64: cpufeature: add TCR2 cpucap
  arm64: cpufeature: add Permission Indirection Extension cpucap
  KVM: arm64: Save/restore TCR2_EL1
  KVM: arm64: Save/restore PIE registers
  KVM: arm64: expose ID_AA64MMFR3_EL1 to guests
  arm64: add PTE_UXN/PTE_WRITE to SWAPPER_*_FLAGS
  arm64: add PTE_WRITE to PROT_SECT_NORMAL
  arm64: reorganise PAGE_/PROT_ macros
  arm64: disable EL2 traps for PIE
  arm64: add encodings of PIRx_ELx registers
  arm64: enable Permission Indirection Extension (PIE)
  arm64: transfer permission indirection settings to EL2
  arm64: Document boot requirements for PIE
  KVM: selftests: get-reg-list: add Permission Indirection registers

 Documentation/arm64/booting.rst               |  26 +++
 arch/arm64/include/asm/cpu.h                  |   1 +
 arch/arm64/include/asm/el2_setup.h            |  23 ++-
 arch/arm64/include/asm/kernel-pgtable.h       |   4 +-
 arch/arm64/include/asm/kvm_host.h             |   5 +
 arch/arm64/include/asm/pgtable-hwdef.h        |   8 +
 arch/arm64/include/asm/pgtable-prot.h         |  96 ++++++++---
 arch/arm64/include/asm/sysreg.h               |  19 +++
 arch/arm64/kernel/cpufeature.c                |  32 ++++
 arch/arm64/kernel/cpuinfo.c                   |   1 +
 arch/arm64/kernel/head.S                      |   8 +-
 arch/arm64/kernel/hyp-stub.S                  |  18 ++
 arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h    |  12 ++
 arch/arm64/kvm/sys_regs.c                     |   5 +-
 arch/arm64/mm/proc.S                          |  17 +-
 arch/arm64/tools/cpucaps                      |   2 +
 arch/arm64/tools/sysreg                       | 159 +++++++++++++++++-
 .../selftests/kvm/aarch64/get-reg-list.c      |   5 +-
 18 files changed, 402 insertions(+), 39 deletions(-)

-- 
2.25.1


_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

             reply	other threads:[~2023-04-13 11:06 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-13 11:04 Joey Gouly [this message]
2023-04-13 11:04 ` [PATCH v2 01/19] arm64/sysreg: Add ID register ID_AA64MMFR3 Joey Gouly
2023-04-13 11:14   ` Mark Brown
2023-04-13 11:25     ` Joey Gouly
2023-04-13 16:13   ` Catalin Marinas
2023-04-13 11:04 ` [PATCH v2 02/19] arm64/sysreg: add system registers TCR2_ELx Joey Gouly
2023-04-13 16:14   ` Catalin Marinas
2023-04-13 11:04 ` [PATCH v2 03/19] arm64/sysreg: update HCRX_EL2 register Joey Gouly
2023-04-13 11:20   ` Mark Brown
2023-04-13 16:14   ` Catalin Marinas
2023-04-13 11:04 ` [PATCH v2 04/19] arm64/sysreg: add PIR*_ELx registers Joey Gouly
2023-04-13 16:15   ` Catalin Marinas
2023-04-13 11:04 ` [PATCH v2 05/19] arm64: cpufeature: add system register ID_AA64MMFR3 Joey Gouly
2023-04-13 11:05 ` [PATCH v2 06/19] arm64: cpufeature: add TCR2 cpucap Joey Gouly
2023-04-13 11:25   ` Mark Brown
2023-04-13 11:05 ` [PATCH v2 07/19] arm64: cpufeature: add Permission Indirection Extension cpucap Joey Gouly
2023-04-13 11:30   ` Mark Brown
2023-04-13 11:05 ` [PATCH v2 08/19] KVM: arm64: Save/restore TCR2_EL1 Joey Gouly
2023-04-20  9:13   ` Marc Zyngier
2023-04-20 14:11     ` Joey Gouly
2023-04-13 11:05 ` [PATCH v2 09/19] KVM: arm64: Save/restore PIE registers Joey Gouly
2023-04-20  8:36   ` Marc Zyngier
2023-04-13 11:05 ` [PATCH v2 10/19] KVM: arm64: expose ID_AA64MMFR3_EL1 to guests Joey Gouly
2023-04-13 16:15   ` Catalin Marinas
2023-04-13 11:05 ` [PATCH v2 11/19] arm64: add PTE_UXN/PTE_WRITE to SWAPPER_*_FLAGS Joey Gouly
2023-04-13 16:35   ` Catalin Marinas
2023-04-20 15:29     ` Joey Gouly
2023-04-21  7:52       ` Catalin Marinas
2023-04-13 11:05 ` [PATCH v2 12/19] arm64: add PTE_WRITE to PROT_SECT_NORMAL Joey Gouly
2023-04-13 11:05 ` [PATCH v2 13/19] arm64: reorganise PAGE_/PROT_ macros Joey Gouly
2023-04-13 11:05 ` [PATCH v2 14/19] arm64: disable EL2 traps for PIE Joey Gouly
2023-04-13 16:42   ` Catalin Marinas
2023-04-13 11:05 ` [PATCH v2 15/19] arm64: add encodings of PIRx_ELx registers Joey Gouly
2023-04-18 14:02   ` Mark Brown
2023-04-13 11:05 ` [PATCH v2 16/19] arm64: enable Permission Indirection Extension (PIE) Joey Gouly
2023-04-13 11:05 ` [PATCH v2 17/19] arm64: transfer permission indirection settings to EL2 Joey Gouly
2023-04-13 11:05 ` [PATCH v2 18/19] arm64: Document boot requirements for PIE Joey Gouly
2023-04-13 11:45   ` Mark Brown
2023-04-13 16:45   ` Catalin Marinas
2023-04-13 11:05 ` [PATCH v2 19/19] KVM: selftests: get-reg-list: add Permission Indirection registers Joey Gouly
2023-04-13 16:43   ` Catalin Marinas
2023-04-13 18:04   ` Mark Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230413110513.243326-1-joey.gouly@arm.com \
    --to=joey.gouly@arm.com \
    --cc=broonie@kernel.org \
    --cc=catalin.marinas@arm.com \
    --cc=james.morse@arm.com \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=mark.rutland@arm.com \
    --cc=maz@kernel.org \
    --cc=nd@arm.com \
    --cc=oliver.upton@linux.dev \
    --cc=suzuki.poulose@arm.com \
    --cc=will@kernel.org \
    --cc=yuzenghui@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).