From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
To: "kevin.brodsky@arm.com" <kevin.brodsky@arm.com>,
"linux-hardening@vger.kernel.org"
<linux-hardening@vger.kernel.org>
Cc: "maz@kernel.org" <maz@kernel.org>,
"luto@kernel.org" <luto@kernel.org>,
"willy@infradead.org" <willy@infradead.org>,
"mbland@motorola.com" <mbland@motorola.com>,
"david@redhat.com" <david@redhat.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"rppt@kernel.org" <rppt@kernel.org>,
"joey.gouly@arm.com" <joey.gouly@arm.com>,
"akpm@linux-foundation.org" <akpm@linux-foundation.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"catalin.marinas@arm.com" <catalin.marinas@arm.com>,
"Weiny, Ira" <ira.weiny@intel.com>,
"vbabka@suse.cz" <vbabka@suse.cz>,
"pierre.langlois@arm.com" <pierre.langlois@arm.com>,
"jeffxu@chromium.org" <jeffxu@chromium.org>,
"linus.walleij@linaro.org" <linus.walleij@linaro.org>,
"lorenzo.stoakes@oracle.com" <lorenzo.stoakes@oracle.com>,
"kees@kernel.org" <kees@kernel.org>,
"ryan.roberts@arm.com" <ryan.roberts@arm.com>,
"tglx@linutronix.de" <tglx@linutronix.de>,
"jannh@google.com" <jannh@google.com>,
"peterz@infradead.org" <peterz@infradead.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
"will@kernel.org" <will@kernel.org>,
"qperret@google.com" <qperret@google.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"broonie@kernel.org" <broonie@kernel.org>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: [RFC PATCH v5 13/18] mm: Map page tables with privileged pkey
Date: Fri, 15 Aug 2025 16:37:29 +0000 [thread overview]
Message-ID: <616011cf17f1654ac3ad8757f0f33425b3af1ddd.camel@intel.com> (raw)
In-Reply-To: <20250815085512.2182322-14-kevin.brodsky@arm.com>
On Fri, 2025-08-15 at 09:55 +0100, Kevin Brodsky wrote:
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index d9371d992033..4880cb7a4cb9 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -34,6 +34,7 @@
> #include <linux/slab.h>
> #include <linux/cacheinfo.h>
> #include <linux/rcuwait.h>
> +#include <linux/kpkeys.h>
>
> struct mempolicy;
> struct anon_vma;
> @@ -2979,6 +2980,8 @@ static inline bool __pagetable_ctor(struct ptdesc *ptdesc)
>
> __folio_set_pgtable(folio);
> lruvec_stat_add_folio(folio, NR_PAGETABLE);
> + if (kpkeys_protect_pgtable_memory(folio))
> + return false;
> return true;
> }
It seems like this does a kernel range shootdown for every page table that gets
allocated? If so it throws a pretty big wrench into the carefully managed TLB
flush minimization logic in the kernel.
Obviously this is much more straightforward then the x86 series' page table
conversion batching stuff, but TBH I was worried that even that was going to
have a performance hit. I think how to efficiently do direct map permissions is
the key technical problem to solve for pkeys security usages. They can switch on
and off fast, but applying the key is just as much of a hit as any other kernel
memory permission. (I assume this works the similarly to x86's?)
next prev parent reply other threads:[~2025-08-15 18:17 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-15 8:54 [RFC PATCH v5 00/18] pkeys-based page table hardening Kevin Brodsky
2025-08-15 8:54 ` [RFC PATCH v5 01/18] mm: Introduce kpkeys Kevin Brodsky
2025-08-15 8:54 ` [RFC PATCH v5 02/18] set_memory: Introduce set_memory_pkey() stub Kevin Brodsky
2025-08-15 8:54 ` [RFC PATCH v5 03/18] arm64: mm: Enable overlays for all EL1 indirect permissions Kevin Brodsky
2025-08-15 8:54 ` [RFC PATCH v5 04/18] arm64: Introduce por_elx_set_pkey_perms() helper Kevin Brodsky
2025-08-15 8:54 ` [RFC PATCH v5 05/18] arm64: Implement asm/kpkeys.h using POE Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 06/18] arm64: set_memory: Implement set_memory_pkey() Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 07/18] arm64: Reset POR_EL1 on exception entry Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 08/18] arm64: Context-switch POR_EL1 Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 09/18] arm64: Enable kpkeys Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 10/18] mm: Introduce kernel_pgtables_set_pkey() Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 11/18] mm: Introduce kpkeys_hardened_pgtables Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 12/18] mm: Allow __pagetable_ctor() to fail Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 13/18] mm: Map page tables with privileged pkey Kevin Brodsky
2025-08-15 16:37 ` Edgecombe, Rick P [this message]
2025-08-18 16:02 ` Kevin Brodsky
2025-08-18 17:01 ` Edgecombe, Rick P
2025-08-19 9:35 ` Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 14/18] arm64: kpkeys: Support KPKEYS_LVL_PGTABLES Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 15/18] arm64: mm: Guard page table writes with kpkeys Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 16/18] arm64: Enable kpkeys_hardened_pgtables support Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 17/18] mm: Add basic tests for kpkeys_hardened_pgtables Kevin Brodsky
2025-08-15 8:55 ` [RFC PATCH v5 18/18] arm64: mm: Batch kpkeys level switches Kevin Brodsky
2025-08-20 15:53 ` [RFC PATCH v5 00/18] pkeys-based page table hardening Kevin Brodsky
2025-08-20 16:01 ` Kevin Brodsky
2025-08-20 16:18 ` Edgecombe, Rick P
2025-08-21 7:23 ` Kevin Brodsky
2025-08-21 17:29 ` Yang Shi
2025-08-25 7:31 ` Kevin Brodsky
2025-08-26 19:18 ` Yang Shi
2025-08-27 16:09 ` Kevin Brodsky
2025-08-29 22:31 ` Yang Shi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=616011cf17f1654ac3ad8757f0f33425b3af1ddd.camel@intel.com \
--to=rick.p.edgecombe@intel.com \
--cc=akpm@linux-foundation.org \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=ira.weiny@intel.com \
--cc=jannh@google.com \
--cc=jeffxu@chromium.org \
--cc=joey.gouly@arm.com \
--cc=kees@kernel.org \
--cc=kevin.brodsky@arm.com \
--cc=linus.walleij@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=luto@kernel.org \
--cc=maz@kernel.org \
--cc=mbland@motorola.com \
--cc=peterz@infradead.org \
--cc=pierre.langlois@arm.com \
--cc=qperret@google.com \
--cc=rppt@kernel.org \
--cc=ryan.roberts@arm.com \
--cc=tglx@linutronix.de \
--cc=vbabka@suse.cz \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).