From: Joey Gouly <joey.gouly@arm.com>
To: linux-arm-kernel@lists.infradead.org
Cc: nd@arm.com, akpm@linux-foundation.org, aneesh.kumar@kernel.org,
aneesh.kumar@linux.ibm.com, anshuman.khandual@arm.com,
bp@alien8.de, broonie@kernel.org, catalin.marinas@arm.com,
christophe.leroy@csgroup.eu, dave.hansen@linux.intel.com,
hpa@zytor.com, joey.gouly@arm.com, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org,
maz@kernel.org, mingo@redhat.com, mpe@ellerman.id.au,
naveen.n.rao@linux.ibm.com, npiggin@gmail.com,
oliver.upton@linux.dev, shuah@kernel.org,
skhan@linuxfoundation.org, szabolcs.nagy@arm.com,
tglx@linutronix.de, will@kernel.org, x86@kernel.org,
kvmarm@lists.linux.dev, linux-kselftest@vger.kernel.org
Subject: [PATCH v5 00/30] Permission Overlay Extension
Date: Thu, 22 Aug 2024 16:10:43 +0100 [thread overview]
Message-ID: <20240822151113.1479789-1-joey.gouly@arm.com> (raw)
Hi all,
This series implements the Permission Overlay Extension introduced in 2022
VMSA enhancements [1]. It is based on v6.11-rc4.
Changes since v4[2]:
- Added Acks and R-bs, thanks!
- KVM:
- Move POR_EL{0,1} handling inside TCR_EL2 blocks
- Add visibility functions for registers [4]
- Make ID_AA64MMFR3_EL1 writable
- use system_supports_poe() more consistently
- use BIT instead of hex constants
- fix off-by-one in arch_max_pkey() macro
- add PKEY_DISABLE_EXECUTE and PKEY_DISABLE_READ
- Update some comments and commit messages.
- No change to when we save/restore POR_EL0 for signals!
Conflicts with GCS:
- Uses the same (last) bit in HWCAP2
- Uses the same VM_HIGH_ARCH_5
Conflicts with arm64 KVM:
- Maz has taken patch 8 into one of his own series
- I have taken and modified a patch from Maz (patch 9)
The Permission Overlay Extension allows to constrain permissions on memory
regions. This can be used from userspace (EL0) without a system call or TLB
invalidation.
POE is used to implement the Memory Protection Keys [3] Linux syscall.
The first few patches add the basic framework, then the PKEYS interface is
implemented, and then the selftests are made to work on arm64.
I have tested the modified protection_keys test on x86_64, but not PPC.
I haven't build tested the x86/ppc arch changes.
Thanks,
Joey
[1] https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/arm-a-profile-architecture-2022
[2] https://lore.kernel.org/linux-arm-kernel/20240503130147.1154804-1-joey.gouly@arm.com/
[3] Documentation/core-api/protection-keys.rst
[4] https://lore.kernel.org/linux-arm-kernel/20240806-kvm-arm64-get-reg-list-v2-0-1d3fbc7b6844@kernel.org/
Joey Gouly (30):
powerpc/mm: add ARCH_PKEY_BITS to Kconfig
x86/mm: add ARCH_PKEY_BITS to Kconfig
mm: use ARCH_PKEY_BITS to define VM_PKEY_BITN
arm64: disable trapping of POR_EL0 to EL2
arm64: cpufeature: add Permission Overlay Extension cpucap
arm64: context switch POR_EL0 register
KVM: arm64: Save/restore POE registers
KVM: arm64: make kvm_at() take an OP_AT_*
KVM: arm64: use `at s1e1a` for POE
KVM: arm64: Sanitise ID_AA64MMFR3_EL1
arm64: enable the Permission Overlay Extension for EL0
arm64: re-order MTE VM_ flags
arm64: add POIndex defines
arm64: convert protection key into vm_flags and pgprot values
arm64: mask out POIndex when modifying a PTE
arm64: handle PKEY/POE faults
arm64: add pte_access_permitted_no_overlay()
arm64: implement PKEYS support
arm64: add POE signal support
arm64/ptrace: add support for FEAT_POE
arm64: enable POE and PIE to coexist
arm64: enable PKEY support for CPUs with S1POE
arm64: add Permission Overlay Extension Kconfig
kselftest/arm64: move get_header()
selftests: mm: move fpregs printing
selftests: mm: make protection_keys test work on arm64
kselftest/arm64: add HWCAP test for FEAT_S1POE
kselftest/arm64: parse POE_MAGIC in a signal frame
kselftest/arm64: Add test case for POR_EL0 signal frame records
KVM: selftests: get-reg-list: add Permission Overlay registers
Documentation/arch/arm64/elf_hwcaps.rst | 2 +
arch/arm64/Kconfig | 23 +++
arch/arm64/include/asm/cpufeature.h | 6 +
arch/arm64/include/asm/el2_setup.h | 10 +-
arch/arm64/include/asm/hwcap.h | 1 +
arch/arm64/include/asm/kvm_asm.h | 3 +-
arch/arm64/include/asm/kvm_host.h | 4 +
arch/arm64/include/asm/mman.h | 10 +-
arch/arm64/include/asm/mmu.h | 1 +
arch/arm64/include/asm/mmu_context.h | 46 +++++-
arch/arm64/include/asm/pgtable-hwdef.h | 10 ++
arch/arm64/include/asm/pgtable-prot.h | 8 +-
arch/arm64/include/asm/pgtable.h | 34 ++++-
arch/arm64/include/asm/pkeys.h | 108 ++++++++++++++
arch/arm64/include/asm/por.h | 33 +++++
arch/arm64/include/asm/processor.h | 1 +
arch/arm64/include/asm/sysreg.h | 3 +
arch/arm64/include/asm/traps.h | 1 +
arch/arm64/include/asm/vncr_mapping.h | 1 +
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/include/uapi/asm/mman.h | 9 ++
arch/arm64/include/uapi/asm/sigcontext.h | 7 +
arch/arm64/kernel/cpufeature.c | 23 +++
arch/arm64/kernel/cpuinfo.c | 1 +
arch/arm64/kernel/process.c | 28 ++++
arch/arm64/kernel/ptrace.c | 46 ++++++
arch/arm64/kernel/signal.c | 62 ++++++++
arch/arm64/kernel/traps.c | 6 +
arch/arm64/kvm/hyp/include/hyp/fault.h | 5 +-
arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 27 ++++
arch/arm64/kvm/sys_regs.c | 25 +++-
arch/arm64/mm/fault.c | 55 ++++++-
arch/arm64/mm/mmap.c | 11 ++
arch/arm64/mm/mmu.c | 45 ++++++
arch/arm64/tools/cpucaps | 1 +
arch/powerpc/Kconfig | 4 +
arch/x86/Kconfig | 4 +
fs/proc/task_mmu.c | 2 +
include/linux/mm.h | 20 ++-
include/uapi/linux/elf.h | 1 +
tools/testing/selftests/arm64/abi/hwcap.c | 14 ++
.../testing/selftests/arm64/signal/.gitignore | 1 +
.../arm64/signal/testcases/poe_siginfo.c | 86 +++++++++++
.../arm64/signal/testcases/testcases.c | 27 +---
.../arm64/signal/testcases/testcases.h | 28 +++-
.../selftests/kvm/aarch64/get-reg-list.c | 14 ++
tools/testing/selftests/mm/Makefile | 2 +-
tools/testing/selftests/mm/pkey-arm64.h | 139 ++++++++++++++++++
tools/testing/selftests/mm/pkey-helpers.h | 8 +
tools/testing/selftests/mm/pkey-powerpc.h | 3 +
tools/testing/selftests/mm/pkey-x86.h | 4 +
tools/testing/selftests/mm/protection_keys.c | 109 ++++++++++++--
52 files changed, 1060 insertions(+), 63 deletions(-)
create mode 100644 arch/arm64/include/asm/pkeys.h
create mode 100644 arch/arm64/include/asm/por.h
create mode 100644 tools/testing/selftests/arm64/signal/testcases/poe_siginfo.c
create mode 100644 tools/testing/selftests/mm/pkey-arm64.h
--
2.25.1
next reply other threads:[~2024-08-22 15:11 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-22 15:10 Joey Gouly [this message]
2024-08-22 15:10 ` [PATCH v5 01/30] powerpc/mm: add ARCH_PKEY_BITS to Kconfig Joey Gouly
2024-08-22 15:10 ` [PATCH v5 02/30] x86/mm: " Joey Gouly
2024-08-22 15:10 ` [PATCH v5 03/30] mm: use ARCH_PKEY_BITS to define VM_PKEY_BITN Joey Gouly
2024-08-22 15:10 ` [PATCH v5 04/30] arm64: disable trapping of POR_EL0 to EL2 Joey Gouly
2024-08-23 13:42 ` Will Deacon
2024-08-22 15:10 ` [PATCH v5 05/30] arm64: cpufeature: add Permission Overlay Extension cpucap Joey Gouly
2024-08-22 15:10 ` [PATCH v5 06/30] arm64: context switch POR_EL0 register Joey Gouly
2024-08-23 14:45 ` Will Deacon
2024-08-23 16:41 ` Catalin Marinas
2024-08-23 17:08 ` Will Deacon
2024-08-23 18:40 ` Catalin Marinas
2024-08-27 11:38 ` Will Deacon
2024-09-02 19:08 ` Catalin Marinas
2024-09-03 14:54 ` Joey Gouly
2024-09-04 10:22 ` Will Deacon
2024-09-04 11:32 ` Joey Gouly
2024-09-04 11:43 ` Will Deacon
2024-09-04 12:55 ` Joey Gouly
2024-09-04 16:17 ` Will Deacon
2024-09-04 17:05 ` Marc Zyngier
2024-09-05 10:36 ` Joey Gouly
2024-09-04 11:38 ` Catalin Marinas
2024-09-11 15:01 ` Kevin Brodsky
2024-09-11 15:33 ` Dave Hansen
2024-09-12 10:50 ` Will Deacon
2024-09-12 12:48 ` Joey Gouly
2024-09-13 15:14 ` Will Deacon
2024-09-22 5:49 ` Aneesh Kumar K.V
2024-08-22 15:10 ` [PATCH v5 07/30] KVM: arm64: Save/restore POE registers Joey Gouly
2024-08-22 15:10 ` [PATCH v5 08/30] KVM: arm64: make kvm_at() take an OP_AT_* Joey Gouly
2024-08-23 13:48 ` Will Deacon
2024-08-23 14:24 ` Marc Zyngier
2024-08-30 8:01 ` Marc Zyngier
2024-08-30 9:05 ` Will Deacon
2024-08-30 11:58 ` Marc Zyngier
2024-08-30 9:25 ` Will Deacon
2024-08-30 11:23 ` Marc Zyngier
2024-08-30 11:35 ` Joey Gouly
2024-08-22 15:10 ` [PATCH v5 09/30] KVM: arm64: use `at s1e1a` for POE Joey Gouly
2024-08-22 15:10 ` [PATCH v5 10/30] KVM: arm64: Sanitise ID_AA64MMFR3_EL1 Joey Gouly
2024-08-22 15:10 ` [PATCH v5 11/30] arm64: enable the Permission Overlay Extension for EL0 Joey Gouly
2024-08-22 15:10 ` [PATCH v5 12/30] arm64: re-order MTE VM_ flags Joey Gouly
2024-08-22 15:10 ` [PATCH v5 13/30] arm64: add POIndex defines Joey Gouly
2024-08-22 15:10 ` [PATCH v5 14/30] arm64: convert protection key into vm_flags and pgprot values Joey Gouly
2024-08-22 15:10 ` [PATCH v5 15/30] arm64: mask out POIndex when modifying a PTE Joey Gouly
2024-08-22 15:10 ` [PATCH v5 16/30] arm64: handle PKEY/POE faults Joey Gouly
2024-08-29 17:55 ` Mark Brown
2024-09-03 14:50 ` Joey Gouly
2024-09-03 15:29 ` Joey Gouly
2024-08-22 15:11 ` [PATCH v5 17/30] arm64: add pte_access_permitted_no_overlay() Joey Gouly
2024-08-22 15:11 ` [PATCH v5 18/30] arm64: implement PKEYS support Joey Gouly
2024-08-22 15:11 ` [PATCH v5 19/30] arm64: add POE signal support Joey Gouly
2024-09-24 11:27 ` Kevin Brodsky
2024-09-24 15:04 ` Dave Martin
2024-10-09 14:43 ` Will Deacon
2024-10-14 17:10 ` Will Deacon
2024-10-15 9:59 ` Joey Gouly
2024-10-15 11:37 ` Mark Brown
2024-10-15 11:41 ` Will Deacon
2024-10-15 12:25 ` Joey Gouly
2024-10-15 13:26 ` Mark Brown
2024-10-17 7:44 ` Kevin Brodsky
2024-10-15 13:39 ` Dave Martin
2024-10-15 15:01 ` Catalin Marinas
2024-10-17 14:00 ` Kevin Brodsky
2024-08-22 15:11 ` [PATCH v5 20/30] arm64/ptrace: add support for FEAT_POE Joey Gouly
2024-08-22 15:11 ` [PATCH v5 21/30] arm64: enable POE and PIE to coexist Joey Gouly
2024-08-22 15:11 ` [PATCH v5 22/30] arm64: enable PKEY support for CPUs with S1POE Joey Gouly
2024-08-22 15:11 ` [PATCH v5 23/30] arm64: add Permission Overlay Extension Kconfig Joey Gouly
2024-08-22 15:11 ` [PATCH v5 24/30] kselftest/arm64: move get_header() Joey Gouly
2024-08-22 15:11 ` [PATCH v5 25/30] selftests: mm: move fpregs printing Joey Gouly
2024-08-22 15:11 ` [PATCH v5 26/30] selftests: mm: make protection_keys test work on arm64 Joey Gouly
2024-08-22 15:11 ` [PATCH v5 27/30] kselftest/arm64: add HWCAP test for FEAT_S1POE Joey Gouly
2024-08-22 15:11 ` [PATCH v5 28/30] kselftest/arm64: parse POE_MAGIC in a signal frame Joey Gouly
2024-08-22 15:11 ` [PATCH v5 29/30] kselftest/arm64: Add test case for POR_EL0 signal frame records Joey Gouly
2024-08-22 15:11 ` [PATCH v5 30/30] KVM: selftests: get-reg-list: add Permission Overlay registers Joey Gouly
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240822151113.1479789-1-joey.gouly@arm.com \
--to=joey.gouly@arm.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@kernel.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=anshuman.khandual@arm.com \
--cc=bp@alien8.de \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=christophe.leroy@csgroup.eu \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=maz@kernel.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=naveen.n.rao@linux.ibm.com \
--cc=nd@arm.com \
--cc=npiggin@gmail.com \
--cc=oliver.upton@linux.dev \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=szabolcs.nagy@arm.com \
--cc=tglx@linutronix.de \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).