From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4893FC388F9 for ; Mon, 2 Nov 2020 20:53:31 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id BF0FC206B2 for ; Mon, 2 Nov 2020 20:53:30 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BF0FC206B2 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 0A0206B0036; Mon, 2 Nov 2020 15:53:30 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 054B86B005C; Mon, 2 Nov 2020 15:53:29 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E5B786B0068; Mon, 2 Nov 2020 15:53:29 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0038.hostedemail.com [216.40.44.38]) by kanga.kvack.org (Postfix) with ESMTP id B9DB36B0036 for ; Mon, 2 Nov 2020 15:53:29 -0500 (EST) Received: from smtpin11.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 3E0A83624 for ; Mon, 2 Nov 2020 20:53:29 +0000 (UTC) X-FDA: 77440678938.11.ship04_2e0d817272b3 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin11.hostedemail.com (Postfix) with ESMTP id 155AA180F8B80 for ; Mon, 2 Nov 2020 20:53:29 +0000 (UTC) X-HE-Tag: ship04_2e0d817272b3 X-Filterd-Recvd-Size: 9070 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf12.hostedemail.com (Postfix) with ESMTP for ; Mon, 2 Nov 2020 20:53:27 +0000 (UTC) IronPort-SDR: IQMIbWenZUllcxhV1NaOd3UyBQU/KdJuB8tO3yOLxCfbwAq2AAyaFZVN+9EAPKlG7733G1XCs4 pTi/gVqUNbdg== X-IronPort-AV: E=McAfee;i="6000,8403,9793"; a="156729684" X-IronPort-AV: E=Sophos;i="5.77,445,1596524400"; d="scan'208";a="156729684" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Nov 2020 12:53:26 -0800 IronPort-SDR: eruNOjlfVsT+d2xNmKeCN+wdpmM7mqC5KYx6km3g5kJ42UeIdR4MSsgP0ql6/hnCLDIR4njc9h tNYZRr8Q7pRw== X-IronPort-AV: E=Sophos;i="5.77,445,1596524400"; d="scan'208";a="538165889" Received: from iweiny-desk2.sc.intel.com (HELO localhost) ([10.3.52.147]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Nov 2020 12:53:25 -0800 From: ira.weiny@intel.com To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Andy Lutomirski , Peter Zijlstra , Dave Hansen Cc: Ira Weiny , x86@kernel.org, Dan Williams , Andrew Morton , Fenghua Yu , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nvdimm@lists.01.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: [PATCH V2 00/10] PKS: Add Protection Keys Supervisor (PKS) support Date: Mon, 2 Nov 2020 12:53:10 -0800 Message-Id: <20201102205320.1458656-1-ira.weiny@intel.com> X-Mailer: git-send-email 2.28.0.rc0.12.gb6a658bd00c9 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Ira Weiny Changes from V1 Rebase to TIP master; resolve conflicts and test Clean up some kernel docs updates missed in V1 Add irqentry_state_t kernel doc for PKRS field Removed redundant irq_state->pkrs This is only needed when we add the global state and somehow ended up in this patch series. That will come back when we add the global functionality in. From Thomas Gleixner Update commit messages Add kernel doc for struct irqentry_state_t From Dave Hansen add flags to pks_key_alloc() Changes from RFC V3[3] Rebase to TIP master Update test error output Standardize on 'irq_state' for state variables From Dave Hansen Update commit messages Add/clean up comments Add X86_FEATURE_PKS to disabled-features.h and remove some explicit CONFIG checks Move saved_pkrs member of thread_struct Remove superfluous preempt_disable() s/irq_save_pks/irq_save_set_pks/ Ensure PKRS is not seen in faults if not configured or not supported s/pks_mknoaccess/pks_mk_noaccess/ s/pks_mkread/pks_mk_readonly/ s/pks_mkrdwr/pks_mk_readwrite/ Change pks_key_alloc return to -EOPNOTSUPP when not supported From Peter Zijlstra Clean up Attribution Remove superfluous preempt_disable() Add union to differentiate exit_rcu/lockdep use in irqentry_state_t From Thomas Gleixner Add preliminary clean up patch and adjust series as needed Introduce a new page protection mechanism for supervisor pages, Protectio= n Key Supervisor (PKS). 2 use cases for PKS are being developed, trusted keys and PMEM. Trusted = keys is a newer use case which is still being explored. PMEM was submitted as= part of the RFC (v2) series[1]. However, since then it was found that some ca= llers of kmap() require a global implementation of PKS. Specifically some user= s of kmap() expect mappings to be available to all kernel threads. While glob= al use of PKS is rare it needs to be included for correctness. Unfortunately th= e kmap() updates required a large patch series to make the needed changes a= t the various kmap() call sites so that patch set has been split out. Because = the global PKS feature is only required for that use case it will be deferred= to that set as well.[2] This patch set is being submitted as a precursor to= both of the use cases. For an overview of the entire PKS ecosystem, a git tree including this se= ries and 2 proposed use cases can be found here: https://lore.kernel.org/lkml/20201009195033.3208459-1-ira.weiny@intel.co= m/ https://lore.kernel.org/lkml/20201009201410.3209180-1-ira.weiny@intel.co= m/ PKS enables protections on 'domains' of supervisor pages to limit supervi= sor mode access to those pages beyond the normal paging protections. PKS wor= ks in a similar fashion to user space pkeys, PKU. As with PKU, supervisor pkey= s are checked in addition to normal paging protections and Access or Writes can= be disabled via a MSR update without TLB flushes when permissions change. A= lso like PKU, a page mapping is assigned to a domain by setting pkey bits in = the page table entry for that mapping. Access is controlled through a PKRS register which is updated via WRMSR/R= DMSR. XSAVE is not supported for the PKRS MSR. Therefore the implementation saves/restores the MSR across context switches and during exceptions. Ne= sted exceptions are supported by each exception getting a new PKS state. For consistent behavior with current paging protections, pkey 0 is reserv= ed and configured to allow full access via the pkey mechanism, thus preserving t= he default paging protections on mappings with the default pkey value of 0. Other keys, (1-15) are allocated by an allocator which prepares us for ke= y contention from day one. Kernel users should be prepared for the allocat= or to fail either because of key exhaustion or due to PKS not being supported o= n the arch and/or CPU instance. The following are key attributes of PKS. 1) Fast switching of permissions 1a) Prevents access without page table manipulations 1b) No TLB flushes required 2) Works on a per thread basis PKS is available with 4 and 5 level paging. Like PKRU it consumes 4 bits= from the PTE to store the pkey within the entry. [1] https://lore.kernel.org/lkml/20200717072056.73134-1-ira.weiny@intel.c= om/ [2] https://lore.kernel.org/lkml/20201009195033.3208459-2-ira.weiny@intel= .com/ [3] https://lore.kernel.org/lkml/20201009194258.3207172-1-ira.weiny@intel= .com/ Fenghua Yu (2): x86/pks: Enable Protection Keys Supervisor (PKS) x86/pks: Add PKS kernel API Ira Weiny (7): x86/pkeys: Create pkeys_common.h x86/fpu: Refactor arch_set_user_pkey_access() for PKS support x86/pks: Preserve the PKRS MSR on context switch x86/entry: Pass irqentry_state_t by reference x86/entry: Preserve PKRS MSR across exceptions x86/fault: Report the PKRS state on fault x86/pks: Add PKS test code Thomas Gleixner (1): x86/entry: Move nmi entry/exit into common code Documentation/core-api/protection-keys.rst | 103 ++- arch/x86/Kconfig | 1 + arch/x86/entry/common.c | 64 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/disabled-features.h | 8 +- arch/x86/include/asm/idtentry.h | 28 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/pgtable.h | 13 +- arch/x86/include/asm/pgtable_types.h | 12 + arch/x86/include/asm/pkeys.h | 15 + arch/x86/include/asm/pkeys_common.h | 40 ++ arch/x86/include/asm/processor.h | 18 +- arch/x86/include/uapi/asm/processor-flags.h | 2 + arch/x86/kernel/cpu/common.c | 15 + arch/x86/kernel/cpu/mce/core.c | 6 +- arch/x86/kernel/fpu/xstate.c | 22 +- arch/x86/kernel/kvm.c | 6 +- arch/x86/kernel/nmi.c | 6 +- arch/x86/kernel/process.c | 26 + arch/x86/kernel/traps.c | 24 +- arch/x86/mm/fault.c | 87 ++- arch/x86/mm/pkeys.c | 194 +++++- include/linux/entry-common.h | 64 +- include/linux/pgtable.h | 4 + include/linux/pkeys.h | 24 + kernel/entry/common.c | 62 +- lib/Kconfig.debug | 12 + lib/Makefile | 3 + lib/pks/Makefile | 3 + lib/pks/pks_test.c | 691 ++++++++++++++++++++ mm/Kconfig | 2 + tools/testing/selftests/x86/Makefile | 3 +- tools/testing/selftests/x86/test_pks.c | 66 ++ 33 files changed, 1465 insertions(+), 161 deletions(-) create mode 100644 arch/x86/include/asm/pkeys_common.h create mode 100644 lib/pks/Makefile create mode 100644 lib/pks/pks_test.c create mode 100644 tools/testing/selftests/x86/test_pks.c --=20 2.28.0.rc0.12.gb6a658bd00c9