From: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
To: linuxppc-dev@lists.ozlabs.org, mpe@ellerman.id.au
Subject: Re: [PATCH v7 00/22] Kernel userspace access/execution prevention with hash translation
Date: Tue, 01 Dec 2020 09:11:53 +0530 [thread overview]
Message-ID: <87lfeip4zi.fsf@linux.ibm.com> (raw)
In-Reply-To: <20201127044424.40686-1-aneesh.kumar@linux.ibm.com>
"Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com> writes:
> This patch series implements KUAP and KUEP with hash translation mode using
> memory keys. The kernel now uses memory protection key 3 to control access
> to the kernel. Kernel page table entries are now configured with key 3.
> Access to locations configured with any other key value is denied when in
> kernel mode (MSR_PR=0). This includes userspace which is by default configured
> with key 0.
>
> null-syscall benchmark results:
>
> With smap/smep disabled:
> Without patch:
> 845.29 ns 2451.44 cycles
> With patch series:
> 858.38 ns 2489.30 cycles
>
> With smap/smep enabled:
> Without patch:
> NA
> With patch series:
> 1021.51 ns 2962.44 cycles
>
> Changes from v6:
> * Address review comments
> * Rename MMU FTR defines
>
> Changes from v5:
> * Rework the patch based on suggestion from Michael to avoid the
> usage of CONFIG_PPC_PKEY on BOOKE platforms.
>
> Changes from v4:
> * Repost with other pkey related changes split out as a separate series.
> * Improve null-syscall benchmark by optimizing SPRN save and restore.
>
> Changes from v3:
> * Fix build error reported by kernel test robot <lkp@intel.com>
>
> Changes from v2:
> * Rebase to the latest kernel.
> * Fixed a bug with disabling KUEP/KUAP on kernel command line
> * Added a patch to make kup key dynamic.
>
> Changes from V1:
> * Rebased on latest kernel
I disabled kernel debug config options based on request from Nick
Piggin. null_syscall benchmark numbers after that.
Full series/all patches applied
radix:
277.51 ns 1054.59 cycles
hash
348.24 ns 1323.32 cycles
hash nosmap nosmep
280.39 ns 1065.47 cycles
Patch 22 dropped (no optimization)
hash
341.87 ns 1326.64 cycles
hash nosmap nosmep
312.74 ns 1188.42 cycles
Without patches:
radix:
281.31 ns 1068.98 cycles
hash (same as below)
286.37 ns 1088.21 cycles
hash nosmap nosmep
286.44 ns 1088.46 cycles
next prev parent reply other threads:[~2020-12-01 3:43 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-27 4:44 [PATCH v7 00/22] Kernel userspace access/execution prevention with hash translation Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 01/22] powerpc: Add new macro to handle NESTED_IFCLR Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 02/22] KVM: PPC: BOOK3S: PR: Ignore UAMOR SPR Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 03/22] powerpc/book3s64/kuap/kuep: Add PPC_PKEY config on book3s64 Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 05/22] powerpc/book3s64/kuap: Move KUAP related function outside radix Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 06/22] powerpc/book3s64/kuep: Move KUEP " Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP and MMU_FTR_KUEP Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 08/22] powerpc/book3s64/kuap: Use Key 3 for kernel mapping with hash translation Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 09/22] powerpc/exec: Set thread.regs early during exec Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 12/22] powerpc/book3s64/pkeys: Reset userspace AMR correctly on exec Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 13/22] powerpc/ptrace-view: Use pt_regs values instead of thread_struct based one Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 14/22] powerpc/book3s64/pkeys: Don't update SPRN_AMR when in kernel mode Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 15/22] powerpc/book3s64/kuap: Restrict access to userspace based on userspace AMR Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 17/22] powerpc/book3s64/kuap: Use Key 3 to implement KUAP with hash translation Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 18/22] powerpc/book3s64/kuep: Use Key 3 to implement KUEP " Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 20/22] powerpc/book3s64/hash/kuep: Enable KUEP " Aneesh Kumar K.V
2020-11-27 4:44 ` [PATCH v7 21/22] powerpc/book3s64/hash/kup: Don't hardcode kup key Aneesh Kumar K.V
2020-12-02 4:38 ` [PATCH v7 updated 21/22 ] powerpc/book3s64/kup: Check max key supported before enabling kup Aneesh Kumar K.V
2020-12-15 11:19 ` Michael Ellerman
2020-11-27 4:44 ` [PATCH v7 22/22] powerpc/book3s64/pkeys: Optimize KUAP and KUEP feature disabled case Aneesh Kumar K.V
2020-12-01 3:41 ` Aneesh Kumar K.V [this message]
2020-12-10 11:29 ` [PATCH v7 00/22] Kernel userspace access/execution prevention with hash translation Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lfeip4zi.fsf@linux.ibm.com \
--to=aneesh.kumar@linux.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).