From: Peter Zijlstra <peterz@infradead.org>
To: Kevin Brodsky <kevin.brodsky@arm.com>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
aruna.ramakrishna@oracle.com, broonie@kernel.org,
catalin.marinas@arm.com, dave.hansen@linux.intel.com,
jannh@google.com, jeffxu@chromium.org, joey.gouly@arm.com,
kees@kernel.org, maz@kernel.org, pierre.langlois@arm.com,
qperret@google.com, ryan.roberts@arm.com, will@kernel.org,
linux-arm-kernel@lists.infradead.org, x86@kernel.org
Subject: Re: [RFC PATCH 13/16] arm64: mm: Reset pkey in __tlb_remove_table()
Date: Tue, 10 Dec 2024 13:27:06 +0100 [thread overview]
Message-ID: <20241210122706.GO8562@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <7124d7f4-1d4c-4497-94d8-243af2ed071a@arm.com>
On Tue, Dec 10, 2024 at 10:28:44AM +0100, Kevin Brodsky wrote:
> On 09/12/2024 11:29, Peter Zijlstra wrote:
> > On Fri, Dec 06, 2024 at 10:11:07AM +0000, Kevin Brodsky wrote:
> >> [...]
> >>
> >> diff --git a/arch/arm64/include/asm/tlb.h b/arch/arm64/include/asm/tlb.h
> >> index a947c6e784ed..d1611ffa6d91 100644
> >> --- a/arch/arm64/include/asm/tlb.h
> >> +++ b/arch/arm64/include/asm/tlb.h
> >> @@ -10,10 +10,14 @@
> >>
> >> #include <linux/pagemap.h>
> >> #include <linux/swap.h>
> >> +#include <linux/kpkeys.h>
> >>
> >> static inline void __tlb_remove_table(void *_table)
> >> {
> >> - free_page_and_swap_cache((struct page *)_table);
> >> + struct page *page = (struct page *)_table;
> >> +
> >> + kpkeys_unprotect_pgtable_memory((unsigned long)page_address(page), 1);
> >> + free_page_and_swap_cache(page);
> >> }
> > Same as for the others, perhaps stick this in generic code instead of in
> > the arch code?
>
> This should be doable, with some refactoring. __tlb_remove_table() is
> currently called from two functions in mm/mmu_gather.c, I suppose I
> could create a wrapper there that calls
> kpkeys_unprotect_pgtable_memory() and then __tlb_remove_table(). Like in
> the p4d case I do however wonder how robust this is, as
> __tlb_remove_table() could end up being called from other places.
I don't foresee other __tlb_remove_table() users, this is all rather
speicific code. But if there ever were to be new users, it is something
they would have to take into consideration.
next prev parent reply other threads:[~2024-12-10 12:27 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-06 10:10 [RFC PATCH 00/16] pkeys-based page table hardening Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 01/16] mm: Introduce kpkeys Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 02/16] set_memory: Introduce set_memory_pkey() stub Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 03/16] arm64: mm: Enable overlays for all EL1 indirect permissions Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 04/16] arm64: Introduce por_set_pkey_perms() helper Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 05/16] arm64: Implement asm/kpkeys.h using POE Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 06/16] arm64: set_memory: Implement set_memory_pkey() Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 07/16] arm64: Enable kpkeys Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 08/16] mm: Introduce kernel_pgtables_set_pkey() Kevin Brodsky
2024-12-09 10:03 ` Peter Zijlstra
2024-12-10 9:27 ` Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 09/16] mm: Introduce kpkeys_hardened_pgtables Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 10/16] mm: Map page tables with privileged pkey Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 11/16] arm64: kpkeys: Support KPKEYS_LVL_PGTABLES Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 12/16] arm64: mm: Map p4d/pgd with privileged pkey Kevin Brodsky
2024-12-09 10:24 ` Peter Zijlstra
2024-12-10 9:27 ` Kevin Brodsky
2024-12-10 12:23 ` Peter Zijlstra
2024-12-11 13:35 ` Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 13/16] arm64: mm: Reset pkey in __tlb_remove_table() Kevin Brodsky
2024-12-09 10:29 ` Peter Zijlstra
2024-12-10 9:28 ` Kevin Brodsky
2024-12-10 12:27 ` Peter Zijlstra [this message]
2024-12-11 13:37 ` Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 14/16] arm64: mm: Guard page table writes with kpkeys Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 15/16] arm64: Enable kpkeys_hardened_pgtables support Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 16/16] mm: Add basic tests for kpkeys_hardened_pgtables Kevin Brodsky
2024-12-06 19:14 ` [RFC PATCH 00/16] pkeys-based page table hardening Jann Horn
2024-12-09 12:57 ` Kevin Brodsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241210122706.GO8562@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=aruna.ramakrishna@oracle.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=jannh@google.com \
--cc=jeffxu@chromium.org \
--cc=joey.gouly@arm.com \
--cc=kees@kernel.org \
--cc=kevin.brodsky@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=pierre.langlois@arm.com \
--cc=qperret@google.com \
--cc=ryan.roberts@arm.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox