From: Kevin Brodsky <kevin.brodsky@arm.com>
To: Peter Zijlstra <peterz@infradead.org>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
aruna.ramakrishna@oracle.com, broonie@kernel.org,
catalin.marinas@arm.com, dave.hansen@linux.intel.com,
jannh@google.com, jeffxu@chromium.org, joey.gouly@arm.com,
kees@kernel.org, maz@kernel.org, pierre.langlois@arm.com,
qperret@google.com, ryan.roberts@arm.com, will@kernel.org,
linux-arm-kernel@lists.infradead.org, x86@kernel.org
Subject: Re: [RFC PATCH 12/16] arm64: mm: Map p4d/pgd with privileged pkey
Date: Wed, 11 Dec 2024 14:35:28 +0100 [thread overview]
Message-ID: <8aedf3db-d1a5-4cc6-974b-a3d9fffe4f52@arm.com> (raw)
In-Reply-To: <20241210122355.GN8562@noisy.programming.kicks-ass.net>
On 10/12/2024 13:23, Peter Zijlstra wrote:
> On Tue, Dec 10, 2024 at 10:27:56AM +0100, Kevin Brodsky wrote:
>> On 09/12/2024 11:24, Peter Zijlstra wrote:
>>> On Fri, Dec 06, 2024 at 10:11:06AM +0000, Kevin Brodsky wrote:
>>>> If CONFIG_KPKEYS_HARDENED_PGTABLES is enabled, map p4d/pgd pages
>>>> using a privileged pkey (KPKEYS_PKEY_PGTABLES), so that they can
>>>> only be written under guard(kpkeys_hardened_pgtables).
>>>>
>>>> The case where pgd is not page-sized is not currently handled -
>>>> this is pending support for pkeys in kmem_cache.
>>>>
>>>> This patch is a no-op if CONFIG_KPKEYS_HARDENED_PGTABLES is disabled
>>>> (default).
>>> Should not this live in pagetable_*_[cd]tor() in generic code?
>> This would certainly be preferable but it doesn't look like such helpers
>> exist for p4d/pgd. For p4d, we could potentially handle this in the
>> generic __p4d_alloc(), but I'm not sure we can assume that
>> p4d_alloc_one() won't be called from somewhere else. pgd_alloc() is
>> entirely arch-specific so not much we can do there.
> Can't we add the missing pagetable_{p4d,pgd}_[cd]tor() functions. Yes,
> it will mean touching a bunch of arch code, but it shouldn't be hard.
It does look doable. The p4d level shouldn't be an issue, it's unclear
why it doesn't follow the same pattern as pud already. pgd will be more
involved (no generic layer at all) but as you say it should just be
about some churn in arch code.
An extra complication is that the pgd level may be smaller than a page,
at least on arm64 (see pgd_alloc() in arch/arm64/mm/pgd.c). I suppose
affected architectures will have to define their own pgd_alloc_one().
I'll give it a try and post something separately if it looks sensible.
- Kevin
next prev parent reply other threads:[~2024-12-11 13:35 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-06 10:10 [RFC PATCH 00/16] pkeys-based page table hardening Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 01/16] mm: Introduce kpkeys Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 02/16] set_memory: Introduce set_memory_pkey() stub Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 03/16] arm64: mm: Enable overlays for all EL1 indirect permissions Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 04/16] arm64: Introduce por_set_pkey_perms() helper Kevin Brodsky
2024-12-06 10:10 ` [RFC PATCH 05/16] arm64: Implement asm/kpkeys.h using POE Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 06/16] arm64: set_memory: Implement set_memory_pkey() Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 07/16] arm64: Enable kpkeys Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 08/16] mm: Introduce kernel_pgtables_set_pkey() Kevin Brodsky
2024-12-09 10:03 ` Peter Zijlstra
2024-12-10 9:27 ` Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 09/16] mm: Introduce kpkeys_hardened_pgtables Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 10/16] mm: Map page tables with privileged pkey Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 11/16] arm64: kpkeys: Support KPKEYS_LVL_PGTABLES Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 12/16] arm64: mm: Map p4d/pgd with privileged pkey Kevin Brodsky
2024-12-09 10:24 ` Peter Zijlstra
2024-12-10 9:27 ` Kevin Brodsky
2024-12-10 12:23 ` Peter Zijlstra
2024-12-11 13:35 ` Kevin Brodsky [this message]
2024-12-06 10:11 ` [RFC PATCH 13/16] arm64: mm: Reset pkey in __tlb_remove_table() Kevin Brodsky
2024-12-09 10:29 ` Peter Zijlstra
2024-12-10 9:28 ` Kevin Brodsky
2024-12-10 12:27 ` Peter Zijlstra
2024-12-11 13:37 ` Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 14/16] arm64: mm: Guard page table writes with kpkeys Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 15/16] arm64: Enable kpkeys_hardened_pgtables support Kevin Brodsky
2024-12-06 10:11 ` [RFC PATCH 16/16] mm: Add basic tests for kpkeys_hardened_pgtables Kevin Brodsky
2024-12-06 19:14 ` [RFC PATCH 00/16] pkeys-based page table hardening Jann Horn
2024-12-09 12:57 ` Kevin Brodsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8aedf3db-d1a5-4cc6-974b-a3d9fffe4f52@arm.com \
--to=kevin.brodsky@arm.com \
--cc=aruna.ramakrishna@oracle.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=dave.hansen@linux.intel.com \
--cc=jannh@google.com \
--cc=jeffxu@chromium.org \
--cc=joey.gouly@arm.com \
--cc=kees@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maz@kernel.org \
--cc=peterz@infradead.org \
--cc=pierre.langlois@arm.com \
--cc=qperret@google.com \
--cc=ryan.roberts@arm.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox