From: Dave Hansen <dave.hansen@linux.intel.com> To: Thomas Gleixner <tglx@linutronix.de>, LKML <linux-kernel@vger.kernel.org> Cc: Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@alien8.de>, Brian Gerst <brgerst@gmail.com>, Denys Vlasenko <dvlasenk@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Josh Poimboeuf <jpoimboe@redhat.com>, Linus Torvalds <torvalds@linux-foundation.org>, Peter Zijlstra <peterz@infradead.org>, Rik van Riel <riel@redhat.com>, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, linux-mm@kvack.org, michael.schwarz@iaik.tugraz.at, moritz.lipp@iaik.tugraz.at, richard.fellner@student.tugraz.at Subject: Re: [patch V2 1/5] x86/kaiser: Respect disabled CPU features Date: Mon, 27 Nov 2017 10:11:12 -0800 [thread overview] Message-ID: <07d101b3-d17a-7781-f05e-96738e6d6848@linux.intel.com> (raw) In-Reply-To: <20171126232414.313869499@linutronix.de> > --- a/arch/x86/include/asm/pgtable_64.h > +++ b/arch/x86/include/asm/pgtable_64.h > @@ -222,7 +222,8 @@ static inline pgd_t kaiser_set_shadow_pg > * wrong CR3 value, userspace will crash > * instead of running. > */ > - pgd.pgd |= _PAGE_NX; > + if (__supported_pte_mask & _PAGE_NX) > + pgd.pgd |= _PAGE_NX; > } Thanks for catching that. It's definitely a bug. Although, practically, it's hard to hit, right? I think everything 64-bit supports NX unless the hypervisor disabled it or something. > } else if (pgd_userspace_access(*pgdp)) { > /* > --- a/arch/x86/mm/kaiser.c > +++ b/arch/x86/mm/kaiser.c > @@ -42,6 +42,8 @@ > > #define KAISER_WALK_ATOMIC 0x1 > > +static pteval_t kaiser_pte_mask __ro_after_init = ~(_PAGE_NX | _PAGE_GLOBAL); Do we need a comment on this, like: /* * The NX and GLOBAL bits are not supported on all CPUs. * We will add them back to this mask at runtime in * kaiser_init_all_pgds() if supported. */ > /* > * At runtime, the only things we map are some things for CPU > * hotplug, and stacks for new processes. No two CPUs will ever > @@ -244,11 +246,14 @@ static pte_t *kaiser_shadow_pagetable_wa > int kaiser_add_user_map(const void *__start_addr, unsigned long size, > unsigned long flags) > { > - pte_t *pte; > unsigned long start_addr = (unsigned long)__start_addr; > unsigned long address = start_addr & PAGE_MASK; > unsigned long end_addr = PAGE_ALIGN(start_addr + size); > unsigned long target_address; > + pte_t *pte; > + > + /* Clear not supported bits */ > + flags &= kaiser_pte_mask; Should we be warning on these if we clear them? Seems kinda funky to silently fix them up. > for (; address < end_addr; address += PAGE_SIZE) { > target_address = get_pa_from_kernel_map(address); > @@ -308,6 +313,11 @@ static void __init kaiser_init_all_pgds( > pgd_t *pgd; > int i; > > + if (__supported_pte_mask & _PAGE_NX) > + kaiser_pte_mask |= _PAGE_NX; > + if (boot_cpu_has(X86_FEATURE_PGE)) > + kaiser_pte_mask |= _PAGE_GLOBAL; Practically, I guess boot_cpu_has(X86_FEATURE_PGE) == (cr4_read() & X86_CR4_PGE). But, in a slow path like this, is it perhaps better to just be checking CR4 directly? Looks functionally fine to me, though. Feel free to add my Reviewed-by or Acked-by.
WARNING: multiple messages have this Message-ID (diff)
From: Dave Hansen <dave.hansen@linux.intel.com> To: Thomas Gleixner <tglx@linutronix.de>, LKML <linux-kernel@vger.kernel.org> Cc: Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@kernel.org>, Borislav Petkov <bp@alien8.de>, Brian Gerst <brgerst@gmail.com>, Denys Vlasenko <dvlasenk@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Josh Poimboeuf <jpoimboe@redhat.com>, Linus Torvalds <torvalds@linux-foundation.org>, Peter Zijlstra <peterz@infradead.org>, Rik van Riel <riel@redhat.com>, daniel.gruss@iaik.tugraz.at, hughd@google.com, keescook@google.com, linux-mm@kvack.org, michael.schwarz@iaik.tugraz.at, moritz.lipp@iaik.tugraz.at, richard.fellner@student.tugraz.at Subject: Re: [patch V2 1/5] x86/kaiser: Respect disabled CPU features Date: Mon, 27 Nov 2017 10:11:12 -0800 [thread overview] Message-ID: <07d101b3-d17a-7781-f05e-96738e6d6848@linux.intel.com> (raw) In-Reply-To: <20171126232414.313869499@linutronix.de> > --- a/arch/x86/include/asm/pgtable_64.h > +++ b/arch/x86/include/asm/pgtable_64.h > @@ -222,7 +222,8 @@ static inline pgd_t kaiser_set_shadow_pg > * wrong CR3 value, userspace will crash > * instead of running. > */ > - pgd.pgd |= _PAGE_NX; > + if (__supported_pte_mask & _PAGE_NX) > + pgd.pgd |= _PAGE_NX; > } Thanks for catching that. It's definitely a bug. Although, practically, it's hard to hit, right? I think everything 64-bit supports NX unless the hypervisor disabled it or something. > } else if (pgd_userspace_access(*pgdp)) { > /* > --- a/arch/x86/mm/kaiser.c > +++ b/arch/x86/mm/kaiser.c > @@ -42,6 +42,8 @@ > > #define KAISER_WALK_ATOMIC 0x1 > > +static pteval_t kaiser_pte_mask __ro_after_init = ~(_PAGE_NX | _PAGE_GLOBAL); Do we need a comment on this, like: /* * The NX and GLOBAL bits are not supported on all CPUs. * We will add them back to this mask at runtime in * kaiser_init_all_pgds() if supported. */ > /* > * At runtime, the only things we map are some things for CPU > * hotplug, and stacks for new processes. No two CPUs will ever > @@ -244,11 +246,14 @@ static pte_t *kaiser_shadow_pagetable_wa > int kaiser_add_user_map(const void *__start_addr, unsigned long size, > unsigned long flags) > { > - pte_t *pte; > unsigned long start_addr = (unsigned long)__start_addr; > unsigned long address = start_addr & PAGE_MASK; > unsigned long end_addr = PAGE_ALIGN(start_addr + size); > unsigned long target_address; > + pte_t *pte; > + > + /* Clear not supported bits */ > + flags &= kaiser_pte_mask; Should we be warning on these if we clear them? Seems kinda funky to silently fix them up. > for (; address < end_addr; address += PAGE_SIZE) { > target_address = get_pa_from_kernel_map(address); > @@ -308,6 +313,11 @@ static void __init kaiser_init_all_pgds( > pgd_t *pgd; > int i; > > + if (__supported_pte_mask & _PAGE_NX) > + kaiser_pte_mask |= _PAGE_NX; > + if (boot_cpu_has(X86_FEATURE_PGE)) > + kaiser_pte_mask |= _PAGE_GLOBAL; Practically, I guess boot_cpu_has(X86_FEATURE_PGE) == (cr4_read() & X86_CR4_PGE). But, in a slow path like this, is it perhaps better to just be checking CR4 directly? Looks functionally fine to me, though. Feel free to add my Reviewed-by or Acked-by. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-11-27 18:11 UTC|newest] Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-11-26 23:14 [patch V2 0/5] x86/kaiser: Boot time disabling and debug support Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-26 23:14 ` [patch V2 1/5] x86/kaiser: Respect disabled CPU features Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 9:57 ` Peter Zijlstra 2017-11-27 9:57 ` Peter Zijlstra 2017-11-27 11:47 ` Thomas Gleixner 2017-11-27 11:47 ` Thomas Gleixner 2017-11-27 12:31 ` Brian Gerst 2017-11-27 12:31 ` Brian Gerst 2017-11-27 13:18 ` Thomas Gleixner 2017-11-27 13:18 ` Thomas Gleixner 2017-11-27 18:11 ` Dave Hansen [this message] 2017-11-27 18:11 ` Dave Hansen 2017-11-27 18:37 ` Kees Cook 2017-11-27 18:37 ` Kees Cook 2017-11-26 23:14 ` [patch V2 2/5] x86/kaiser: Simplify disabling of global pages Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 11:49 ` Thomas Gleixner 2017-11-27 11:49 ` Thomas Gleixner 2017-11-27 18:15 ` Dave Hansen 2017-11-27 18:15 ` Dave Hansen 2017-11-27 20:28 ` Thomas Gleixner 2017-11-27 20:28 ` Thomas Gleixner 2017-11-26 23:14 ` [patch V2 3/5] x86/dump_pagetables: Check KAISER shadow page table for WX pages Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 18:17 ` Dave Hansen 2017-11-27 18:17 ` Dave Hansen 2017-11-26 23:14 ` [patch V2 4/5] x86/mm/debug_pagetables: Allow dumping current pagetables Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 9:41 ` Peter Zijlstra 2017-11-27 9:41 ` Peter Zijlstra 2017-11-27 10:06 ` [PATCH] vfs: Add PERM_* symbolic helpers for common file mode/permissions Ingo Molnar 2017-11-27 10:06 ` Ingo Molnar 2017-11-27 19:21 ` Linus Torvalds 2017-11-27 19:21 ` Linus Torvalds 2017-11-28 10:54 ` Ingo Molnar 2017-11-28 10:54 ` Ingo Molnar 2017-11-28 11:12 ` Ingo Molnar 2017-11-28 11:12 ` Ingo Molnar 2017-11-29 8:52 ` Michael Ellerman 2017-11-29 8:52 ` Michael Ellerman 2017-11-27 18:18 ` [patch V2 4/5] x86/mm/debug_pagetables: Allow dumping current pagetables Dave Hansen 2017-11-27 18:18 ` Dave Hansen 2017-11-26 23:14 ` [patch V2 5/5] x86/kaiser: Add boottime disable switch Thomas Gleixner 2017-11-26 23:14 ` Thomas Gleixner 2017-11-27 9:48 ` Peter Zijlstra 2017-11-27 9:48 ` Peter Zijlstra 2017-11-27 10:22 ` Peter Zijlstra 2017-11-27 10:22 ` Peter Zijlstra 2017-11-27 11:50 ` Thomas Gleixner 2017-11-27 11:50 ` Thomas Gleixner 2017-11-27 12:49 ` Peter Zijlstra 2017-11-27 12:49 ` Peter Zijlstra 2017-11-27 21:43 ` Peter Zijlstra 2017-11-27 21:43 ` Peter Zijlstra 2017-11-27 18:22 ` Dave Hansen 2017-11-27 18:22 ` Dave Hansen 2017-11-27 19:00 ` Thomas Gleixner 2017-11-27 19:00 ` Thomas Gleixner 2017-11-27 19:18 ` Josh Poimboeuf 2017-11-27 19:18 ` Josh Poimboeuf 2017-11-27 20:47 ` Thomas Gleixner 2017-11-27 20:47 ` Thomas Gleixner
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=07d101b3-d17a-7781-f05e-96738e6d6848@linux.intel.com \ --to=dave.hansen@linux.intel.com \ --cc=bp@alien8.de \ --cc=brgerst@gmail.com \ --cc=daniel.gruss@iaik.tugraz.at \ --cc=dvlasenk@redhat.com \ --cc=hpa@zytor.com \ --cc=hughd@google.com \ --cc=jpoimboe@redhat.com \ --cc=keescook@google.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=luto@kernel.org \ --cc=michael.schwarz@iaik.tugraz.at \ --cc=mingo@kernel.org \ --cc=moritz.lipp@iaik.tugraz.at \ --cc=peterz@infradead.org \ --cc=richard.fellner@student.tugraz.at \ --cc=riel@redhat.com \ --cc=tglx@linutronix.de \ --cc=torvalds@linux-foundation.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.