From: Ira Weiny <ira.weiny@intel.com>
To: Kees Cook <keescook@chromium.org>
Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>,
dave.hansen@intel.com, luto@kernel.org, peterz@infradead.org,
linux-mm@kvack.org, x86@kernel.org, akpm@linux-foundation.org,
linux-hardening@vger.kernel.org,
kernel-hardening@lists.openwall.com, rppt@kernel.org,
dan.j.williams@intel.com, linux-kernel@vger.kernel.org
Subject: Re: [PATCH RFC 0/9] PKS write protected page tables
Date: Wed, 5 May 2021 17:00:13 -0700 [thread overview]
Message-ID: <20210506000013.GE1068722@iweiny-DESK2.sc.intel.com> (raw)
In-Reply-To: <202105042253.ECBBF6B6@keescook>
On Tue, May 04, 2021 at 11:25:31PM -0700, Kees Cook wrote:
> On Tue, May 04, 2021 at 05:30:23PM -0700, Rick Edgecombe wrote:
>
> > Performance impacts
> > ===================
> > Setting direct map permissions on whatever random page gets allocated for a
> > page table would result in a lot of kernel range shootdowns and direct map
> > large page shattering. So the way the PKS page table memory is created is
> > similar to this module page clustering series[2], where a cache of pages is
> > replenished from 2MB pages such that the direct map permissions and associated
> > breakage is localized on the direct map. In the PKS page tables case, a PKS
> > key is pre-applied to the direct map for pages in the cache.
> >
> > There would be some costs of memory overhead in order to protect the direct
> > map page tables. There would also be some extra kernel range shootdowns to
> > replenish the cache on occasion, from setting the PKS key on the direct map of
> > the new pages. I don’t have any actual performance data yet.
>
> What CPU models are expected to have PKS?
Supervisor Memory Protection Keys (PKS) is a feature which is found on Intel’s
Sapphire Rapids (and later) “Scalable Processor” Server CPUs. It will also be
available in future non-server Intel parts.
Also qemu has some support as well.
https://www.qemu.org/2021/04/30/qemu-6-0-0/
Ira
next prev parent reply other threads:[~2021-05-06 0:00 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-05 0:30 [PATCH RFC 0/9] PKS write protected page tables Rick Edgecombe
2021-05-05 0:30 ` [PATCH RFC 1/9] list: Support getting most recent element in list_lru Rick Edgecombe
2021-05-05 0:30 ` [PATCH RFC 2/9] list: Support list head not in object for list_lru Rick Edgecombe
2021-05-05 0:30 ` [PATCH RFC 3/9] x86/mm/cpa: Add grouped page allocations Rick Edgecombe
2021-05-05 12:08 ` Mike Rapoport
2021-05-05 13:09 ` Peter Zijlstra
2021-05-05 18:45 ` Mike Rapoport
2021-05-05 21:57 ` Edgecombe, Rick P
2021-05-05 21:57 ` Edgecombe, Rick P
2021-05-09 9:39 ` Mike Rapoport
2021-05-09 9:39 ` Mike Rapoport
2021-05-10 19:38 ` Edgecombe, Rick P
2021-05-10 19:38 ` Edgecombe, Rick P
2021-05-05 0:30 ` [PATCH RFC 4/9] mm: Explicitly zero page table lock ptr Rick Edgecombe
2021-05-05 0:30 ` [PATCH RFC 5/9] x86, mm: Use cache of page tables Rick Edgecombe
2021-05-05 8:51 ` Peter Zijlstra
2021-05-05 12:09 ` Mike Rapoport
2021-05-05 13:19 ` Peter Zijlstra
2021-05-05 21:54 ` Edgecombe, Rick P
2021-05-05 21:54 ` Edgecombe, Rick P
2021-05-06 17:59 ` Matthew Wilcox
2021-05-06 18:24 ` Shakeel Butt
2021-05-06 18:24 ` Shakeel Butt
2021-05-07 16:27 ` Edgecombe, Rick P
2021-05-07 16:27 ` Edgecombe, Rick P
2021-05-05 0:30 ` [PATCH RFC 6/9] x86/mm/cpa: Add set_memory_pks() Rick Edgecombe
2021-05-05 0:30 ` [PATCH RFC 7/9] x86/mm/cpa: Add perm callbacks to grouped pages Rick Edgecombe
2021-05-05 0:30 ` [PATCH RFC 8/9] x86, mm: Protect page tables with PKS Rick Edgecombe
2021-05-05 0:30 ` [PATCH RFC 9/9] x86, cpa: PKS protect direct map page tables Rick Edgecombe
2021-05-05 2:03 ` [PATCH RFC 0/9] PKS write protected " Ira Weiny
2021-05-05 6:25 ` Kees Cook
2021-05-05 8:37 ` Peter Zijlstra
2021-05-05 18:38 ` Kees Cook
2021-05-05 19:51 ` Edgecombe, Rick P
2021-05-05 19:51 ` Edgecombe, Rick P
2021-05-06 0:00 ` Ira Weiny [this message]
2021-05-05 11:08 ` Vlastimil Babka
2021-05-05 11:56 ` Peter Zijlstra
2021-05-05 19:46 ` Edgecombe, Rick P
2021-05-05 19:46 ` Edgecombe, Rick P
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210506000013.GE1068722@iweiny-DESK2.sc.intel.com \
--to=ira.weiny@intel.com \
--cc=akpm@linux-foundation.org \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=keescook@chromium.org \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rppt@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.