From: Petr Tesarik <petrtesarik@huaweicloud.com>
To: Dave Hansen <dave.hansen@intel.com>
Cc: "Petr Tesařík" <petr@tesarici.cz>,
"Petr Tesarik" <petrtesarik@huaweicloud.com>,
"Jonathan Corbet" <corbet@lwn.net>,
"Thomas Gleixner" <tglx@linutronix.de>,
"Ingo Molnar" <mingo@redhat.com>,
"Borislav Petkov" <bp@alien8.de>,
"Dave Hansen" <dave.hansen@linux.intel.com>,
"maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)"
<x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
"Andy Lutomirski" <luto@kernel.org>,
"Oleg Nesterov" <oleg@redhat.com>,
"Peter Zijlstra" <peterz@infradead.org>,
"Xin Li" <xin3.li@intel.com>, "Arnd Bergmann" <arnd@arndb.de>,
"Andrew Morton" <akpm@linux-foundation.org>,
"Rick Edgecombe" <rick.p.edgecombe@intel.com>,
"Kees Cook" <keescook@chromium.org>,
"Masami Hiramatsu (Google)" <mhiramat@kernel.org>,
"Pengfei Xu" <pengfei.xu@intel.com>,
"Josh Poimboeuf" <jpoimboe@kernel.org>,
"Ze Gao" <zegao2021@gmail.com>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
"Kai Huang" <kai.huang@intel.com>,
"David Woodhouse" <dwmw@amazon.co.uk>,
"Brian Gerst" <brgerst@gmail.com>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"Joerg Roedel" <jroedel@suse.de>,
"Mike Rapoport (IBM)" <rppt@kernel.org>,
"Tina Zhang" <tina.zhang@intel.com>,
"Jacob Pan" <jacob.jun.pan@linux.intel.com>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
"open list" <linux-kernel@vger.kernel.org>,
"Roberto Sassu" <roberto.sassu@huaweicloud.com>,
"John Johansen" <john.johansen@canonical.com>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org,
"Petr Tesarik" <petr.tesarik1@huawei-partners.com>
Subject: [RFC 2/5] sbm: enhance buffer mapping API
Date: Thu, 22 Feb 2024 14:12:27 +0100 [thread overview]
Message-ID: <20240222131230.635-3-petrtesarik@huaweicloud.com> (raw)
In-Reply-To: <20240222131230.635-1-petrtesarik@huaweicloud.com>
From: Petr Tesarik <petr.tesarik1@huawei-partners.com>
Add SBM_MAP_READONLY() and SBM_MAP_WRITABLE() to the public API to allow
mapping kernel buffers directly into the sandbox with no copying.
Signed-off-by: Petr Tesarik <petr.tesarik1@huawei-partners.com>
---
include/linux/sbm.h | 71 +++++++++++++++++++++++++++++++++++++++++++++
kernel/sbm.c | 34 ++++++++++++++++++++++
2 files changed, 105 insertions(+)
diff --git a/include/linux/sbm.h b/include/linux/sbm.h
index 98fd27cd58d0..dbdc0781349f 100644
--- a/include/linux/sbm.h
+++ b/include/linux/sbm.h
@@ -181,6 +181,31 @@ static inline void *sbm_add_buf(struct sbm *sbm, struct sbm_buf **list,
#define SBM_COPY_INOUT(sbm, buf, size) \
((typeof(({buf; })))sbm_add_buf((sbm), &(sbm)->io, (buf), (size)))
+/**
+ * sbm_map_readonly() - Map memory for reading.
+ * @sbm: SBM instance.
+ * @ptr: Starting virtual address.
+ * @size: Size in bytes.
+ *
+ * Make the specified virtual address range readable in sandbox code.
+ *
+ * Return: Address of the buffer, or %NULL on error.
+ */
+void *sbm_map_readonly(struct sbm *sbm, const void *ptr, size_t size);
+
+/**
+ * sbm_map_writable() - Map memory for reading and writing.
+ * @sbm: SBM instance.
+ * @ptr: Starting virtual address.
+ * @size: Size in bytes.
+ *
+ * Make the specified virtual address range readable and writable in sandbox
+ * code.
+ *
+ * Return: Address of the buffer, or %NULL on error.
+ */
+void *sbm_map_writable(struct sbm *sbm, const void *ptr, size_t size);
+
#ifdef CONFIG_HAVE_ARCH_SBM
/**
@@ -303,8 +328,54 @@ static inline int sbm_exec(struct sbm *sbm, sbm_func func, void *data)
#define SBM_COPY_OUT(sbm, buf, size) __SBM_EVAL(buf)
#define SBM_COPY_INOUT(sbm, buf, size) __SBM_EVAL(buf)
+static inline void *sbm_map_readonly(struct sbm *sbm, const void *ptr,
+ size_t size)
+{
+ return (void *)ptr;
+}
+
+static inline void *sbm_map_writable(struct sbm *sbm, const void *ptr,
+ size_t size)
+{
+ return (void *)ptr;
+}
+
#endif /* CONFIG_SANDBOX_MODE */
+/**
+ * SBM_MAP_READONLY() - Map an input buffer into SBM.
+ * @sbm: SBM instance.
+ * @buf: Buffer virtual address.
+ * @size: Size of the buffer.
+ *
+ * Make a read-only mapping of buffer in sandbox mode.
+ *
+ * This works with page granularity. If the buffer is not page-aligned,
+ * some data before and/or after the page is also mappeed into the sandbox.
+ * The mapping does not ensure guard pages either.
+ *
+ * Return: Buffer address in sandbox mode (same as kernel mode).
+ */
+#define SBM_MAP_READONLY(sbm, buf, size) \
+ ((typeof(({buf; })))sbm_map_readonly((sbm), (buf), (size)))
+
+/**
+ * SBM_MAP_WRITABLE() - Map an input/output buffer into SBM.
+ * @sbm: SBM instance.
+ * @buf: Buffer virtual address.
+ * @size: Size of the buffer.
+ *
+ * Make a writable mapping of buffer in sandbox mode.
+ *
+ * This works with page granularity. If the buffer is not page-aligned,
+ * some data before and/or after the page is also mappeed into the sandbox.
+ * The mapping does not ensure guard pages either.
+ *
+ * Return: Buffer address in sandbox mode (same as kernel mode).
+ */
+#define SBM_MAP_WRITABLE(sbm, buf, size) \
+ ((typeof(({buf; })))sbm_map_writable((sbm), (buf), (size)))
+
/**
* __SBM_MAP() - Convert parameters to comma-separated expressions.
* @m: Macro used to convert each pair.
diff --git a/kernel/sbm.c b/kernel/sbm.c
index df57184f5d87..c832808b538e 100644
--- a/kernel/sbm.c
+++ b/kernel/sbm.c
@@ -71,6 +71,40 @@ void sbm_destroy(struct sbm *sbm)
}
EXPORT_SYMBOL(sbm_destroy);
+void *sbm_map_readonly(struct sbm *sbm, const void *ptr, size_t size)
+{
+ struct sbm_buf buf;
+
+ if (sbm->error)
+ return NULL;
+
+ buf.sbm_ptr = (void *)ptr;
+ buf.size = size;
+ sbm->error = arch_sbm_map_readonly(sbm, &buf);
+ if (sbm->error)
+ return NULL;
+
+ return buf.sbm_ptr;
+}
+EXPORT_SYMBOL(sbm_map_readonly);
+
+void *sbm_map_writable(struct sbm *sbm, const void *ptr, size_t size)
+{
+ struct sbm_buf buf;
+
+ if (sbm->error)
+ return NULL;
+
+ buf.sbm_ptr = (void *)ptr;
+ buf.size = size;
+ sbm->error = arch_sbm_map_writable(sbm, &buf);
+ if (sbm->error)
+ return NULL;
+
+ return buf.sbm_ptr;
+}
+EXPORT_SYMBOL(sbm_map_writable);
+
/* Copy input buffers into a sandbox. */
static int sbm_copy_in(struct sbm *sbm)
{
--
2.34.1
next prev parent reply other threads:[~2024-02-22 13:13 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-14 11:35 [PATCH v1 0/8] x86_64 SandBox Mode arch hooks Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 1/8] sbm: x86: page table " Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 2/8] sbm: x86: execute target function on sandbox mode stack Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 3/8] sbm: x86: map system data structures into the sandbox Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 4/8] sbm: x86: allocate and map an exception stack Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 5/8] sbm: x86: handle sandbox mode faults Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 6/8] sbm: x86: switch to sandbox mode pages in arch_sbm_exec() Petr Tesarik
2024-02-14 11:35 ` [PATCH v1 7/8] sbm: documentation of the x86-64 SandBox Mode implementation Petr Tesarik
2024-02-14 18:37 ` Xin Li
2024-02-14 19:16 ` Petr Tesařík
2024-02-14 11:35 ` [PATCH v1 8/8] sbm: x86: lazy TLB flushing Petr Tesarik
2024-02-14 14:52 ` [PATCH v1 0/8] x86_64 SandBox Mode arch hooks Dave Hansen
2024-02-14 15:28 ` H. Peter Anvin
2024-02-14 16:41 ` Petr Tesařík
2024-02-14 17:29 ` H. Peter Anvin
2024-02-14 19:14 ` Petr Tesařík
2024-02-14 18:14 ` Edgecombe, Rick P
2024-02-14 18:32 ` Petr Tesařík
2024-02-14 19:19 ` Edgecombe, Rick P
2024-02-14 19:35 ` Petr Tesařík
2024-02-14 18:22 ` Petr Tesařík
2024-02-14 18:42 ` Dave Hansen
2024-02-14 19:33 ` Petr Tesařík
2024-02-14 20:16 ` Dave Hansen
2024-02-16 15:24 ` [RFC 0/8] PGP key parser using SandBox Mode Petr Tesarik
2024-02-16 15:24 ` [RFC 1/8] mpi: Introduce mpi_key_length() Petr Tesarik
2024-02-16 15:24 ` [RFC 2/8] rsa: add parser of raw format Petr Tesarik
2024-02-16 15:24 ` [RFC 3/8] PGPLIB: PGP definitions (RFC 4880) Petr Tesarik
2024-02-16 15:24 ` [RFC 4/8] PGPLIB: Basic packet parser Petr Tesarik
2024-02-16 15:24 ` [RFC 5/8] PGPLIB: Signature parser Petr Tesarik
2024-02-16 15:24 ` [RFC 6/8] KEYS: PGP data parser Petr Tesarik
2024-02-16 16:44 ` Matthew Wilcox
2024-02-16 16:53 ` Roberto Sassu
2024-02-16 17:08 ` H. Peter Anvin
2024-02-16 17:13 ` Roberto Sassu
2024-02-20 10:55 ` Petr Tesarik
2024-02-21 14:02 ` H. Peter Anvin
2024-02-22 7:53 ` Petr Tesařík
2024-02-16 18:44 ` Matthew Wilcox
2024-02-16 19:54 ` Roberto Sassu
2024-02-28 17:58 ` Roberto Sassu
2024-02-16 15:24 ` [RFC 7/8] KEYS: Run PGP key parser in a sandbox Petr Tesarik
2024-02-18 6:07 ` kernel test robot
2024-02-18 8:02 ` kernel test robot
2024-02-16 15:24 ` [RFC 8/8] KEYS: Add intentional fault injection Petr Tesarik
2024-02-16 15:38 ` [RFC 0/8] PGP key parser using SandBox Mode Dave Hansen
2024-02-16 16:08 ` Petr Tesařík
2024-02-16 17:21 ` Jonathan Corbet
2024-02-16 18:24 ` Roberto Sassu
2024-02-22 13:12 ` [RFC 0/5] PoC: convert AppArmor parser to " Petr Tesarik
2024-02-22 13:12 ` [RFC 1/5] sbm: x86: fix SBM error entry path Petr Tesarik
2024-02-22 13:12 ` Petr Tesarik [this message]
2024-02-22 13:12 ` [RFC 3/5] sbm: x86: infrastructure to fix up sandbox faults Petr Tesarik
2024-02-22 13:12 ` [RFC 4/5] sbm: fix up calls to dynamic memory allocators Petr Tesarik
2024-02-22 15:51 ` Dave Hansen
2024-02-22 17:57 ` Petr Tesařík
2024-02-22 18:03 ` Dave Hansen
2024-02-22 13:12 ` [RFC 5/5] apparmor: parse profiles in sandbox mode Petr Tesarik
2024-02-14 18:52 ` [PATCH v1 0/8] x86_64 SandBox Mode arch hooks Xin Li
2024-02-15 6:59 ` Petr Tesařík
2024-02-15 8:16 ` H. Peter Anvin
2024-02-15 9:30 ` Petr Tesařík
2024-02-15 9:37 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240222131230.635-3-petrtesarik@huaweicloud.com \
--to=petrtesarik@huaweicloud.com \
--cc=akpm@linux-foundation.org \
--cc=apparmor@lists.ubuntu.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dwmw@amazon.co.uk \
--cc=hpa@zytor.com \
--cc=jacob.jun.pan@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=jmorris@namei.org \
--cc=john.johansen@canonical.com \
--cc=jpoimboe@kernel.org \
--cc=jroedel@suse.de \
--cc=kai.huang@intel.com \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=oleg@redhat.com \
--cc=paul@paul-moore.com \
--cc=pengfei.xu@intel.com \
--cc=peterz@infradead.org \
--cc=petr.tesarik1@huawei-partners.com \
--cc=petr@tesarici.cz \
--cc=rick.p.edgecombe@intel.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=rppt@kernel.org \
--cc=serge@hallyn.com \
--cc=tglx@linutronix.de \
--cc=tina.zhang@intel.com \
--cc=x86@kernel.org \
--cc=xin3.li@intel.com \
--cc=zegao2021@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.