From: ira.weiny@intel.com To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org> Cc: x86@kernel.org, Dave Hansen <dave.hansen@linux.intel.com>, Andrew Morton <akpm@linux-foundation.org>, Fenghua Yu <fenghua.yu@intel.com>, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nvdimm@lists.01.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: [PATCH RFC V3 0/9] PKS: Add Protection Keys Supervisor (PKS) support RFC v3 Date: Fri, 9 Oct 2020 12:42:49 -0700 [thread overview] Message-ID: <20201009194258.3207172-1-ira.weiny@intel.com> (raw) From: Ira Weiny <ira.weiny@intel.com> This RFC series has been reviewed by Dave Hansen. Introduce a new page protection mechanism for supervisor pages, Protection Key Supervisor (PKS). 2 use cases for PKS are being developed, trusted keys and PMEM. Trusted keys is a newer use case which is still being explored. PMEM was submitted as part of the RFC (v2) series[1]. However, since then it was found that some callers of kmap() require a global implementation of PKS. Specifically some users of kmap() expect mappings to be available to all kernel threads. While global use of PKS is rare it needs to be included for correctness. Unfortunately the kmap() updates required a large patch series to make the needed changes at the various kmap() call sites so that patch set has been split out. Because the global PKS feature is only required for that use case it will be deferred to that set as well.[2] This patch set is being submitted as a precursor to both of the use cases. For an overview of the entire PKS ecosystem, a git tree including this series and the 2 use cases can be found here: https://github.com/weiny2/linux-kernel/tree/pks-rfc-v3 PKS enables protections on 'domains' of supervisor pages to limit supervisor mode access to those pages beyond the normal paging protections. PKS works in a similar fashion to user space pkeys, PKU. As with PKU, supervisor pkeys are checked in addition to normal paging protections and Access or Writes can be disabled via a MSR update without TLB flushes when permissions change. Also like PKU, a page mapping is assigned to a domain by setting pkey bits in the page table entry for that mapping. Access is controlled through a PKRS register which is updated via WRMSR/RDMSR. XSAVE is not supported for the PKRS MSR. Therefore the implementation saves/restores the MSR across context switches and during exceptions. Nested exceptions are supported by each exception getting a new PKS state. For consistent behavior with current paging protections, pkey 0 is reserved and configured to allow full access via the pkey mechanism, thus preserving the default paging protections on mappings with the default pkey value of 0. Other keys, (1-15) are allocated by an allocator which prepares us for key contention from day one. Kernel users should be prepared for the allocator to fail either because of key exhaustion or due to PKS not being supported on the arch and/or CPU instance. The following are key attributes of PKS. 1) Fast switching of permissions 1a) Prevents access without page table manipulations 1b) No TLB flushes required 2) Works on a per thread basis PKS is available with 4 and 5 level paging. Like PKRU it consumes 4 bits from the PTE to store the pkey within the entry. [1] https://lore.kernel.org/lkml/20200717072056.73134-1-ira.weiny@intel.com/ [2] https://github.com/weiny2/linux-kernel/commit/f10abb0f0d7b4e14f03fc8890313a5830cde1e49 and a testing patch https://github.com/weiny2/linux-kernel/commit/2a8e0fc7654a7c69b243d628f63b01ff26a5a797 Fenghua Yu (3): x86/fpu: Refactor arch_set_user_pkey_access() for PKS support x86/pks: Enable Protection Keys Supervisor (PKS) x86/pks: Add PKS kernel API Ira Weiny (6): x86/pkeys: Create pkeys_common.h x86/pks: Preserve the PKRS MSR on context switch x86/entry: Pass irqentry_state_t by reference x86/entry: Preserve PKRS MSR across exceptions x86/fault: Report the PKRS state on fault x86/pks: Add PKS test code Documentation/core-api/protection-keys.rst | 102 ++- arch/x86/Kconfig | 1 + arch/x86/entry/common.c | 57 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/idtentry.h | 29 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/pgtable.h | 13 +- arch/x86/include/asm/pgtable_types.h | 12 + arch/x86/include/asm/pkeys.h | 15 + arch/x86/include/asm/pkeys_common.h | 36 + arch/x86/include/asm/processor.h | 13 + arch/x86/include/uapi/asm/processor-flags.h | 2 + arch/x86/kernel/cpu/common.c | 17 + arch/x86/kernel/cpu/mce/core.c | 4 + arch/x86/kernel/fpu/xstate.c | 22 +- arch/x86/kernel/kvm.c | 4 +- arch/x86/kernel/nmi.c | 7 +- arch/x86/kernel/process.c | 21 + arch/x86/kernel/traps.c | 21 +- arch/x86/mm/fault.c | 86 ++- arch/x86/mm/pkeys.c | 188 +++++- include/linux/entry-common.h | 19 +- include/linux/pgtable.h | 4 + include/linux/pkeys.h | 23 +- kernel/entry/common.c | 28 +- lib/Kconfig.debug | 12 + lib/Makefile | 3 + lib/pks/Makefile | 3 + lib/pks/pks_test.c | 690 ++++++++++++++++++++ mm/Kconfig | 2 + tools/testing/selftests/x86/Makefile | 3 +- tools/testing/selftests/x86/test_pks.c | 65 ++ 32 files changed, 1376 insertions(+), 128 deletions(-) create mode 100644 arch/x86/include/asm/pkeys_common.h create mode 100644 lib/pks/Makefile create mode 100644 lib/pks/pks_test.c create mode 100644 tools/testing/selftests/x86/test_pks.c -- 2.28.0.rc0.12.gb6a658bd00c9 _______________________________________________ Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org To unsubscribe send an email to linux-nvdimm-leave@lists.01.org
WARNING: multiple messages have this Message-ID (diff)
From: ira.weiny@intel.com To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org> Cc: Ira Weiny <ira.weiny@intel.com>, x86@kernel.org, Dave Hansen <dave.hansen@linux.intel.com>, Dan Williams <dan.j.williams@intel.com>, Andrew Morton <akpm@linux-foundation.org>, Fenghua Yu <fenghua.yu@intel.com>, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nvdimm@lists.01.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: [PATCH RFC V3 0/9] PKS: Add Protection Keys Supervisor (PKS) support RFC v3 Date: Fri, 9 Oct 2020 12:42:49 -0700 [thread overview] Message-ID: <20201009194258.3207172-1-ira.weiny@intel.com> (raw) From: Ira Weiny <ira.weiny@intel.com> This RFC series has been reviewed by Dave Hansen. Introduce a new page protection mechanism for supervisor pages, Protection Key Supervisor (PKS). 2 use cases for PKS are being developed, trusted keys and PMEM. Trusted keys is a newer use case which is still being explored. PMEM was submitted as part of the RFC (v2) series[1]. However, since then it was found that some callers of kmap() require a global implementation of PKS. Specifically some users of kmap() expect mappings to be available to all kernel threads. While global use of PKS is rare it needs to be included for correctness. Unfortunately the kmap() updates required a large patch series to make the needed changes at the various kmap() call sites so that patch set has been split out. Because the global PKS feature is only required for that use case it will be deferred to that set as well.[2] This patch set is being submitted as a precursor to both of the use cases. For an overview of the entire PKS ecosystem, a git tree including this series and the 2 use cases can be found here: https://github.com/weiny2/linux-kernel/tree/pks-rfc-v3 PKS enables protections on 'domains' of supervisor pages to limit supervisor mode access to those pages beyond the normal paging protections. PKS works in a similar fashion to user space pkeys, PKU. As with PKU, supervisor pkeys are checked in addition to normal paging protections and Access or Writes can be disabled via a MSR update without TLB flushes when permissions change. Also like PKU, a page mapping is assigned to a domain by setting pkey bits in the page table entry for that mapping. Access is controlled through a PKRS register which is updated via WRMSR/RDMSR. XSAVE is not supported for the PKRS MSR. Therefore the implementation saves/restores the MSR across context switches and during exceptions. Nested exceptions are supported by each exception getting a new PKS state. For consistent behavior with current paging protections, pkey 0 is reserved and configured to allow full access via the pkey mechanism, thus preserving the default paging protections on mappings with the default pkey value of 0. Other keys, (1-15) are allocated by an allocator which prepares us for key contention from day one. Kernel users should be prepared for the allocator to fail either because of key exhaustion or due to PKS not being supported on the arch and/or CPU instance. The following are key attributes of PKS. 1) Fast switching of permissions 1a) Prevents access without page table manipulations 1b) No TLB flushes required 2) Works on a per thread basis PKS is available with 4 and 5 level paging. Like PKRU it consumes 4 bits from the PTE to store the pkey within the entry. [1] https://lore.kernel.org/lkml/20200717072056.73134-1-ira.weiny@intel.com/ [2] https://github.com/weiny2/linux-kernel/commit/f10abb0f0d7b4e14f03fc8890313a5830cde1e49 and a testing patch https://github.com/weiny2/linux-kernel/commit/2a8e0fc7654a7c69b243d628f63b01ff26a5a797 Fenghua Yu (3): x86/fpu: Refactor arch_set_user_pkey_access() for PKS support x86/pks: Enable Protection Keys Supervisor (PKS) x86/pks: Add PKS kernel API Ira Weiny (6): x86/pkeys: Create pkeys_common.h x86/pks: Preserve the PKRS MSR on context switch x86/entry: Pass irqentry_state_t by reference x86/entry: Preserve PKRS MSR across exceptions x86/fault: Report the PKRS state on fault x86/pks: Add PKS test code Documentation/core-api/protection-keys.rst | 102 ++- arch/x86/Kconfig | 1 + arch/x86/entry/common.c | 57 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/idtentry.h | 29 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/pgtable.h | 13 +- arch/x86/include/asm/pgtable_types.h | 12 + arch/x86/include/asm/pkeys.h | 15 + arch/x86/include/asm/pkeys_common.h | 36 + arch/x86/include/asm/processor.h | 13 + arch/x86/include/uapi/asm/processor-flags.h | 2 + arch/x86/kernel/cpu/common.c | 17 + arch/x86/kernel/cpu/mce/core.c | 4 + arch/x86/kernel/fpu/xstate.c | 22 +- arch/x86/kernel/kvm.c | 4 +- arch/x86/kernel/nmi.c | 7 +- arch/x86/kernel/process.c | 21 + arch/x86/kernel/traps.c | 21 +- arch/x86/mm/fault.c | 86 ++- arch/x86/mm/pkeys.c | 188 +++++- include/linux/entry-common.h | 19 +- include/linux/pgtable.h | 4 + include/linux/pkeys.h | 23 +- kernel/entry/common.c | 28 +- lib/Kconfig.debug | 12 + lib/Makefile | 3 + lib/pks/Makefile | 3 + lib/pks/pks_test.c | 690 ++++++++++++++++++++ mm/Kconfig | 2 + tools/testing/selftests/x86/Makefile | 3 +- tools/testing/selftests/x86/test_pks.c | 65 ++ 32 files changed, 1376 insertions(+), 128 deletions(-) create mode 100644 arch/x86/include/asm/pkeys_common.h create mode 100644 lib/pks/Makefile create mode 100644 lib/pks/pks_test.c create mode 100644 tools/testing/selftests/x86/test_pks.c -- 2.28.0.rc0.12.gb6a658bd00c9
next reply other threads:[~2020-10-09 19:43 UTC|newest] Thread overview: 94+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-10-09 19:42 ira.weiny [this message] 2020-10-09 19:42 ` [PATCH RFC V3 0/9] PKS: Add Protection Keys Supervisor (PKS) support RFC v3 ira.weiny 2020-10-09 19:42 ` [PATCH RFC V3 1/9] x86/pkeys: Create pkeys_common.h ira.weiny 2020-10-09 19:42 ` ira.weiny 2020-10-13 17:46 ` Dave Hansen 2020-10-13 17:46 ` Dave Hansen 2020-10-13 19:44 ` Ira Weiny 2020-10-13 19:44 ` Ira Weiny 2020-10-09 19:42 ` [PATCH RFC V3 2/9] x86/fpu: Refactor arch_set_user_pkey_access() for PKS support ira.weiny 2020-10-09 19:42 ` ira.weiny 2020-10-13 17:50 ` Dave Hansen 2020-10-13 17:50 ` Dave Hansen 2020-10-13 23:56 ` Ira Weiny 2020-10-13 23:56 ` Ira Weiny 2020-10-16 10:57 ` Peter Zijlstra 2020-10-16 10:57 ` Peter Zijlstra 2020-10-17 3:32 ` Ira Weiny 2020-10-17 3:32 ` Ira Weiny 2020-10-19 9:35 ` Peter Zijlstra 2020-10-19 9:35 ` Peter Zijlstra 2020-10-09 19:42 ` [PATCH RFC V3 3/9] x86/pks: Enable Protection Keys Supervisor (PKS) ira.weiny 2020-10-09 19:42 ` ira.weiny 2020-10-13 18:23 ` Dave Hansen 2020-10-13 18:23 ` Dave Hansen 2020-10-14 2:08 ` Ira Weiny 2020-10-14 2:08 ` Ira Weiny 2020-10-09 19:42 ` [PATCH RFC V3 4/9] x86/pks: Preserve the PKRS MSR on context switch ira.weiny 2020-10-09 19:42 ` ira.weiny 2020-10-13 18:31 ` Dave Hansen 2020-10-13 18:31 ` Dave Hansen 2020-10-14 22:36 ` Ira Weiny 2020-10-14 22:36 ` Ira Weiny 2020-10-16 11:12 ` Peter Zijlstra 2020-10-16 11:12 ` Peter Zijlstra 2020-10-17 5:14 ` Ira Weiny 2020-10-17 5:14 ` Ira Weiny 2020-10-19 9:37 ` Peter Zijlstra 2020-10-19 9:37 ` Peter Zijlstra 2020-10-19 18:48 ` Ira Weiny 2020-10-19 18:48 ` Ira Weiny 2020-10-16 11:06 ` Peter Zijlstra 2020-10-16 11:06 ` Peter Zijlstra 2020-10-17 5:37 ` Ira Weiny 2020-10-17 5:37 ` Ira Weiny 2020-10-09 19:42 ` [PATCH RFC V3 5/9] x86/pks: Add PKS kernel API ira.weiny 2020-10-09 19:42 ` ira.weiny 2020-10-13 18:43 ` Dave Hansen 2020-10-13 18:43 ` Dave Hansen 2020-10-15 1:08 ` Ira Weiny 2020-10-15 1:08 ` Ira Weiny 2020-10-16 11:07 ` Peter Zijlstra 2020-10-16 11:07 ` Peter Zijlstra 2020-10-17 5:42 ` Ira Weiny 2020-10-17 5:42 ` Ira Weiny 2020-10-09 19:42 ` [PATCH RFC V3 6/9] x86/entry: Pass irqentry_state_t by reference ira.weiny 2020-10-09 19:42 ` ira.weiny 2020-10-16 11:45 ` Peter Zijlstra 2020-10-16 11:45 ` Peter Zijlstra 2020-10-16 12:55 ` Thomas Gleixner 2020-10-16 12:55 ` Thomas Gleixner 2020-10-19 5:37 ` Ira Weiny 2020-10-19 5:37 ` Ira Weiny 2020-10-19 9:32 ` Thomas Gleixner 2020-10-19 9:32 ` Thomas Gleixner 2020-10-19 20:26 ` Ira Weiny 2020-10-19 20:26 ` Ira Weiny 2020-10-19 21:12 ` Thomas Gleixner 2020-10-19 21:12 ` Thomas Gleixner 2020-10-20 14:10 ` Ira Weiny 2020-10-20 14:10 ` Ira Weiny 2020-10-09 19:42 ` [PATCH RFC V3 7/9] x86/entry: Preserve PKRS MSR across exceptions ira.weiny 2020-10-09 19:42 ` ira.weiny 2020-10-13 18:52 ` Dave Hansen 2020-10-13 18:52 ` Dave Hansen 2020-10-15 3:46 ` Ira Weiny 2020-10-15 3:46 ` Ira Weiny 2020-10-15 4:06 ` Dave Hansen 2020-10-15 4:06 ` Dave Hansen 2020-10-15 4:18 ` Ira Weiny 2020-10-15 4:18 ` Ira Weiny 2020-10-09 19:42 ` [PATCH RFC V3 8/9] x86/fault: Report the PKRS state on fault ira.weiny 2020-10-09 19:42 ` ira.weiny 2020-10-13 18:56 ` Dave Hansen 2020-10-13 18:56 ` Dave Hansen 2020-10-15 4:13 ` Ira Weiny 2020-10-15 4:13 ` Ira Weiny 2020-10-09 19:42 ` [PATCH RFC V3 9/9] x86/pks: Add PKS test code ira.weiny 2020-10-09 19:42 ` ira.weiny 2020-10-13 19:02 ` Dave Hansen 2020-10-13 19:02 ` Dave Hansen 2020-10-15 4:46 ` Ira Weiny 2020-10-15 4:46 ` Ira Weiny 2020-10-09 20:18 ` [PATCH RFC V3 0/9] PKS: Add Protection Keys Supervisor (PKS) support RFC v3 Ira Weiny 2020-10-09 20:18 ` Ira Weiny
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20201009194258.3207172-1-ira.weiny@intel.com \ --to=ira.weiny@intel.com \ --cc=akpm@linux-foundation.org \ --cc=bp@alien8.de \ --cc=dave.hansen@linux.intel.com \ --cc=fenghua.yu@intel.com \ --cc=linux-doc@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-kselftest@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-nvdimm@lists.01.org \ --cc=luto@kernel.org \ --cc=mingo@redhat.com \ --cc=peterz@infradead.org \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.