From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22EB1C433F5 for ; Thu, 4 Nov 2021 02:32:31 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F1E646113B for ; Thu, 4 Nov 2021 02:32:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230011AbhKDCfG (ORCPT ); Wed, 3 Nov 2021 22:35:06 -0400 Received: from mailgw01.mediatek.com ([60.244.123.138]:59016 "EHLO mailgw01.mediatek.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S229541AbhKDCfC (ORCPT ); Wed, 3 Nov 2021 22:35:02 -0400 X-UUID: b5a848c057d7456daea1530d568a627c-20211104 X-UUID: b5a848c057d7456daea1530d568a627c-20211104 Received: from mtkexhb02.mediatek.inc [(172.21.101.103)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 541227360; Thu, 04 Nov 2021 10:32:23 +0800 Received: from mtkmbs10n2.mediatek.inc (172.21.101.183) by mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 4 Nov 2021 10:32:22 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by mtkmbs10n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.792.3 via Frontend Transport; Thu, 4 Nov 2021 10:32:22 +0800 From: Walter Wu To: Christoph Hellwig , Marek Szyprowski , Robin Murphy , "Matthias Brugger" , Ard Biesheuvel , "Andrew Morton" CC: , , , wsd_upstream , , Walter Wu Subject: [PATCH v2] dma-direct: improve DMA_ATTR_NO_KERNEL_MAPPING Date: Thu, 4 Nov 2021 10:32:21 +0800 Message-ID: <20211104023221.16391-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 Content-Type: text/plain X-MTK: N Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org When the allocated buffers use dma coherent memory with DMA_ATTR_NO_KERNEL_MAPPING, then its kernel mapping is exist. The caller use that DMA_ATTR_NO_KERNEL_MAPPING mean they can't rely on kernel mapping, but removing kernel mapping have some improvements. The improvements are: a) Security improvement. In some cases, we don't hope the allocated buffer to be read by cpu speculative execution. Therefore, it need to remove kernel mapping, this patch improve DMA_ATTR_NO_KERNEL_MAPPING to remove a page from kernel mapping in order that cpu doesn't read it. b) Debugging improvement. If the allocated buffer map into user space, only access it in user space, nobody can access it in kernel space, so we can use this patch to see who try to access it in kernel space. This patch only works if the memory is mapping at page granularity in the linear region, so that current only support for ARM64. Signed-off-by: Walter Wu Suggested-by: Christoph Hellwig Suggested-by: Ard Biesheuvel Cc: Christoph Hellwig Cc: Marek Szyprowski Cc: Robin Murphy Cc: Matthias Brugger Cc: Ard Biesheuvel Cc: Andrew Morton --- v2: 1. modify commit message and fix the removing mapping for arm64 2. fix build error for x86 --- include/linux/set_memory.h | 5 +++++ kernel/dma/direct.c | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h index f36be5166c19..6c7d1683339c 100644 --- a/include/linux/set_memory.h +++ b/include/linux/set_memory.h @@ -7,11 +7,16 @@ #ifdef CONFIG_ARCH_HAS_SET_MEMORY #include + +#ifndef CONFIG_RODATA_FULL_DEFAULT_ENABLED +static inline int set_memory_valid(unsigned long addr, int numpages, int enable) { return 0; } +#endif #else static inline int set_memory_ro(unsigned long addr, int numpages) { return 0; } static inline int set_memory_rw(unsigned long addr, int numpages) { return 0; } static inline int set_memory_x(unsigned long addr, int numpages) { return 0; } static inline int set_memory_nx(unsigned long addr, int numpages) { return 0; } +static inline int set_memory_valid(unsigned long addr, int numpages, int enable) { return 0; } #endif #ifndef CONFIG_ARCH_HAS_SET_DIRECT_MAP diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c index 4c6c5e0635e3..d5d03b51b708 100644 --- a/kernel/dma/direct.c +++ b/kernel/dma/direct.c @@ -155,6 +155,7 @@ void *dma_direct_alloc(struct device *dev, size_t size, struct page *page; void *ret; int err; + unsigned long kaddr; size = PAGE_ALIGN(size); if (attrs & DMA_ATTR_NO_WARN) @@ -169,6 +170,11 @@ void *dma_direct_alloc(struct device *dev, size_t size, if (!PageHighMem(page)) arch_dma_prep_coherent(page, size); *dma_handle = phys_to_dma_direct(dev, page_to_phys(page)); + if (IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED)) { + kaddr = (unsigned long)phys_to_virt(dma_to_phys(dev, *dma_handle)); + /* page remove kernel mapping for arm64 */ + set_memory_valid(kaddr, size >> PAGE_SHIFT, 0); + } /* return the page pointer as the opaque cookie */ return page; } @@ -275,9 +281,16 @@ void dma_direct_free(struct device *dev, size_t size, void *cpu_addr, dma_addr_t dma_addr, unsigned long attrs) { unsigned int page_order = get_order(size); + unsigned long kaddr; if ((attrs & DMA_ATTR_NO_KERNEL_MAPPING) && !force_dma_unencrypted(dev) && !is_swiotlb_for_alloc(dev)) { + if (IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED)) { + size = PAGE_ALIGN(size); + kaddr = (unsigned long)phys_to_virt(dma_to_phys(dev, dma_addr)); + /* page create kernel mapping for arm64 */ + set_memory_valid(kaddr, size >> PAGE_SHIFT, 1); + } /* cpu_addr is a struct page cookie, not a kernel address */ dma_free_contiguous(dev, cpu_addr, size); return; -- 2.18.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DFA47C433EF for ; Thu, 4 Nov 2021 02:32:36 +0000 (UTC) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 7B1076113B for ; Thu, 4 Nov 2021 02:32:36 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 7B1076113B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.linux-foundation.org Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 3ADE440502; Thu, 4 Nov 2021 02:32:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tYHmevlsArGV; Thu, 4 Nov 2021 02:32:35 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp4.osuosl.org (Postfix) with ESMTPS id 23565404FE; Thu, 4 Nov 2021 02:32:35 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id F0871C0019; Thu, 4 Nov 2021 02:32:34 +0000 (UTC) Received: from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138]) by lists.linuxfoundation.org (Postfix) with ESMTP id 98A04C000E for ; Thu, 4 Nov 2021 02:32:32 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 93EC481551 for ; Thu, 4 Nov 2021 02:32:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t2UR83GftBOs for ; Thu, 4 Nov 2021 02:32:28 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from mailgw01.mediatek.com (unknown [60.244.123.138]) by smtp1.osuosl.org (Postfix) with ESMTPS id 851C680F79 for ; Thu, 4 Nov 2021 02:32:27 +0000 (UTC) X-UUID: b5a848c057d7456daea1530d568a627c-20211104 X-UUID: b5a848c057d7456daea1530d568a627c-20211104 Received: from mtkexhb02.mediatek.inc [(172.21.101.103)] by mailgw01.mediatek.com (envelope-from ) (Generic MTA with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 541227360; Thu, 04 Nov 2021 10:32:23 +0800 Received: from mtkmbs10n2.mediatek.inc (172.21.101.183) by mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 4 Nov 2021 10:32:22 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by mtkmbs10n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.792.3 via Frontend Transport; Thu, 4 Nov 2021 10:32:22 +0800 From: Walter Wu To: Christoph Hellwig , Marek Szyprowski , Robin Murphy , "Matthias Brugger" , Ard Biesheuvel , "Andrew Morton" Subject: [PATCH v2] dma-direct: improve DMA_ATTR_NO_KERNEL_MAPPING Date: Thu, 4 Nov 2021 10:32:21 +0800 Message-ID: <20211104023221.16391-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-MTK: N Cc: Walter Wu , wsd_upstream , linux-kernel@vger.kernel.org, iommu@lists.linux-foundation.org, linux-mediatek@lists.infradead.org, linux-arm-kernel@lists.infradead.org X-BeenThere: iommu@lists.linux-foundation.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Development issues for Linux IOMMU support List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: iommu-bounces@lists.linux-foundation.org Sender: "iommu" When the allocated buffers use dma coherent memory with DMA_ATTR_NO_KERNEL_MAPPING, then its kernel mapping is exist. The caller use that DMA_ATTR_NO_KERNEL_MAPPING mean they can't rely on kernel mapping, but removing kernel mapping have some improvements. The improvements are: a) Security improvement. In some cases, we don't hope the allocated buffer to be read by cpu speculative execution. Therefore, it need to remove kernel mapping, this patch improve DMA_ATTR_NO_KERNEL_MAPPING to remove a page from kernel mapping in order that cpu doesn't read it. b) Debugging improvement. If the allocated buffer map into user space, only access it in user space, nobody can access it in kernel space, so we can use this patch to see who try to access it in kernel space. This patch only works if the memory is mapping at page granularity in the linear region, so that current only support for ARM64. Signed-off-by: Walter Wu Suggested-by: Christoph Hellwig Suggested-by: Ard Biesheuvel Cc: Christoph Hellwig Cc: Marek Szyprowski Cc: Robin Murphy Cc: Matthias Brugger Cc: Ard Biesheuvel Cc: Andrew Morton --- v2: 1. modify commit message and fix the removing mapping for arm64 2. fix build error for x86 --- include/linux/set_memory.h | 5 +++++ kernel/dma/direct.c | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h index f36be5166c19..6c7d1683339c 100644 --- a/include/linux/set_memory.h +++ b/include/linux/set_memory.h @@ -7,11 +7,16 @@ #ifdef CONFIG_ARCH_HAS_SET_MEMORY #include + +#ifndef CONFIG_RODATA_FULL_DEFAULT_ENABLED +static inline int set_memory_valid(unsigned long addr, int numpages, int enable) { return 0; } +#endif #else static inline int set_memory_ro(unsigned long addr, int numpages) { return 0; } static inline int set_memory_rw(unsigned long addr, int numpages) { return 0; } static inline int set_memory_x(unsigned long addr, int numpages) { return 0; } static inline int set_memory_nx(unsigned long addr, int numpages) { return 0; } +static inline int set_memory_valid(unsigned long addr, int numpages, int enable) { return 0; } #endif #ifndef CONFIG_ARCH_HAS_SET_DIRECT_MAP diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c index 4c6c5e0635e3..d5d03b51b708 100644 --- a/kernel/dma/direct.c +++ b/kernel/dma/direct.c @@ -155,6 +155,7 @@ void *dma_direct_alloc(struct device *dev, size_t size, struct page *page; void *ret; int err; + unsigned long kaddr; size = PAGE_ALIGN(size); if (attrs & DMA_ATTR_NO_WARN) @@ -169,6 +170,11 @@ void *dma_direct_alloc(struct device *dev, size_t size, if (!PageHighMem(page)) arch_dma_prep_coherent(page, size); *dma_handle = phys_to_dma_direct(dev, page_to_phys(page)); + if (IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED)) { + kaddr = (unsigned long)phys_to_virt(dma_to_phys(dev, *dma_handle)); + /* page remove kernel mapping for arm64 */ + set_memory_valid(kaddr, size >> PAGE_SHIFT, 0); + } /* return the page pointer as the opaque cookie */ return page; } @@ -275,9 +281,16 @@ void dma_direct_free(struct device *dev, size_t size, void *cpu_addr, dma_addr_t dma_addr, unsigned long attrs) { unsigned int page_order = get_order(size); + unsigned long kaddr; if ((attrs & DMA_ATTR_NO_KERNEL_MAPPING) && !force_dma_unencrypted(dev) && !is_swiotlb_for_alloc(dev)) { + if (IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED)) { + size = PAGE_ALIGN(size); + kaddr = (unsigned long)phys_to_virt(dma_to_phys(dev, dma_addr)); + /* page create kernel mapping for arm64 */ + set_memory_valid(kaddr, size >> PAGE_SHIFT, 1); + } /* cpu_addr is a struct page cookie, not a kernel address */ dma_free_contiguous(dev, cpu_addr, size); return; -- 2.18.0 _______________________________________________ iommu mailing list iommu@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/iommu From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5AF03C433FE for ; Thu, 4 Nov 2021 02:33:00 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 217436113B for ; Thu, 4 Nov 2021 02:33:00 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 217436113B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=Z8gLCralPgv6TXAjggCC+UFrSHWJxF/XSkq+RZS8wfo=; b=XMWORlDmwSigz+ /jJhafgLWZeMttCVtWj5Snh0J3GclP5C5At9Hl1lj2WxmA+7FVZTr7qoi0LPhVIgd1pcfbUKd7zOo pvKSjyPLteawnWQf87bB8aEHPTEuBnEkUZmHwdJz1HTjsRhFN0CO6/y1KpYF4214m0W84w1CqkRgP HLkkGCtwYx/lKPzLCjxdj2kub02e4LHXIYOyjwE7wE2HO+NqmNWgAPXStu8fjij/jvHAhVU7YqzUE TabFhp4wvtfVkBErF7zRQR2YnC0BSDYyDec8Rq13E6utd3N3G9uUvcW56b4x/cxMBQmUH3j8rHlsz vTiETLfmOxFMopPjbj4Q==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1miSYY-007clB-6R; Thu, 04 Nov 2021 02:32:46 +0000 Received: from mailgw02.mediatek.com ([216.200.240.185]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1miSYK-007chO-4s; Thu, 04 Nov 2021 02:32:35 +0000 X-UUID: a12a9c0f749a4598849fee577b6144d2-20211103 X-UUID: a12a9c0f749a4598849fee577b6144d2-20211103 Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by mailgw02.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 667086334; Wed, 03 Nov 2021 19:32:25 -0700 Received: from mtkmbs10n2.mediatek.inc (172.21.101.183) by MTKMBS62N1.mediatek.inc (172.29.193.41) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 3 Nov 2021 19:32:23 -0700 Received: from mtkmbs10n2.mediatek.inc (172.21.101.183) by mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 4 Nov 2021 10:32:22 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by mtkmbs10n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.792.3 via Frontend Transport; Thu, 4 Nov 2021 10:32:22 +0800 From: Walter Wu To: Christoph Hellwig , Marek Szyprowski , Robin Murphy , "Matthias Brugger" , Ard Biesheuvel , "Andrew Morton" CC: , , , wsd_upstream , , Walter Wu Subject: [PATCH v2] dma-direct: improve DMA_ATTR_NO_KERNEL_MAPPING Date: Thu, 4 Nov 2021 10:32:21 +0800 Message-ID: <20211104023221.16391-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211103_193232_224397_F7ABB18D X-CRM114-Status: GOOD ( 21.68 ) X-BeenThere: linux-mediatek@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Linux-mediatek" Errors-To: linux-mediatek-bounces+linux-mediatek=archiver.kernel.org@lists.infradead.org When the allocated buffers use dma coherent memory with DMA_ATTR_NO_KERNEL_MAPPING, then its kernel mapping is exist. The caller use that DMA_ATTR_NO_KERNEL_MAPPING mean they can't rely on kernel mapping, but removing kernel mapping have some improvements. The improvements are: a) Security improvement. In some cases, we don't hope the allocated buffer to be read by cpu speculative execution. Therefore, it need to remove kernel mapping, this patch improve DMA_ATTR_NO_KERNEL_MAPPING to remove a page from kernel mapping in order that cpu doesn't read it. b) Debugging improvement. If the allocated buffer map into user space, only access it in user space, nobody can access it in kernel space, so we can use this patch to see who try to access it in kernel space. This patch only works if the memory is mapping at page granularity in the linear region, so that current only support for ARM64. Signed-off-by: Walter Wu Suggested-by: Christoph Hellwig Suggested-by: Ard Biesheuvel Cc: Christoph Hellwig Cc: Marek Szyprowski Cc: Robin Murphy Cc: Matthias Brugger Cc: Ard Biesheuvel Cc: Andrew Morton --- v2: 1. modify commit message and fix the removing mapping for arm64 2. fix build error for x86 --- include/linux/set_memory.h | 5 +++++ kernel/dma/direct.c | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h index f36be5166c19..6c7d1683339c 100644 --- a/include/linux/set_memory.h +++ b/include/linux/set_memory.h @@ -7,11 +7,16 @@ #ifdef CONFIG_ARCH_HAS_SET_MEMORY #include + +#ifndef CONFIG_RODATA_FULL_DEFAULT_ENABLED +static inline int set_memory_valid(unsigned long addr, int numpages, int enable) { return 0; } +#endif #else static inline int set_memory_ro(unsigned long addr, int numpages) { return 0; } static inline int set_memory_rw(unsigned long addr, int numpages) { return 0; } static inline int set_memory_x(unsigned long addr, int numpages) { return 0; } static inline int set_memory_nx(unsigned long addr, int numpages) { return 0; } +static inline int set_memory_valid(unsigned long addr, int numpages, int enable) { return 0; } #endif #ifndef CONFIG_ARCH_HAS_SET_DIRECT_MAP diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c index 4c6c5e0635e3..d5d03b51b708 100644 --- a/kernel/dma/direct.c +++ b/kernel/dma/direct.c @@ -155,6 +155,7 @@ void *dma_direct_alloc(struct device *dev, size_t size, struct page *page; void *ret; int err; + unsigned long kaddr; size = PAGE_ALIGN(size); if (attrs & DMA_ATTR_NO_WARN) @@ -169,6 +170,11 @@ void *dma_direct_alloc(struct device *dev, size_t size, if (!PageHighMem(page)) arch_dma_prep_coherent(page, size); *dma_handle = phys_to_dma_direct(dev, page_to_phys(page)); + if (IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED)) { + kaddr = (unsigned long)phys_to_virt(dma_to_phys(dev, *dma_handle)); + /* page remove kernel mapping for arm64 */ + set_memory_valid(kaddr, size >> PAGE_SHIFT, 0); + } /* return the page pointer as the opaque cookie */ return page; } @@ -275,9 +281,16 @@ void dma_direct_free(struct device *dev, size_t size, void *cpu_addr, dma_addr_t dma_addr, unsigned long attrs) { unsigned int page_order = get_order(size); + unsigned long kaddr; if ((attrs & DMA_ATTR_NO_KERNEL_MAPPING) && !force_dma_unencrypted(dev) && !is_swiotlb_for_alloc(dev)) { + if (IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED)) { + size = PAGE_ALIGN(size); + kaddr = (unsigned long)phys_to_virt(dma_to_phys(dev, dma_addr)); + /* page create kernel mapping for arm64 */ + set_memory_valid(kaddr, size >> PAGE_SHIFT, 1); + } /* cpu_addr is a struct page cookie, not a kernel address */ dma_free_contiguous(dev, cpu_addr, size); return; -- 2.18.0 _______________________________________________ Linux-mediatek mailing list Linux-mediatek@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-mediatek From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8646BC433F5 for ; Thu, 4 Nov 2021 02:33:57 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4336C6113B for ; Thu, 4 Nov 2021 02:33:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 4336C6113B Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=mediatek.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=AcSvuxgCEGInyaEWgpv7SQckHo7zlTo3/aF6PxPrPbs=; b=VQy/7TzlaNSB42 b57TAbkonwwKEQXB8bpggsrMowSc+o6BRni4GiSwjhXrjl3kay64G6J9+UwrK0uGR5YvV/BreA7Gu MFz4idkqIsRBf39wC0+aj2UwZEjjOZH/XaCUsqPmq6QqgEh1OCKPdfP3hUFA/0QIs1TJ/1vEEsFsx jMV3XjS6LTIjw94BzK0LupGiwcr2EjmgRBeWMR4MLAg2kHUauKJF2NWNpyGwrS9XUeedC3hOnHG37 YQ1qCp1gewJyuTpIAj5mWxB/eOYTf+y72obMw/cp3eObkQdpSva3ujRxUa054PmWuIVePHdNrXKMb 2JCe58+7YFa4CvkX49+A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1miSYP-007cjE-7N; Thu, 04 Nov 2021 02:32:37 +0000 Received: from mailgw02.mediatek.com ([216.200.240.185]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1miSYK-007chO-4s; Thu, 04 Nov 2021 02:32:35 +0000 X-UUID: a12a9c0f749a4598849fee577b6144d2-20211103 X-UUID: a12a9c0f749a4598849fee577b6144d2-20211103 Received: from mtkcas66.mediatek.inc [(172.29.193.44)] by mailgw02.mediatek.com (envelope-from ) (musrelay.mediatek.com ESMTP with TLSv1.2 ECDHE-RSA-AES256-SHA384 256/256) with ESMTP id 667086334; Wed, 03 Nov 2021 19:32:25 -0700 Received: from mtkmbs10n2.mediatek.inc (172.21.101.183) by MTKMBS62N1.mediatek.inc (172.29.193.41) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 3 Nov 2021 19:32:23 -0700 Received: from mtkmbs10n2.mediatek.inc (172.21.101.183) by mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.792.3; Thu, 4 Nov 2021 10:32:22 +0800 Received: from mtksdccf07.mediatek.inc (172.21.84.99) by mtkmbs10n2.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id 15.2.792.3 via Frontend Transport; Thu, 4 Nov 2021 10:32:22 +0800 From: Walter Wu To: Christoph Hellwig , Marek Szyprowski , Robin Murphy , "Matthias Brugger" , Ard Biesheuvel , "Andrew Morton" CC: , , , wsd_upstream , , Walter Wu Subject: [PATCH v2] dma-direct: improve DMA_ATTR_NO_KERNEL_MAPPING Date: Thu, 4 Nov 2021 10:32:21 +0800 Message-ID: <20211104023221.16391-1-walter-zh.wu@mediatek.com> X-Mailer: git-send-email 2.18.0 MIME-Version: 1.0 X-MTK: N X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211103_193232_224397_F7ABB18D X-CRM114-Status: GOOD ( 21.68 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org When the allocated buffers use dma coherent memory with DMA_ATTR_NO_KERNEL_MAPPING, then its kernel mapping is exist. The caller use that DMA_ATTR_NO_KERNEL_MAPPING mean they can't rely on kernel mapping, but removing kernel mapping have some improvements. The improvements are: a) Security improvement. In some cases, we don't hope the allocated buffer to be read by cpu speculative execution. Therefore, it need to remove kernel mapping, this patch improve DMA_ATTR_NO_KERNEL_MAPPING to remove a page from kernel mapping in order that cpu doesn't read it. b) Debugging improvement. If the allocated buffer map into user space, only access it in user space, nobody can access it in kernel space, so we can use this patch to see who try to access it in kernel space. This patch only works if the memory is mapping at page granularity in the linear region, so that current only support for ARM64. Signed-off-by: Walter Wu Suggested-by: Christoph Hellwig Suggested-by: Ard Biesheuvel Cc: Christoph Hellwig Cc: Marek Szyprowski Cc: Robin Murphy Cc: Matthias Brugger Cc: Ard Biesheuvel Cc: Andrew Morton --- v2: 1. modify commit message and fix the removing mapping for arm64 2. fix build error for x86 --- include/linux/set_memory.h | 5 +++++ kernel/dma/direct.c | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/include/linux/set_memory.h b/include/linux/set_memory.h index f36be5166c19..6c7d1683339c 100644 --- a/include/linux/set_memory.h +++ b/include/linux/set_memory.h @@ -7,11 +7,16 @@ #ifdef CONFIG_ARCH_HAS_SET_MEMORY #include + +#ifndef CONFIG_RODATA_FULL_DEFAULT_ENABLED +static inline int set_memory_valid(unsigned long addr, int numpages, int enable) { return 0; } +#endif #else static inline int set_memory_ro(unsigned long addr, int numpages) { return 0; } static inline int set_memory_rw(unsigned long addr, int numpages) { return 0; } static inline int set_memory_x(unsigned long addr, int numpages) { return 0; } static inline int set_memory_nx(unsigned long addr, int numpages) { return 0; } +static inline int set_memory_valid(unsigned long addr, int numpages, int enable) { return 0; } #endif #ifndef CONFIG_ARCH_HAS_SET_DIRECT_MAP diff --git a/kernel/dma/direct.c b/kernel/dma/direct.c index 4c6c5e0635e3..d5d03b51b708 100644 --- a/kernel/dma/direct.c +++ b/kernel/dma/direct.c @@ -155,6 +155,7 @@ void *dma_direct_alloc(struct device *dev, size_t size, struct page *page; void *ret; int err; + unsigned long kaddr; size = PAGE_ALIGN(size); if (attrs & DMA_ATTR_NO_WARN) @@ -169,6 +170,11 @@ void *dma_direct_alloc(struct device *dev, size_t size, if (!PageHighMem(page)) arch_dma_prep_coherent(page, size); *dma_handle = phys_to_dma_direct(dev, page_to_phys(page)); + if (IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED)) { + kaddr = (unsigned long)phys_to_virt(dma_to_phys(dev, *dma_handle)); + /* page remove kernel mapping for arm64 */ + set_memory_valid(kaddr, size >> PAGE_SHIFT, 0); + } /* return the page pointer as the opaque cookie */ return page; } @@ -275,9 +281,16 @@ void dma_direct_free(struct device *dev, size_t size, void *cpu_addr, dma_addr_t dma_addr, unsigned long attrs) { unsigned int page_order = get_order(size); + unsigned long kaddr; if ((attrs & DMA_ATTR_NO_KERNEL_MAPPING) && !force_dma_unencrypted(dev) && !is_swiotlb_for_alloc(dev)) { + if (IS_ENABLED(CONFIG_RODATA_FULL_DEFAULT_ENABLED)) { + size = PAGE_ALIGN(size); + kaddr = (unsigned long)phys_to_virt(dma_to_phys(dev, dma_addr)); + /* page create kernel mapping for arm64 */ + set_memory_valid(kaddr, size >> PAGE_SHIFT, 1); + } /* cpu_addr is a struct page cookie, not a kernel address */ dma_free_contiguous(dev, cpu_addr, size); return; -- 2.18.0 _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel