From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 62F82C4363A for ; Fri, 9 Oct 2020 19:43:18 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 09F3C22282 for ; Fri, 9 Oct 2020 19:43:17 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 09F3C22282 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 79B7D6B006E; Fri, 9 Oct 2020 15:43:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7222C6B0070; Fri, 9 Oct 2020 15:43:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 48BFB6B0071; Fri, 9 Oct 2020 15:43:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0046.hostedemail.com [216.40.44.46]) by kanga.kvack.org (Postfix) with ESMTP id 142896B006E for ; Fri, 9 Oct 2020 15:43:17 -0400 (EDT) Received: from smtpin02.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id AD5521EE6 for ; Fri, 9 Oct 2020 19:43:16 +0000 (UTC) X-FDA: 77353410792.02.shelf33_1409634271e3 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin02.hostedemail.com (Postfix) with ESMTP id 8CD41101D65E8 for ; Fri, 9 Oct 2020 19:43:16 +0000 (UTC) X-HE-Tag: shelf33_1409634271e3 X-Filterd-Recvd-Size: 6477 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf11.hostedemail.com (Postfix) with ESMTP for ; Fri, 9 Oct 2020 19:43:15 +0000 (UTC) IronPort-SDR: rIs50T0bxeo/H2SpMO5sQQl273A97E4vNN08AJdPcW4LtyqUt3iSSbjAj6fbIa75Pu2/BALrM/ RHoHI/ewh3AQ== X-IronPort-AV: E=McAfee;i="6000,8403,9769"; a="153362801" X-IronPort-AV: E=Sophos;i="5.77,355,1596524400"; d="scan'208";a="153362801" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Oct 2020 12:43:14 -0700 IronPort-SDR: Bmxu3eOmFc0uMWdOYbGyxDst27ek460QQaA0jACDAJb/72j7sCwXxdbb3Cq/ClpAgeJlqRV77v yAfycEpcJEhg== X-IronPort-AV: E=Sophos;i="5.77,355,1596524400"; d="scan'208";a="317145592" Received: from iweiny-desk2.sc.intel.com (HELO localhost) ([10.3.52.147]) by orsmga006-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Oct 2020 12:43:13 -0700 From: ira.weiny@intel.com To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Andy Lutomirski , Peter Zijlstra Cc: Fenghua Yu , Dan Williams , Ira Weiny , x86@kernel.org, Dave Hansen , Andrew Morton , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nvdimm@lists.01.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: [PATCH RFC V3 3/9] x86/pks: Enable Protection Keys Supervisor (PKS) Date: Fri, 9 Oct 2020 12:42:52 -0700 Message-Id: <20201009194258.3207172-4-ira.weiny@intel.com> X-Mailer: git-send-email 2.28.0.rc0.12.gb6a658bd00c9 In-Reply-To: <20201009194258.3207172-1-ira.weiny@intel.com> References: <20201009194258.3207172-1-ira.weiny@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Fenghua Yu Protection Keys for Supervisor pages (PKS) enables fast, hardware thread specific, manipulation of permission restrictions on supervisor page mappings. It uses the same mechanism of Protection Keys as those on User mappings but applies that mechanism to supervisor mappings using a supervisor specific MSR. Kernel users can thus defines 'domains' of page mappings which have an extra level of protection beyond those specified in the supervisor page table entries. Define ARCH_HAS_SUPERVISOR_PKEYS to distinguish this functionality from the existing ARCH_HAS_PKEYS and then enable PKS when configured and indicated by the CPU instance. While not strictly necessary in this patch, ARCH_HAS_SUPERVISOR_PKEYS separates this functionality through the patch series so it is introduced here. Reviewed-by: Dan Williams Co-developed-by: Ira Weiny Signed-off-by: Ira Weiny Signed-off-by: Fenghua Yu --- arch/x86/Kconfig | 1 + arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/uapi/asm/processor-flags.h | 2 ++ arch/x86/kernel/cpu/common.c | 15 +++++++++++++++ mm/Kconfig | 2 ++ 5 files changed, 21 insertions(+) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 7101ac64bb20..1bfb912342a3 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1873,6 +1873,7 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS depends on X86_64 && (CPU_SUP_INTEL || CPU_SUP_AMD) select ARCH_USES_HIGH_VMA_FLAGS select ARCH_HAS_PKEYS + select ARCH_HAS_SUPERVISOR_PKEYS help Memory Protection Keys provides a mechanism for enforcing page-based protections, but without requiring modification of the diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cp= ufeatures.h index 2901d5df4366..7646b03fc3f4 100644 --- a/arch/x86/include/asm/cpufeatures.h +++ b/arch/x86/include/asm/cpufeatures.h @@ -353,6 +353,7 @@ #define X86_FEATURE_CLDEMOTE (16*32+25) /* CLDEMOTE instruction */ #define X86_FEATURE_MOVDIRI (16*32+27) /* MOVDIRI instruction */ #define X86_FEATURE_MOVDIR64B (16*32+28) /* MOVDIR64B instruction */ +#define X86_FEATURE_PKS (16*32+31) /* Protection Keys for Supervisor p= ages */ =20 /* AMD-defined CPU features, CPUID level 0x80000007 (EBX), word 17 */ #define X86_FEATURE_OVERFLOW_RECOV (17*32+ 0) /* MCA overflow recovery s= upport */ diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/inclu= de/uapi/asm/processor-flags.h index bcba3c643e63..191c574b2390 100644 --- a/arch/x86/include/uapi/asm/processor-flags.h +++ b/arch/x86/include/uapi/asm/processor-flags.h @@ -130,6 +130,8 @@ #define X86_CR4_SMAP _BITUL(X86_CR4_SMAP_BIT) #define X86_CR4_PKE_BIT 22 /* enable Protection Keys support */ #define X86_CR4_PKE _BITUL(X86_CR4_PKE_BIT) +#define X86_CR4_PKS_BIT 24 /* enable Protection Keys for Supervisor */ +#define X86_CR4_PKS _BITUL(X86_CR4_PKS_BIT) =20 /* * x86-64 Task Priority Register, CR8 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index c5d6f17d9b9d..a129d5e4afab 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -1447,6 +1447,20 @@ static void validate_apic_and_package_id(struct cp= uinfo_x86 *c) #endif } =20 +/* + * PKS is independent of PKU and either or both may be supported on a CP= U. + * Configure PKS if the cpu supports the feature. + */ +static void setup_pks(void) +{ + if (!IS_ENABLED(CONFIG_ARCH_HAS_SUPERVISOR_PKEYS)) + return; + if (!cpu_feature_enabled(X86_FEATURE_PKS)) + return; + + cr4_set_bits(X86_CR4_PKS); +} + /* * This does the hard work of actually picking apart the CPU stuff... */ @@ -1544,6 +1558,7 @@ static void identify_cpu(struct cpuinfo_x86 *c) =20 x86_init_rdrand(c); setup_pku(c); + setup_pks(); =20 /* * Clear/Set all flags overridden by options, need do it diff --git a/mm/Kconfig b/mm/Kconfig index 6c974888f86f..1b9bc004d9bc 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -822,6 +822,8 @@ config ARCH_USES_HIGH_VMA_FLAGS bool config ARCH_HAS_PKEYS bool +config ARCH_HAS_SUPERVISOR_PKEYS + bool =20 config PERCPU_STATS bool "Collect percpu memory statistics" --=20 2.28.0.rc0.12.gb6a658bd00c9