From: ira.weiny@intel.com To: Dave Hansen <dave.hansen@linux.intel.com>, Dan Williams <dan.j.williams@intel.com> Cc: Ira Weiny <ira.weiny@intel.com>, Dave Hansen <dave.hansen@intel.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Peter Zijlstra <peterz@infradead.org>, Andy Lutomirski <luto@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Fenghua Yu <fenghua.yu@intel.com>, Rick Edgecombe <rick.p.edgecombe@intel.com>, x86@kernel.org, linux-kernel@vger.kernel.org, nvdimm@lists.linux.dev, linux-mm@kvack.org Subject: [PATCH V7 15/18] kmap: Add stray access protection for devmap pages Date: Tue, 3 Aug 2021 21:32:28 -0700 [thread overview] Message-ID: <20210804043231.2655537-16-ira.weiny@intel.com> (raw) In-Reply-To: <20210804043231.2655537-1-ira.weiny@intel.com> From: Ira Weiny <ira.weiny@intel.com> Enable PKS protection for devmap pages. The devmap protection facility wants to co-opt kmap_{local_page,atomic}() to mediate access to PKS protected pages. kmap() allows for global mappings to be established, while the PKS facility depends on thread-local access. For this reason kmap() is not supported, but it leaves a policy decision for what to do when kmap() is attempted on a protected devmap page. Neither of the 2 current DAX-capable filesystems (ext4 and xfs) perform such global mappings. The bulk of device drivers that would handle devmap pages are not using kmap(). Any future filesystems that gain DAX support, or device drivers wanting to support devmap protected pages will need to move to kmap_local_page(). In the meantime to handle these kmap() users call pgmap_protection_flag_invalid() to flag and invalid use of any potentially protected pages. This allows better debugging of invalided uses vs catching faults later on when the address is used. Direct-map exposure is already mitigated by default on HIGHMEM systems because by definition HIGHMEM systems do not have large capacities of memory in the direct map. Therefore, to reduce complexity HIGHMEM systems are not supported. Cc: Dan Williams <dan.j.williams@intel.com> Cc: Dave Hansen <dave.hansen@intel.com> Signed-off-by: Ira Weiny <ira.weiny@intel.com> --- include/linux/highmem-internal.h | 5 +++++ mm/Kconfig | 1 + 2 files changed, 6 insertions(+) diff --git a/include/linux/highmem-internal.h b/include/linux/highmem-internal.h index 7902c7d8b55f..f88bc14a643b 100644 --- a/include/linux/highmem-internal.h +++ b/include/linux/highmem-internal.h @@ -142,6 +142,7 @@ static inline struct page *kmap_to_page(void *addr) static inline void *kmap(struct page *page) { might_sleep(); + pgmap_protection_flag_invalid(page); return page_address(page); } @@ -157,6 +158,7 @@ static inline void kunmap(struct page *page) static inline void *kmap_local_page(struct page *page) { + pgmap_mk_readwrite(page); return page_address(page); } @@ -175,12 +177,14 @@ static inline void __kunmap_local(void *addr) #ifdef ARCH_HAS_FLUSH_ON_KUNMAP kunmap_flush_on_unmap(addr); #endif + pgmap_mk_noaccess(kmap_to_page(addr)); } static inline void *kmap_atomic(struct page *page) { preempt_disable(); pagefault_disable(); + pgmap_mk_readwrite(page); return page_address(page); } @@ -199,6 +203,7 @@ static inline void __kunmap_atomic(void *addr) #ifdef ARCH_HAS_FLUSH_ON_KUNMAP kunmap_flush_on_unmap(addr); #endif + pgmap_mk_noaccess(kmap_to_page(addr)); pagefault_enable(); preempt_enable(); } diff --git a/mm/Kconfig b/mm/Kconfig index 201d41269a36..4184d0a7531d 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -794,6 +794,7 @@ config DEVMAP_ACCESS_PROTECTION bool "Access protection for memremap_pages()" depends on NVDIMM_PFN depends on ARCH_HAS_SUPERVISOR_PKEYS + depends on !HIGHMEM select GENERAL_PKS_USER default y -- 2.28.0.rc0.12.gb6a658bd00c9
next prev parent reply other threads:[~2021-08-04 4:33 UTC|newest] Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-08-04 4:32 [PATCH V7 00/18] PKS/PMEM: Add Stray Write Protection ira.weiny 2021-08-04 4:32 ` [PATCH V7 01/18] x86/pkeys: Create pkeys_common.h ira.weiny 2021-08-04 4:32 ` [PATCH V7 02/18] x86/fpu: Refactor arch_set_user_pkey_access() ira.weiny 2021-11-25 14:23 ` Thomas Gleixner 2021-08-04 4:32 ` [PATCH V7 03/18] x86/pks: Add additional PKEY helper macros ira.weiny 2021-11-25 14:25 ` Thomas Gleixner 2021-11-25 16:58 ` Thomas Gleixner 2021-12-08 0:51 ` Ira Weiny 2021-12-08 15:11 ` Thomas Gleixner 2021-08-04 4:32 ` [PATCH V7 04/18] x86/pks: Add PKS defines and Kconfig options ira.weiny 2021-08-04 4:32 ` [PATCH V7 05/18] x86/pks: Add PKS setup code ira.weiny 2021-11-25 15:15 ` Thomas Gleixner 2021-11-26 3:11 ` taoyi.ty 2021-11-26 9:57 ` Thomas Gleixner 2021-11-26 11:03 ` Thomas Gleixner 2021-08-04 4:32 ` [PATCH V7 06/18] x86/fault: Adjust WARN_ON for PKey fault ira.weiny 2021-08-04 4:32 ` [PATCH V7 07/18] x86/pks: Preserve the PKRS MSR on context switch ira.weiny 2021-11-25 15:25 ` Thomas Gleixner 2021-08-04 4:32 ` [PATCH V7 08/18] x86/entry: Preserve PKRS MSR across exceptions ira.weiny 2021-11-13 0:50 ` Ira Weiny 2021-11-25 11:19 ` Thomas Gleixner 2021-12-03 1:13 ` Andy Lutomirski 2021-11-25 14:12 ` Thomas Gleixner 2021-12-07 1:54 ` Ira Weiny 2021-12-07 4:45 ` Ira Weiny 2021-12-08 0:21 ` Thomas Gleixner 2021-08-04 4:32 ` [PATCH V7 09/18] x86/pks: Add PKS kernel API ira.weiny 2021-08-04 4:32 ` [PATCH V7 10/18] x86/pks: Introduce pks_abandon_protections() ira.weiny 2021-08-04 4:32 ` [PATCH V7 11/18] x86/pks: Add PKS Test code ira.weiny 2021-08-04 4:32 ` [PATCH V7 12/18] x86/pks: Add PKS fault callbacks ira.weiny 2021-08-11 21:18 ` Edgecombe, Rick P 2021-08-17 3:21 ` Ira Weiny 2021-08-04 4:32 ` [PATCH V7 13/18] memremap_pages: Add access protection via supervisor Protection Keys (PKS) ira.weiny 2021-08-04 4:32 ` [PATCH V7 14/18] memremap_pages: Add memremap.pks_fault_mode ira.weiny 2021-08-04 4:57 ` Randy Dunlap 2021-08-07 19:32 ` Ira Weiny 2021-08-11 19:01 ` Edgecombe, Rick P 2021-08-17 3:12 ` Ira Weiny 2021-08-04 4:32 ` ira.weiny [this message] 2021-08-04 4:32 ` [PATCH V7 16/18] dax: Stray access protection for dax_direct_access() ira.weiny 2021-08-04 4:32 ` [PATCH V7 17/18] nvdimm/pmem: Enable stray access protection ira.weiny 2021-08-04 4:32 ` [PATCH V7 18/18] devdax: " ira.weiny
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210804043231.2655537-16-ira.weiny@intel.com \ --to=ira.weiny@intel.com \ --cc=bp@alien8.de \ --cc=dan.j.williams@intel.com \ --cc=dave.hansen@intel.com \ --cc=dave.hansen@linux.intel.com \ --cc=fenghua.yu@intel.com \ --cc=hpa@zytor.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=luto@kernel.org \ --cc=mingo@redhat.com \ --cc=nvdimm@lists.linux.dev \ --cc=peterz@infradead.org \ --cc=rick.p.edgecombe@intel.com \ --cc=tglx@linutronix.de \ --cc=x86@kernel.org \ --subject='Re: [PATCH V7 15/18] kmap: Add stray access protection for devmap pages' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).