linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: ira.weiny@intel.com
To: Dave Hansen <dave.hansen@linux.intel.com>,
	"H. Peter Anvin" <hpa@zytor.com>,
	Dan Williams <dan.j.williams@intel.com>
Cc: Ira Weiny <ira.weiny@intel.com>,
	Fenghua Yu <fenghua.yu@intel.com>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	"Shankar, Ravi V" <ravi.v.shankar@intel.com>,
	linux-kernel@vger.kernel.org
Subject: [PATCH V10 21/44] x86/pkeys: Preserve PKRS MSR across exceptions
Date: Tue, 19 Apr 2022 10:06:26 -0700	[thread overview]
Message-ID: <20220419170649.1022246-22-ira.weiny@intel.com> (raw)
In-Reply-To: <20220419170649.1022246-1-ira.weiny@intel.com>

From: Ira Weiny <ira.weiny@intel.com>

PKRS is a per-logical-processor MSR which overlays additional protection
for pages which have been mapped with a protection key.  It is desired
to protect PKS pages while executing exception code while also allowing
exception code to access PKS pages with the proper pks_set_*() calls.

To do this the current thread value must be saved, the CPU MSR value set
to the default value during the exception, and the saved thread value
restored upon completion.  This can be done with the new auxiliary
pt_regs space.

When PKS is configured, configure auxiliary pt_regs, add space to
pt_regs_auxiliary, and define save/restore functions.

Peter, Thomas, Andy, Dave, and Dan all suggested parts of the patch or
aided in the development of the patch.

[1] https://lore.kernel.org/lkml/CALCETrVe1i5JdyzD_BcctxQJn+ZE3T38EFPgjxN1F577M36g+w@mail.gmail.com/
[2] https://lore.kernel.org/lkml/874kpxx4jf.fsf@nanos.tec.linutronix.de/#t
[3] https://lore.kernel.org/lkml/CALCETrUHwZPic89oExMMe-WyDY8-O3W68NcZvse3=PGW+iW5=w@mail.gmail.com/

Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Suggested-by: Dave Hansen <dave.hansen@linux.intel.com>
Suggested-by: Dan Williams <dan.j.williams@intel.com>
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Suggested-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>

---
Changes for V10:
	Remove test changes.

Changes for V9:
	Update commit message
	s/pks_thread_pkrs/pkrs/
	From Dave Hansen
		s/pks_saved_pkrs/pkrs/

Changes for V8:
	Tie this into the new generic auxiliary pt_regs support.
	Build this on the new irqentry_*() refactoring patches
	Split this patch off from the PKS portion of the auxiliary
		pt_regs functionality.
	From Thomas
		Fix noinstr mess
		s/write_pkrs/pks_write_pkrs
		s/pkrs_init_value/PKRS_INIT_VALUE
	Simplify the number and location of the save/restore calls.
		Cover entry from user space as well.

Changes for V7:
	Rebased to 5.14 entry code
	declare write_pkrs() in pks.h
	s/INIT_PKRS_VALUE/pkrs_init_value
	Remove unnecessary INIT_PKRS_VALUE def
	s/pkrs_save_set_irq/pkrs_save_irq/
		The inital value for exceptions is best managed
		completely within the pkey code.
---
 arch/x86/Kconfig                    |  3 ++-
 arch/x86/include/asm/entry-common.h |  3 +++
 arch/x86/include/asm/pks.h          |  4 ++++
 arch/x86/include/asm/ptrace.h       |  3 +++
 arch/x86/mm/pkeys.c                 | 32 +++++++++++++++++++++++++++++
 5 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 69e611d3b8ef..43464511ea9d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1890,8 +1890,9 @@ config X86_INTEL_MEMORY_PROTECTION_KEYS
 	  If unsure, say y.
 
 config ARCH_HAS_PTREGS_AUXILIARY
+	def_bool y
 	depends on X86_64
-	bool
+	depends on ARCH_ENABLE_SUPERVISOR_PKEYS
 
 choice
 	prompt "TSX enable mode"
diff --git a/arch/x86/include/asm/entry-common.h b/arch/x86/include/asm/entry-common.h
index 5fa5dd2d539c..803727b95b3a 100644
--- a/arch/x86/include/asm/entry-common.h
+++ b/arch/x86/include/asm/entry-common.h
@@ -8,6 +8,7 @@
 #include <asm/nospec-branch.h>
 #include <asm/io_bitmap.h>
 #include <asm/fpu/api.h>
+#include <asm/pks.h>
 
 /* Check that the stack and regs on entry from user mode are sane. */
 static __always_inline void arch_check_user_regs(struct pt_regs *regs)
@@ -99,10 +100,12 @@ static __always_inline void arch_exit_to_user_mode(void)
 
 static inline void arch_save_aux_pt_regs(struct pt_regs *regs)
 {
+	pks_save_pt_regs(regs);
 }
 
 static inline void arch_restore_aux_pt_regs(struct pt_regs *regs)
 {
+	pks_restore_pt_regs(regs);
 }
 
 #endif
diff --git a/arch/x86/include/asm/pks.h b/arch/x86/include/asm/pks.h
index e9ad3ecd7ed0..b69e03a141fe 100644
--- a/arch/x86/include/asm/pks.h
+++ b/arch/x86/include/asm/pks.h
@@ -6,6 +6,8 @@
 
 void pks_setup(void);
 void x86_pkrs_load(struct thread_struct *thread);
+void pks_save_pt_regs(struct pt_regs *regs);
+void pks_restore_pt_regs(struct pt_regs *regs);
 
 bool pks_handle_key_fault(struct pt_regs *regs, unsigned long hw_error_code,
 			  unsigned long address);
@@ -14,6 +16,8 @@ bool pks_handle_key_fault(struct pt_regs *regs, unsigned long hw_error_code,
 
 static inline void pks_setup(void) { }
 static inline void x86_pkrs_load(struct thread_struct *thread) { }
+static inline void pks_save_pt_regs(struct pt_regs *regs) { }
+static inline void pks_restore_pt_regs(struct pt_regs *regs) { }
 
 static inline bool pks_handle_key_fault(struct pt_regs *regs,
 					unsigned long hw_error_code,
diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h
index 0889045b3a6f..73936739c7e7 100644
--- a/arch/x86/include/asm/ptrace.h
+++ b/arch/x86/include/asm/ptrace.h
@@ -97,6 +97,9 @@ struct pt_regs {
  * ARCH_HAS_PTREGS_AUXILIARY.  Failure to do so will result in a build failure.
  */
 struct pt_regs_auxiliary {
+#ifdef CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS
+	u32 pkrs;
+#endif
 };
 
 struct pt_regs_extended {
diff --git a/arch/x86/mm/pkeys.c b/arch/x86/mm/pkeys.c
index a3b27b7811da..dd02e76d0359 100644
--- a/arch/x86/mm/pkeys.c
+++ b/arch/x86/mm/pkeys.c
@@ -342,6 +342,38 @@ void x86_pkrs_load(struct thread_struct *thread)
 	pks_write_pkrs(thread->pkrs);
 }
 
+/*
+ * PKRS is a per-logical-processor MSR which overlays additional protection for
+ * pages which have been mapped with a protection key.
+ *
+ * To protect against exceptions having potentially privileged access to memory
+ * of an interrupted thread, save the current thread value and set the PKRS
+ * value to be used during the exception.
+ */
+void pks_save_pt_regs(struct pt_regs *regs)
+{
+	struct pt_regs_auxiliary *aux_pt_regs;
+
+	if (!cpu_feature_enabled(X86_FEATURE_PKS))
+		return;
+
+	aux_pt_regs = &to_extended_pt_regs(regs)->aux;
+	aux_pt_regs->pkrs = current->thread.pkrs;
+	pks_write_pkrs(PKS_INIT_VALUE);
+}
+
+void pks_restore_pt_regs(struct pt_regs *regs)
+{
+	struct pt_regs_auxiliary *aux_pt_regs;
+
+	if (!cpu_feature_enabled(X86_FEATURE_PKS))
+		return;
+
+	aux_pt_regs = &to_extended_pt_regs(regs)->aux;
+	current->thread.pkrs = aux_pt_regs->pkrs;
+	pks_write_pkrs(current->thread.pkrs);
+}
+
 /*
  * PKS is independent of PKU and either or both may be supported on a CPU.
  *
-- 
2.35.1


  parent reply	other threads:[~2022-04-19 17:08 UTC|newest]

Thread overview: 61+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-19 17:06 [PATCH V10 00/44] PKS/PMEM: Add Stray Write Protection ira.weiny
2022-04-19 17:06 ` [PATCH V10 01/44] Documentation/protection-keys: Clean up documentation for User Space pkeys ira.weiny
2022-06-07 23:09   ` [tip: x86/mm] " tip-bot2 for Ira Weiny
2022-04-19 17:06 ` [PATCH V10 02/44] x86/pkeys: Clarify PKRU_AD_KEY macro ira.weiny
2022-06-07 23:09   ` [tip: x86/mm] " tip-bot2 for Ira Weiny
2022-04-19 17:06 ` [PATCH V10 03/44] x86/pkeys: Make PKRU macros generic ira.weiny
2022-04-19 17:06 ` [PATCH V10 04/44] x86/fpu: Refactor arch_set_user_pkey_access() ira.weiny
2022-04-19 17:06 ` [PATCH V10 05/44] mm/pkeys: Add Kconfig options for PKS ira.weiny
2022-04-19 17:06 ` [PATCH V10 06/44] x86/pkeys: Add PKS CPU feature bit ira.weiny
2022-04-19 17:06 ` [PATCH V10 07/44] x86/fault: Adjust WARN_ON for pkey fault ira.weiny
2022-04-19 17:06 ` [PATCH V10 08/44] Documentation/pkeys: Add initial PKS documentation ira.weiny
2022-05-09 22:03   ` Kees Cook
2022-05-10 17:18     ` Ira Weiny
2022-05-10 20:17       ` Kees Cook
2022-04-19 17:06 ` [PATCH V10 09/44] mm/pkeys: Provide for PKS key allocation ira.weiny
2022-04-19 17:06 ` [PATCH V10 10/44] x86/pkeys: Enable PKS on cpus which support it ira.weiny
2022-04-19 17:06 ` [PATCH V10 11/44] mm/pkeys: Define PKS page table macros ira.weiny
2022-04-19 17:06 ` [PATCH V10 12/44] x86/pkeys: Introduce pks_write_pkrs() ira.weiny
2022-04-19 17:06 ` [PATCH V10 13/44] x86/pkeys: Preserve the PKS MSR on context switch ira.weiny
2022-04-19 17:06 ` [PATCH V10 14/44] mm/pkeys: Introduce pks_set_readwrite() ira.weiny
2022-05-09 21:38   ` Kees Cook
2022-05-10 21:33     ` Ira Weiny
2022-05-10 22:08       ` Kees Cook
2022-05-10 22:26         ` Edgecombe, Rick P
2022-05-11  3:15           ` Kees Cook
2022-05-11 17:59             ` Ira Weiny
2022-04-19 17:06 ` [PATCH V10 15/44] mm/pkeys: Introduce pks_set_noaccess() ira.weiny
2022-04-19 17:06 ` [PATCH V10 16/44] mm/pkeys: Introduce PKS fault callbacks ira.weiny
2022-04-19 17:06 ` [PATCH V10 17/44] x86/entry: Add auxiliary pt_regs space ira.weiny
2022-04-19 17:06 ` [PATCH V10 18/44] entry: Pass pt_regs to irqentry_exit_cond_resched() ira.weiny
2022-04-19 17:06 ` [PATCH V10 19/44] entry: Add calls for save/restore auxiliary pt_regs ira.weiny
2022-04-19 17:06 ` [PATCH V10 20/44] x86/entry: Define arch_{save|restore}_auxiliary_pt_regs() ira.weiny
2022-04-19 17:06 ` ira.weiny [this message]
2022-04-19 17:06 ` [PATCH V10 22/44] x86/fault: Print PKS MSR on fault ira.weiny
2022-04-19 17:06 ` [PATCH V10 23/44] mm/pkeys: Introduce pks_update_exception() ira.weiny
2022-04-19 17:06 ` [PATCH V10 24/44] mm/pkeys: Add pks_available() ira.weiny
2022-04-19 17:06 ` [PATCH V10 25/44] memremap_pages: Add Kconfig for DEVMAP_ACCESS_PROTECTION ira.weiny
2022-04-19 17:06 ` [PATCH V10 26/44] memremap_pages: Introduce pgmap_protection_available() ira.weiny
2022-04-19 17:06 ` [PATCH V10 27/44] memremap_pages: Introduce a PGMAP_PROTECTION flag ira.weiny
2022-04-19 17:06 ` [PATCH V10 28/44] memremap_pages: Introduce devmap_protected() ira.weiny
2022-04-19 17:06 ` [PATCH V10 29/44] memremap_pages: Reserve a PKS pkey for eventual use by PMEM ira.weiny
2022-04-19 17:06 ` [PATCH V10 30/44] memremap_pages: Set PKS pkey in PTEs if requested ira.weiny
2022-04-19 17:06 ` [PATCH V10 31/44] memremap_pages: Define pgmap_set_{readwrite|noaccess}() calls ira.weiny
2022-04-19 17:06 ` [PATCH V10 32/44] memremap_pages: Add memremap.pks_fault_mode ira.weiny
2022-04-19 17:06 ` [PATCH V10 33/44] kmap: Make kmap work for devmap protected pages ira.weiny
2022-04-28 15:50   ` Christoph Hellwig
2022-05-12  1:25     ` Ira Weiny
2022-05-17 22:46       ` Ira Weiny
2022-05-18  7:33         ` Christoph Hellwig
2022-05-19 20:29           ` Ira Weiny
2022-04-19 17:06 ` [PATCH V10 34/44] dax: Stray access protection for dax_direct_access() ira.weiny
2022-04-19 17:06 ` [PATCH V10 35/44] nvdimm/pmem: Enable stray access protection ira.weiny
2022-04-19 17:06 ` [PATCH V10 36/44] devdax: " ira.weiny
2022-04-19 17:06 ` [PATCH V10 37/44] mm/pkeys: PKS testing, add initial test code ira.weiny
2022-04-19 17:06 ` [PATCH V10 38/44] x86/selftests: Add test_pks ira.weiny
2022-04-19 17:06 ` [PATCH V10 39/44] mm/pkeys: PKS testing, add a fault call back ira.weiny
2022-04-19 17:06 ` [PATCH V10 40/44] mm/pkeys: PKS testing, add pks_set_*() tests ira.weiny
2022-04-19 17:06 ` [PATCH V10 41/44] mm/pkeys: PKS testing, test context switching ira.weiny
2022-04-19 17:06 ` [PATCH V10 42/44] mm/pkeys: PKS testing, Add exception test ira.weiny
2022-04-19 17:06 ` [PATCH V10 43/44] mm/pkeys: PKS testing, test pks_update_exception() ira.weiny
2022-04-19 17:06 ` [PATCH V10 44/44] mm/pkeys: PKS testing, add test for all keys ira.weiny

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220419170649.1022246-22-ira.weiny@intel.com \
    --to=ira.weiny@intel.com \
    --cc=dan.j.williams@intel.com \
    --cc=dave.hansen@linux.intel.com \
    --cc=fenghua.yu@intel.com \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ravi.v.shankar@intel.com \
    --cc=rick.p.edgecombe@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).