From: "taoyi.ty" <escape@linux.alibaba.com>
To: Thomas Gleixner <tglx@linutronix.de>,
ira.weiny@intel.com, Dave Hansen <dave.hansen@linux.intel.com>,
Dan Williams <dan.j.williams@intel.com>
Cc: Peter Zijlstra <peterz@infradead.org>,
Fenghua Yu <fenghua.yu@intel.com>,
"Hansen, Dave" <dave.hansen@intel.com>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Andy Lutomirski <luto@kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
x86@kernel.org, linux-kernel@vger.kernel.org,
nvdimm@lists.linux.dev, linux-mm@kvack.org
Subject: Re: [PATCH V7 05/18] x86/pks: Add PKS setup code
Date: Fri, 26 Nov 2021 11:11:36 +0800 [thread overview]
Message-ID: <020e6b6c-55ba-2079-7720-bd9dbb1bf335@linux.alibaba.com> (raw)
In-Reply-To: <87ilwgl10a.ffs@tglx>
On 11/25/21 11:15 PM, Thomas Gleixner wrote:
> On Tue, Aug 03 2021 at 21:32, ira weiny wrote:
>> +#ifdef CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS
>> +
>> +void setup_pks(void);
>
> pks_setup()
>
>> +#ifdef CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS
>> +
>> +static DEFINE_PER_CPU(u32, pkrs_cache);
>> +u32 __read_mostly pkrs_init_value;
>> +
>> +/*
>> + * write_pkrs() optimizes MSR writes by maintaining a per cpu cache which can
>> + * be checked quickly.
>> + *
>> + * It should also be noted that the underlying WRMSR(MSR_IA32_PKRS) is not
>> + * serializing but still maintains ordering properties similar to WRPKRU.
>> + * The current SDM section on PKRS needs updating but should be the same as
>> + * that of WRPKRU. So to quote from the WRPKRU text:
>> + *
>> + * WRPKRU will never execute transiently. Memory accesses
>> + * affected by PKRU register will not execute (even transiently)
>> + * until all prior executions of WRPKRU have completed execution
>> + * and updated the PKRU register.
>> + */
>> +void write_pkrs(u32 new_pkrs)
>
> pkrs_write()
>
>> +{
>> + u32 *pkrs;
>> +
>> + if (!static_cpu_has(X86_FEATURE_PKS))
>> + return;
>
> cpu_feature_enabled() if at all. Why is this function even invoked
> when PKS is off?
>
>> +
>> + pkrs = get_cpu_ptr(&pkrs_cache);
>
> As far as I've seen this is mostly called from non-preemptible
> regions. So that get/put pair is pointless. Stick a lockdep assert into
> the code and disable preemption at the maybe one callsite which needs
> it.
>
>> + if (*pkrs != new_pkrs) {
>> + *pkrs = new_pkrs;
>> + wrmsrl(MSR_IA32_PKRS, new_pkrs);
>> + }
>> + put_cpu_ptr(pkrs);
>> +}
>> +
>> +/*
>> + * Build a default PKRS value from the array specified by consumers
>> + */
>> +static int __init create_initial_pkrs_value(void)
>> +{
>> + /* All users get Access Disabled unless changed below */
>> + u8 consumer_defaults[PKS_NUM_PKEYS] = {
>> + [0 ... PKS_NUM_PKEYS-1] = PKR_AD_BIT
>> + };
>> + int i;
>> +
>> + consumer_defaults[PKS_KEY_DEFAULT] = PKR_RW_BIT;
>> +
>> + /* Ensure the number of consumers is less than the number of keys */
>> + BUILD_BUG_ON(PKS_KEY_NR_CONSUMERS > PKS_NUM_PKEYS);
>> +
>> + pkrs_init_value = 0;
>
> This needs to be cleared because the BSS might be non zero?
>
>> + /* Fill the defaults for the consumers */
>> + for (i = 0; i < PKS_NUM_PKEYS; i++)
>> + pkrs_init_value |= PKR_VALUE(i, consumer_defaults[i]);
>
> Also PKR_RW_BIT is a horrible invention:
>
>> +#define PKR_RW_BIT 0x0
>> #define PKR_AD_BIT 0x1
>> #define PKR_WD_BIT 0x2
>> #define PKR_BITS_PER_PKEY 2
>
> This makes my brain spin. How do you fit 3 bits into 2 bits per key?
> That's really non-intuitive.
>
> PKR_RW_ENABLE 0x0
> PKR_ACCESS_DISABLE 0x1
> PKR_WRITE_DISABLE 0x2
>
> makes it obvious what this is about, no?
>
> Aside of that, the function which set's up the init value is really
> bogus. As you explained in the cover letter a kernel user has to:
>
> 1) Claim an index in the enum
> 2) Add a default value to the array in that function
>
> Seriously? How is that any better than doing:
>
> #define PKS_KEY0_DEFAULT PKR_RW_ENABLE
> #define PKS_KEY1_DEFAULT PKR_ACCESS_DISABLE
> ...
> #define PKS_KEY15_DEFAULT PKR_ACCESS_DISABLE
>
> and let the compiler construct pkrs_init_value?
>
> TBH, it's not and this function has to be ripped out in case that you
> need a dynamic allocation of keys some day. So what is this buying us
> aside of horrible to read and utterly pointless code?
>
>> + return 0;
>> +}
>> +early_initcall(create_initial_pkrs_value);
>> +
>> +/*
>> + * PKS is independent of PKU and either or both may be supported on a CPU.
>> + * Configure PKS if the CPU supports the feature.
>> + */
>> +void setup_pks(void)
>> +{
>> + if (!cpu_feature_enabled(X86_FEATURE_PKS))
>> + return;
>> +
>> + write_pkrs(pkrs_init_value);
>
> Is the init value set up _before_ this function is invoked for the first
> time?
>
> Thanks,
>
> tglx
>
Setting up for cpu0 is before create_initial_pkrs_value. therefore pkrs
value of cpu0 won't be set correctly.
[root@AliYun ~]# rdmsr -a 0x000006E1
0
55555554
55555554
55555554
55555554
55555554
55555554
55555554
55555554
55555554
Here are my test results after applying the patches
Thanks.
next prev parent reply other threads:[~2021-11-26 3:11 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-04 4:32 [PATCH V7 00/18] PKS/PMEM: Add Stray Write Protection ira.weiny
2021-08-04 4:32 ` [PATCH V7 01/18] x86/pkeys: Create pkeys_common.h ira.weiny
2021-08-04 4:32 ` [PATCH V7 02/18] x86/fpu: Refactor arch_set_user_pkey_access() ira.weiny
2021-11-25 14:23 ` Thomas Gleixner
2021-08-04 4:32 ` [PATCH V7 03/18] x86/pks: Add additional PKEY helper macros ira.weiny
2021-11-25 14:25 ` Thomas Gleixner
2021-11-25 16:58 ` Thomas Gleixner
2021-12-08 0:51 ` Ira Weiny
2021-12-08 15:11 ` Thomas Gleixner
2021-08-04 4:32 ` [PATCH V7 04/18] x86/pks: Add PKS defines and Kconfig options ira.weiny
2021-08-04 4:32 ` [PATCH V7 05/18] x86/pks: Add PKS setup code ira.weiny
2021-11-25 15:15 ` Thomas Gleixner
2021-11-26 3:11 ` taoyi.ty [this message]
2021-11-26 9:57 ` Thomas Gleixner
2021-11-26 11:03 ` Thomas Gleixner
2021-08-04 4:32 ` [PATCH V7 06/18] x86/fault: Adjust WARN_ON for PKey fault ira.weiny
2021-08-04 4:32 ` [PATCH V7 07/18] x86/pks: Preserve the PKRS MSR on context switch ira.weiny
2021-11-25 15:25 ` Thomas Gleixner
2021-08-04 4:32 ` [PATCH V7 08/18] x86/entry: Preserve PKRS MSR across exceptions ira.weiny
2021-11-13 0:50 ` Ira Weiny
2021-11-25 11:19 ` Thomas Gleixner
2021-12-03 1:13 ` Andy Lutomirski
2021-11-25 14:12 ` Thomas Gleixner
2021-12-07 1:54 ` Ira Weiny
2021-12-07 4:45 ` Ira Weiny
2021-12-08 0:21 ` Thomas Gleixner
2021-08-04 4:32 ` [PATCH V7 09/18] x86/pks: Add PKS kernel API ira.weiny
2021-08-04 4:32 ` [PATCH V7 10/18] x86/pks: Introduce pks_abandon_protections() ira.weiny
2021-08-04 4:32 ` [PATCH V7 11/18] x86/pks: Add PKS Test code ira.weiny
2021-08-04 4:32 ` [PATCH V7 12/18] x86/pks: Add PKS fault callbacks ira.weiny
2021-08-11 21:18 ` Edgecombe, Rick P
2021-08-17 3:21 ` Ira Weiny
2021-08-04 4:32 ` [PATCH V7 13/18] memremap_pages: Add access protection via supervisor Protection Keys (PKS) ira.weiny
2021-08-04 4:32 ` [PATCH V7 14/18] memremap_pages: Add memremap.pks_fault_mode ira.weiny
2021-08-04 4:57 ` Randy Dunlap
2021-08-07 19:32 ` Ira Weiny
2021-08-11 19:01 ` Edgecombe, Rick P
2021-08-17 3:12 ` Ira Weiny
2021-08-04 4:32 ` [PATCH V7 15/18] kmap: Add stray access protection for devmap pages ira.weiny
2021-08-04 4:32 ` [PATCH V7 16/18] dax: Stray access protection for dax_direct_access() ira.weiny
2021-08-04 4:32 ` [PATCH V7 17/18] nvdimm/pmem: Enable stray access protection ira.weiny
2021-08-04 4:32 ` [PATCH V7 18/18] devdax: " ira.weiny
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=020e6b6c-55ba-2079-7720-bd9dbb1bf335@linux.alibaba.com \
--to=escape@linux.alibaba.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=fenghua.yu@intel.com \
--cc=hpa@zytor.com \
--cc=ira.weiny@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=nvdimm@lists.linux.dev \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).