Message ID | 20230218211433.26859-13-rick.p.edgecombe@intel.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp554743wrn; Sat, 18 Feb 2023 13:19:24 -0800 (PST) X-Google-Smtp-Source: AK7set82CX+GCvEOtIEtd2G2+F7ZOHKsFADlvmaxD4U5N72C5Yi+gCw7hIkoU20txgNL+BgcLvvp X-Received: by 2002:a17:90b:38ce:b0:234:ba6f:c980 with SMTP id nn14-20020a17090b38ce00b00234ba6fc980mr2991282pjb.17.1676755163759; Sat, 18 Feb 2023 13:19:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676755163; cv=none; d=google.com; s=arc-20160816; b=UbS94MILVUMZhm0ijiuhQsLrzufZHyioYo9wZX0IremQJnor5qZHj+6pn5odytP/4l jXXWmhpiY8iEorPslzHqEb/xieagfL3utb5gj6GjMU8GsBQridm4sbE7XLikST2fZpyD EpkC2Gq++dmH0As9W0T+hRG1K5I1owHC7d719keVElifuCyfu4+BqxwVCUH5Ea8pCaxX KV6TG6fH9Nxer3H75ycdfAXFyQ7kgEoO5P28jwz3Z8PIRGSx32o2aaEhz9Rf0CX6BjBl YaKhQp503EfVRwTIAmqZxC5Att5N7yhk5wzTyFg2f814dvINmMq/gzrtltvQWFhTS/U0 5xjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4QlSWC10bkPzU1QfsUF22qHU54f9BAvAV7P+dWDdidM=; b=AayD2b8i1VV6skT1aJ9S5H6PMANpZCeqd4c9AbOL5Kwm2QokCaupRWMkNbQ4ugoEra 5m0xlBPtJPPWsQkWhqvurkDoY6jPnJGejzz7cKosvq378MJRAqNk8mq/tBQoTuoevaPS Uefs2bKrdQK8+ZfJKq/u8gwWMGHme0s6A++PVwI+YflXSHGOOhQwgfDHB+w0EOk3yq6r SGfbi+BtPo7yf7riTny0hc6uY99eZJJx3V6PQ6FeGSlNkE8I0sLetbzSJO8p9IqzNF/d XzG3t+6nlsWnaQ2u4VG9yI6pK/u3AT4Y3CMZvfmRiRnaIm43HcoaXwxqrMXaVTc0KxFr rjUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="h3uKo/uA"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 69-20020a17090a0fcb00b0023672f9f970si6298323pjz.5.2023.02.18.13.19.11; Sat, 18 Feb 2023 13:19:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b="h3uKo/uA"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229974AbjBRVS5 (ORCPT <rfc822;assdfgzxcv4@gmail.com> + 99 others); Sat, 18 Feb 2023 16:18:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44314 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229887AbjBRVSQ (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Sat, 18 Feb 2023 16:18:16 -0500 Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB2DC199F3; Sat, 18 Feb 2023 13:16:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1676755002; x=1708291002; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=qGE9eRR2bKBJP4DHmA8A12HCtfd+hwPFDkFpADpJ44g=; b=h3uKo/uAaPknWXGMr3gWWNIwUfE79SCPvpkMJ+9vfNgCn//YWpcPrD/h deNHFAVXm6w44tp+vnxh6Af/Uf9fQXe2shx2kZ/gbUsrUZ5jbQDIwXj0B tnJtrreZPzJj/lJ8aFJZbZFVXEBHceLs0NBjJCOZIemkkUNtjNh6zebuH FYIFBG1IpX68VBaagooGx7HrocE+Hu5tlb/taPxWZFWnLCHMLs9m5UxPD znXgG6Vo5vsloDH04QdBAZTQZ4I0/IldpmyT9/Cao7f1fB7DeGsLNqQ/D YQLdlynwtwEjdaMJVWrvhTTWvU/MtRvGEpLN+0zlU0qSPtFtyTYS8/2L1 Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10625"; a="418427337" X-IronPort-AV: E=Sophos;i="5.97,309,1669104000"; d="scan'208";a="418427337" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2023 13:16:06 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10625"; a="664241629" X-IronPort-AV: E=Sophos;i="5.97,309,1669104000"; d="scan'208";a="664241629" Received: from adityava-mobl1.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.209.80.223]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Feb 2023 13:16:05 -0800 From: Rick Edgecombe <rick.p.edgecombe@intel.com> To: x86@kernel.org, "H . Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>, Andy Lutomirski <luto@kernel.org>, Balbir Singh <bsingharora@gmail.com>, Borislav Petkov <bp@alien8.de>, Cyrill Gorcunov <gorcunov@gmail.com>, Dave Hansen <dave.hansen@linux.intel.com>, Eugene Syromiatnikov <esyr@redhat.com>, Florian Weimer <fweimer@redhat.com>, "H . J . Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>, Jonathan Corbet <corbet@lwn.net>, Kees Cook <keescook@chromium.org>, Mike Kravetz <mike.kravetz@oracle.com>, Nadav Amit <nadav.amit@gmail.com>, Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>, Peter Zijlstra <peterz@infradead.org>, Randy Dunlap <rdunlap@infradead.org>, Weijiang Yang <weijiang.yang@intel.com>, "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>, John Allen <john.allen@amd.com>, kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, david@redhat.com, debug@rivosinc.com Cc: rick.p.edgecombe@intel.com, linux-s390@vger.kernel.org Subject: [PATCH v6 12/41] s390/mm: Introduce pmd_mkwrite_kernel() Date: Sat, 18 Feb 2023 13:14:04 -0800 Message-Id: <20230218211433.26859-13-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230218211433.26859-1-rick.p.edgecombe@intel.com> References: <20230218211433.26859-1-rick.p.edgecombe@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758205222908492441?= X-GMAIL-MSGID: =?utf-8?q?1758205222908492441?= |
Series |
Shadow stacks for userspace
|
|
Commit Message
Edgecombe, Rick P
Feb. 18, 2023, 9:14 p.m. UTC
The x86 Control-flow Enforcement Technology (CET) feature includes a new type of memory called shadow stack. This shadow stack memory has some unusual properties, which requires some core mm changes to function properly. One of these changes is to allow for pmd_mkwrite() to create different types of writable memory (the existing conventionally writable type and also the new shadow stack type). Future patches will convert pmd_mkwrite() to take a VMA in order to facilitate this, however there are places in the kernel where pmd_mkwrite() is called outside of the context of a VMA. These are for kernel memory. So create a new variant called pmd_mkwrite_kernel() and switch the kernel users over to it. Have pmd_mkwrite() and pmd_mkwrite_kernel() be the same for now. Future patches will introduce changes to make pmd_mkwrite() take a VMA. Only do this for architectures that need it because they call pmd_mkwrite() in arch code without an associated VMA. Since it will only currently be used in arch code, so do not include it in arch_pgtable_helpers.rst. Cc: linux-kernel@vger.kernel.org Cc: linux-s390@vger.kernel.org Cc: linux-arch@vger.kernel.org Cc: linux-mm@kvack.org Tested-by: Pengfei Xu <pengfei.xu@intel.com> Suggested-by: David Hildenbrand <david@redhat.com> Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> --- Hi Non-x86 Arch’s, x86 has a feature that allows for the creation of a special type of writable memory (shadow stack) that is only writable in limited specific ways. Previously, changes were proposed to core MM code to teach it to decide when to create normally writable memory or the special shadow stack writable memory, but David Hildenbrand suggested[0] to change pXX_mkwrite() to take a VMA, so awareness of shadow stack memory can be moved into x86 code. Since pXX_mkwrite() is defined in every arch, it requires some tree-wide changes. So that is why you are seeing some patches out of a big x86 series pop up in your arch mailing list. There is no functional change. After this refactor, the shadow stack series goes on to use the arch helpers to push shadow stack memory details inside arch/x86. Testing was just 0-day build testing. Hopefully that is enough context. Thanks! [0] https://lore.kernel.org/lkml/0e29a2d0-08d8-bcd6-ff26-4bea0e4037b0@redhat.com/#t v6: - New patch --- arch/s390/include/asm/pgtable.h | 7 ++++++- arch/s390/mm/pageattr.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-)
Comments
On Sat, Feb 18, 2023 at 01:14:04PM -0800, Rick Edgecombe wrote: > The x86 Control-flow Enforcement Technology (CET) feature includes a new > type of memory called shadow stack. This shadow stack memory has some > unusual properties, which requires some core mm changes to function > properly. > > One of these changes is to allow for pmd_mkwrite() to create different > types of writable memory (the existing conventionally writable type and > also the new shadow stack type). Future patches will convert pmd_mkwrite() > to take a VMA in order to facilitate this, however there are places in the > kernel where pmd_mkwrite() is called outside of the context of a VMA. > These are for kernel memory. So create a new variant called > pmd_mkwrite_kernel() and switch the kernel users over to it. Have > pmd_mkwrite() and pmd_mkwrite_kernel() be the same for now. Future patches > will introduce changes to make pmd_mkwrite() take a VMA. > > Only do this for architectures that need it because they call pmd_mkwrite() > in arch code without an associated VMA. Since it will only currently be > used in arch code, so do not include it in arch_pgtable_helpers.rst. > > Cc: linux-kernel@vger.kernel.org > Cc: linux-s390@vger.kernel.org > Cc: linux-arch@vger.kernel.org > Cc: linux-mm@kvack.org > Tested-by: Pengfei Xu <pengfei.xu@intel.com> > Suggested-by: David Hildenbrand <david@redhat.com> > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> Yup, 1:1 refactor. Reviewed-by: Kees Cook <keescook@chromium.org>
On 18.02.23 22:14, Rick Edgecombe wrote: > The x86 Control-flow Enforcement Technology (CET) feature includes a new > type of memory called shadow stack. This shadow stack memory has some > unusual properties, which requires some core mm changes to function > properly. > > One of these changes is to allow for pmd_mkwrite() to create different > types of writable memory (the existing conventionally writable type and > also the new shadow stack type). Future patches will convert pmd_mkwrite() > to take a VMA in order to facilitate this, however there are places in the > kernel where pmd_mkwrite() is called outside of the context of a VMA. > These are for kernel memory. So create a new variant called > pmd_mkwrite_kernel() and switch the kernel users over to it. Have > pmd_mkwrite() and pmd_mkwrite_kernel() be the same for now. Future patches > will introduce changes to make pmd_mkwrite() take a VMA. > > Only do this for architectures that need it because they call pmd_mkwrite() > in arch code without an associated VMA. Since it will only currently be > used in arch code, so do not include it in arch_pgtable_helpers.rst. > > Cc: linux-kernel@vger.kernel.org > Cc: linux-s390@vger.kernel.org > Cc: linux-arch@vger.kernel.org > Cc: linux-mm@kvack.org > Tested-by: Pengfei Xu <pengfei.xu@intel.com> > Suggested-by: David Hildenbrand <david@redhat.com> > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> > Heh, that answers my question to patch #11 Acked-by: David Hildenbrand <david@redhat.com>
On Sat, Feb 18, 2023 at 01:14:04PM -0800, Rick Edgecombe wrote: > The x86 Control-flow Enforcement Technology (CET) feature includes a new > type of memory called shadow stack. This shadow stack memory has some > unusual properties, which requires some core mm changes to function > properly. > > One of these changes is to allow for pmd_mkwrite() to create different > types of writable memory (the existing conventionally writable type and > also the new shadow stack type). Future patches will convert pmd_mkwrite() > to take a VMA in order to facilitate this, however there are places in the > kernel where pmd_mkwrite() is called outside of the context of a VMA. > These are for kernel memory. So create a new variant called > pmd_mkwrite_kernel() and switch the kernel users over to it. Have > pmd_mkwrite() and pmd_mkwrite_kernel() be the same for now. Future patches > will introduce changes to make pmd_mkwrite() take a VMA. > > Only do this for architectures that need it because they call pmd_mkwrite() > in arch code without an associated VMA. Since it will only currently be > used in arch code, so do not include it in arch_pgtable_helpers.rst. > > Cc: linux-kernel@vger.kernel.org > Cc: linux-s390@vger.kernel.org > Cc: linux-arch@vger.kernel.org > Cc: linux-mm@kvack.org > Tested-by: Pengfei Xu <pengfei.xu@intel.com> > Suggested-by: David Hildenbrand <david@redhat.com> > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@intel.com> ... > --- > arch/s390/include/asm/pgtable.h | 7 ++++++- > arch/s390/mm/pageattr.c | 2 +- > 2 files changed, 7 insertions(+), 2 deletions(-) Acked-by: Heiko Carstens <hca@linux.ibm.com>
On Thu, 2023-02-23 at 13:14 +0100, Heiko Carstens wrote:
> Acked-by: Heiko Carstens <hca@linux.ibm.com>
Thanks!
diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h index 29522418b5f4..c48a447d1432 100644 --- a/arch/s390/include/asm/pgtable.h +++ b/arch/s390/include/asm/pgtable.h @@ -1425,7 +1425,7 @@ static inline pmd_t pmd_wrprotect(pmd_t pmd) return set_pmd_bit(pmd, __pgprot(_SEGMENT_ENTRY_PROTECT)); } -static inline pmd_t pmd_mkwrite(pmd_t pmd) +static inline pmd_t pmd_mkwrite_kernel(pmd_t pmd) { pmd = set_pmd_bit(pmd, __pgprot(_SEGMENT_ENTRY_WRITE)); if (pmd_val(pmd) & _SEGMENT_ENTRY_DIRTY) @@ -1433,6 +1433,11 @@ static inline pmd_t pmd_mkwrite(pmd_t pmd) return pmd; } +static inline pmd_t pmd_mkwrite(pmd_t pmd) +{ + return pmd_mkwrite_kernel(pmd); +} + static inline pmd_t pmd_mkclean(pmd_t pmd) { pmd = clear_pmd_bit(pmd, __pgprot(_SEGMENT_ENTRY_DIRTY)); diff --git a/arch/s390/mm/pageattr.c b/arch/s390/mm/pageattr.c index 4ee5fe5caa23..7b6967dfacd0 100644 --- a/arch/s390/mm/pageattr.c +++ b/arch/s390/mm/pageattr.c @@ -146,7 +146,7 @@ static void modify_pmd_page(pmd_t *pmdp, unsigned long addr, if (flags & SET_MEMORY_RO) new = pmd_wrprotect(new); else if (flags & SET_MEMORY_RW) - new = pmd_mkwrite(pmd_mkdirty(new)); + new = pmd_mkwrite_kernel(pmd_mkdirty(new)); if (flags & SET_MEMORY_NX) new = set_pmd_bit(new, __pgprot(_SEGMENT_ENTRY_NOEXEC)); else if (flags & SET_MEMORY_X)