From patchwork Wed Jan 11 12:37:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Kirill A. Shutemov" X-Patchwork-Id: 3868 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:4e01:0:0:0:0:0 with SMTP id p1csp3319511wrt; Wed, 11 Jan 2023 05:28:12 -0800 (PST) X-Google-Smtp-Source: AMrXdXvXhfLyZ4yL5h5LAc4BT78VeMAk57d9I6fxuCkVcYS1m8UKZy2h8Q4uk2UNw4430hm2JKrD X-Received: by 2002:a17:902:f784:b0:192:b5a8:3eb6 with SMTP id q4-20020a170902f78400b00192b5a83eb6mr38912363pln.44.1673443692302; Wed, 11 Jan 2023 05:28:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673443692; cv=none; d=google.com; s=arc-20160816; b=nr6ClphMJltm9jcCoKE3/G5RTYzHvzzQURUeTFmr6h4YQJ4c/ID8NbXgCbyZC+5v7q Tr48aK9WFR0uRCFRBawrjAtHNEdnSauNw62WfhZA6VaYILmRhMESyPWob1WRM31rJVz3 YOaS15X1JBHaPlhwghBunEIz98VDnIt5fJz4HAKTZQVoWVEGOoqp6cRnPnRQi2pBjWoH rHriIh11P7zYaOUpFy4XzaBcXCD76uv/aaOo4vPJCMslVQZP0VqC+uDNIXy+GFyzWRGN oYU/B0G+e/eTWTW7phnEUOHoAQH7CgbR8DoY9xpcqQBGHNjMTCB7VNnnVUag6KY9plkD TiUA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=5O0EKUKcFsE0LGPKjzC/MtxjZMpwo0X5GfDZBF+GNWU=; b=NqXjptypp4SmmSMAYlYfIJX988REdjuMCnggqsu9goRXR8gSG0/jKCIxHA7hc4f5yi QXmUEak0AANtMaWufQ3PmQrDPAwYb9+iz/PsAa1/3NkO3ZYKCI5R7s4s2CA4UrUBXVKG RMnPxJRESJzG24/Sr4e5AdAG/9eISajp7PSg+/TXuLBlnEvtRahOvKGViJ+jtmS4LsTc RYxijuajVs7TxdbU7eqlxNvi4t+gMPGQHv/Vzv9+B8lHW7cr9d3zNlrik27w0NSA3Q78 2Bu/MswYt/QT8/VR4ogU4g15EbS894/sXyq5ufuDOqSQXjYP/nKevw8bXV0WnKv3qGI8 0M7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NYkrRT9C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g7-20020a1709029f8700b00192a8d6e21csi13905645plq.458.2023.01.11.05.27.59; Wed, 11 Jan 2023 05:28:12 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=NYkrRT9C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231573AbjAKNY6 (ORCPT + 99 others); Wed, 11 Jan 2023 08:24:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46600 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233800AbjAKNX7 (ORCPT ); Wed, 11 Jan 2023 08:23:59 -0500 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 15713389F for ; Wed, 11 Jan 2023 05:23:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1673443438; x=1704979438; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=GdA/zTzLr8yY1P/t2Boc1VaCkucAkbRxVceefJytuzY=; b=NYkrRT9C7pwU3doFKfxz9+x8ScXArEEloZ9HneeHsFpnPpQhWBMyZrle IrocrLbkbByLAOR6beoXytcNs0kmB+0K8GU5MJzMmZaAfv113ii7g3EUw lIxHs8iw06ASbNVsGpVfEl6KirV46rO5jG9DgFANUvrd3uQjFFH1CBTmH II4d37us6iftPxFmTBEAnoTNU0j3nhyR8vl1XAE+rgwRK5n2Av+RqOxML 0fhSmcyWJS+FpvqPWBhsMHIyaJsAt9q9OvsSxTnViOacbDRGt0QiikKE7 8i7jMkVVrYr+eJCBG3HmzelMxjGUg1G2tn9XzFjVgUwPmzM5QFbmiW5Xu A==; X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="324646058" X-IronPort-AV: E=Sophos;i="5.96,317,1665471600"; d="scan'208";a="324646058" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2023 05:23:48 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10586"; a="720725456" X-IronPort-AV: E=Sophos;i="5.96,317,1665471600"; d="scan'208";a="720725456" Received: from bachaue1-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.37.250]) by fmsmga008-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 11 Jan 2023 05:23:43 -0800 Received: by box.shutemov.name (Postfix, from userid 1000) id F33D2109C71; Wed, 11 Jan 2023 15:37:40 +0300 (+03) From: "Kirill A. Shutemov" To: Dave Hansen , Andy Lutomirski , Peter Zijlstra Cc: x86@kernel.org, Kostya Serebryany , Andrey Ryabinin , Andrey Konovalov , Alexander Potapenko , Taras Madan , Dmitry Vyukov , "H . J . Lu" , Andi Kleen , Rick Edgecombe , Bharata B Rao , Jacob Pan , Ashok Raj , Linus Torvalds , linux-mm@kvack.org, linux-kernel@vger.kernel.org, "Kirill A. Shutemov" Subject: [PATCHv14 00/17] Linear Address Masking enabling Date: Wed, 11 Jan 2023 15:37:19 +0300 Message-Id: <20230111123736.20025-1-kirill.shutemov@linux.intel.com> X-Mailer: git-send-email 2.38.2 MIME-Version: 1.0 X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1754732893082680208?= X-GMAIL-MSGID: =?utf-8?q?1754732893082680208?= Linear Address Masking[1] (LAM) modifies the checking that is applied to 64-bit linear addresses, allowing software to use of the untranslated address bits for metadata. The capability can be used for efficient address sanitizers (ASAN) implementation and for optimizations in JITs and virtual machines. The patchset brings support for LAM for userspace addresses. Only LAM_U57 at this time. Please review and consider applying. git://git.kernel.org/pub/scm/linux/kernel/git/kas/linux.git lam v14: - Rework address range check in get_user() and put_user(); - Introduce CONFIG_ADDRESS_MASKING; - Cache untag masking in per-CPU variable; - Reject LAM enabling via PTRACE_ARCH_PRCTL; - Fix locking around untagged_addr_remote(); - Fix typo in MM_CONTEXT_* conversion patch; - Fix selftest; v13: - Fix race between untagged_addr() and LAM enabling: + Do not allow to enable LAM after the process spawned the second thread; + untagged_addr() untags the address according to rules of the current process; + untagged_addr_remote() can be used for untagging addresses for foreign process. It requires mmap lock for the target process to be taken; v12: - Rebased onto tip/x86/mm; - Drop VM_WARN_ON() that may produce false-positive on race between context switch and LAM enabling; - Adjust comments explain possible race; - User READ_ONCE() in mm_lam_cr3_mask(); - Do not assume &init_mm == mm in initialize_tlbstate_and_flush(); - Ack by Andy; v11: - Move untag_mask to /proc/$PID/status; - s/SVM/SVA/g; - static inline arch_pgtable_dma_compat() instead of macros; - Replace pasid_valid() with mm_valid_pasid(); - Acks from Ashok and Jacob (forgot to apply from v9); v10: - Rebased to v6.1-rc1; - Add selftest for SVM vs LAM; v9: - Fix race between LAM enabling and check that KVM memslot address doesn't have any tags; - Reduce untagged_addr() overhead until the first LAM user; - Clarify SVM vs. LAM semantics; - Use mmap_lock to serialize LAM enabling; v8: - Drop redundant smb_mb() in prctl_enable_tagged_addr(); - Cleanup code around build_cr3(); - Fix commit messages; - Selftests updates; - Acked/Reviewed/Tested-bys from Alexander and Peter; v7: - Drop redundant smb_mb() in prctl_enable_tagged_addr(); - Cleanup code around build_cr3(); - Fix commit message; - Fix indentation; v6: - Rebased onto v6.0-rc1 - LAM_U48 excluded from the patchet. Still available in the git tree; - add ARCH_GET_MAX_TAG_BITS; - Fix build without CONFIG_DEBUG_VM; - Update comments; - Reviewed/Tested-by from Alexander; v5: - Do not use switch_mm() in enable_lam_func() - Use mb()/READ_ONCE() pair on LAM enabling; - Add self-test by Weihong Zhang; - Add comments; v4: - Fix untagged_addr() for LAM_U48; - Remove no-threads restriction on LAM enabling; - Fix mm_struct access from /proc/$PID/arch_status - Fix LAM handling in initialize_tlbstate_and_flush() - Pack tlb_state better; - Comments and commit messages; v3: - Rebased onto v5.19-rc1 - Per-process enabling; - API overhaul (again); - Avoid branches and costly computations in the fast path; - LAM_U48 is in optional patch. v2: - Rebased onto v5.18-rc1 - New arch_prctl(2)-based API - Expose status of LAM (or other thread features) in /proc/$PID/arch_status [1] ISE, Chapter 10. https://cdrdv2.intel.com/v1/dl/getContent/671368 Kirill A. Shutemov (12): x86/mm: Rework address range check in get_user() and put_user() x86: Allow atomic MM_CONTEXT flags setting x86: CPUID and CR3/CR4 flags for Linear Address Masking x86/mm: Handle LAM on context switch mm: Introduce untagged_addr_remote() x86/uaccess: Provide untagged_addr() and remove tags before address check x86/mm: Provide arch_prctl() interface for LAM x86/mm: Reduce untagged_addr() overhead until the first LAM user mm: Expose untagging mask in /proc/$PID/status iommu/sva: Replace pasid_valid() helper with mm_valid_pasid() x86/mm/iommu/sva: Make LAM and SVA mutually exclusive selftests/x86/lam: Add test cases for LAM vs thread creation Weihong Zhang (5): selftests/x86/lam: Add malloc and tag-bits test cases for linear-address masking selftests/x86/lam: Add mmap and SYSCALL test cases for linear-address masking selftests/x86/lam: Add io_uring test cases for linear-address masking selftests/x86/lam: Add inherit test cases for linear-address masking selftests/x86/lam: Add ARCH_FORCE_TAGGED_SVA test cases for linear-address masking arch/arm64/include/asm/mmu_context.h | 6 + arch/sparc/include/asm/mmu_context_64.h | 6 + arch/sparc/include/asm/uaccess_64.h | 2 + arch/x86/Kconfig | 11 + arch/x86/entry/vsyscall/vsyscall_64.c | 2 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/mmu.h | 18 +- arch/x86/include/asm/mmu_context.h | 49 +- arch/x86/include/asm/processor-flags.h | 2 + arch/x86/include/asm/tlbflush.h | 48 +- arch/x86/include/asm/uaccess.h | 35 +- arch/x86/include/uapi/asm/prctl.h | 5 + arch/x86/include/uapi/asm/processor-flags.h | 6 + arch/x86/kernel/process.c | 6 + arch/x86/kernel/process_64.c | 70 +- arch/x86/kernel/traps.c | 6 +- arch/x86/lib/getuser.S | 83 +- arch/x86/lib/putuser.S | 54 +- arch/x86/mm/init.c | 5 + arch/x86/mm/tlb.c | 53 +- drivers/iommu/iommu-sva.c | 8 +- drivers/vfio/vfio_iommu_type1.c | 2 +- fs/proc/array.c | 6 + fs/proc/task_mmu.c | 9 +- include/linux/ioasid.h | 9 - include/linux/mm.h | 11 - include/linux/mmu_context.h | 14 + include/linux/sched/mm.h | 8 +- include/linux/uaccess.h | 22 + mm/debug.c | 1 + mm/gup.c | 4 +- mm/madvise.c | 5 +- mm/migrate.c | 11 +- tools/testing/selftests/x86/Makefile | 2 +- tools/testing/selftests/x86/lam.c | 1241 +++++++++++++++++++ 35 files changed, 1673 insertions(+), 148 deletions(-) create mode 100644 tools/testing/selftests/x86/lam.c Acked-by: Peter Zijlstra (Intel)