From patchwork Wed Jul 19 22:47:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 122917 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c923:0:b0:3e4:2afc:c1 with SMTP id j3csp2771737vqt; Wed, 19 Jul 2023 16:28:35 -0700 (PDT) X-Google-Smtp-Source: APBJJlG8XbsS2RSpPXDYXvQf/cvaak0PHo9lb+vI9HV49nyuVDQlWMbDbJ/5GPpqj+w00X+pjNJi X-Received: by 2002:a1f:4305:0:b0:481:6d58:7fac with SMTP id q5-20020a1f4305000000b004816d587facmr822948vka.10.1689809314936; Wed, 19 Jul 2023 16:28:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689809314; cv=none; d=google.com; s=arc-20160816; b=q8cfOnhjWy2cwvq6UjwZjh4ejyoUEViVThtWDkmewERemT1uVD4m8u6rgrOC44ho1I H/V8F/ORLl9q+gGo92XPNeBzvdf4MNCOUHYzrFPk0q282jc4g1FFSW5JWP/vJ1+qRN3Z ITwValOlaWwW0SM3uW2kMgb4FnSHaZ/O1exPBRlPghECRuXryyi+xUhWIzZSOTrS77Wm TAEMbyGkh0zTduNV2xbFI997b/cdEUkOzHcxcQLJMFvGMiWpyi7Dg2y2LecUQFIZo9vv 6yLkUM0Jo42xOYJNSrvWfA2KbXW2ZC6e0OQAWKhNO+ajK2utBdRk3sQiox2U3DRpHjZi Ry+A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=F686mNAfxw9unGtGg3UmKzC0CIGnObbybdIynSv8PwU=; fh=cYKsLYKlfL5GLDpOt1a9DaF93PQ8azQhO0iBCt+veh0=; b=atacUTQ7ZF8wMFseUGEKseIOx6dut8xZ1XVXD2eVG/R+u5qWO6NY2g4T1/0tCO6ozH vZUZlUngcXLaR+MEkAfKaoGCtI+Q3M76BBqoQpjV/ik5IadEiqJDrLLZzN/p0iVoflrf tjZY7DSRPL//GDgEUfbp8PuBJcjX86Fi/qb60JUYSCiBhb1oxS2oqQVByd9LqgxraxY9 FlnSQ3VLNBBcFCZyN3tIh+XqexyjVEtDD58rttjufR7zyzsADsLw0tuSnRTGy5rVhA1H k01QwgvAEAx+ek8jN9VM3A0usBWimBsAZO3Vf7itk5gxJ6MJEKfNtx5FEyn2VbF2O/dJ D3Hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=cIjneE6z; dkim=neutral (no key) header.i=@linutronix.de header.b="/HkpWzlX"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e9-20020a17090ac20900b0025baa49fa95si2274147pjt.1.2023.07.19.16.28.22; Wed, 19 Jul 2023 16:28:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=cIjneE6z; dkim=neutral (no key) header.i=@linutronix.de header.b="/HkpWzlX"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231398AbjGSWtk (ORCPT + 99 others); Wed, 19 Jul 2023 18:49:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231266AbjGSWrz (ORCPT ); Wed, 19 Jul 2023 18:47:55 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 754C426B5; Wed, 19 Jul 2023 15:47:41 -0700 (PDT) Date: Wed, 19 Jul 2023 22:47:38 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1689806859; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=F686mNAfxw9unGtGg3UmKzC0CIGnObbybdIynSv8PwU=; b=cIjneE6z9r0r9l3vpcKA073TAn1FwTPTR3qrgpf+LddypRqMk0yHVMOKRtfCf4fryfl7nG iVjRI9TqU0NxFTlIFcAaBjnSXGlFvVtYIbMG1kZj5h0Dx3ywWDv98O8ziiUS0LG3M0RdsS A7b0i2XBglnNKDQJoooqKkdrwEhatqr+5fvZHdy6BtpqiZCLGKln7mEctCZCnFK51mNh7P hek7JWhUlvN78Lu8rSw+Eb6nei97YtjhVu3uXa9rzUDabXfO4hDBSOscfJFB6G+83pAv+G iTNqGL2Zt0uNpPgzgxczsLNwPmKDIhDu8C1XJlIHxxodehpEh0ygq7ZyZ7o6NA== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1689806859; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=F686mNAfxw9unGtGg3UmKzC0CIGnObbybdIynSv8PwU=; b=/HkpWzlXoB7gK4d6kT42hb3J/altG09ZeWCKcGLSL7n5QlS1H/kpoPzYlkDHzfOzNPJK4/ rrn+tURTh7D3mDAg== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86/mm: Remove _PAGE_DIRTY from kernel RO pages Cc: "Yu-cheng Yu" , Rick Edgecombe , Dave Hansen , "Borislav Petkov (AMD)" , Kees Cook , "Mike Rapoport (IBM)" , Pengfei Xu , John Allen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <168980685855.28540.9122084229630179588.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1771893492230696923 X-GMAIL-MSGID: 1771893492230696923 The following commit has been merged into the x86/shstk branch of tip: Commit-ID: f788b71768ff6a8a453a93a9f366e162af560483 Gitweb: https://git.kernel.org/tip/f788b71768ff6a8a453a93a9f366e162af560483 Author: Rick Edgecombe AuthorDate: Mon, 12 Jun 2023 17:10:39 -07:00 Committer: Rick Edgecombe CommitterDate: Tue, 11 Jul 2023 14:12:19 -07:00 x86/mm: Remove _PAGE_DIRTY from kernel RO pages New processors that support Shadow Stack regard Write=0,Dirty=1 PTEs as shadow stack pages. In normal cases, it can be helpful to create Write=1 PTEs as also Dirty=1 if HW dirty tracking is not needed, because if the Dirty bit is not already set the CPU has to set Dirty=1 when the memory gets written to. This creates additional work for the CPU. So traditional wisdom was to simply set the Dirty bit whenever you didn't care about it. However, it was never really very helpful for read-only kernel memory. When CR4.CET=1 and IA32_S_CET.SH_STK_EN=1, some instructions can write to such supervisor memory. The kernel does not set IA32_S_CET.SH_STK_EN, so avoiding kernel Write=0,Dirty=1 memory is not strictly needed for any functional reason. But having Write=0,Dirty=1 kernel memory doesn't have any functional benefit either, so to reduce ambiguity between shadow stack and regular Write=0 pages, remove Dirty=1 from any kernel Write=0 PTEs. Co-developed-by: Yu-cheng Yu Signed-off-by: Yu-cheng Yu Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230613001108.3040476-14-rick.p.edgecombe%40intel.com --- arch/x86/include/asm/pgtable_types.h | 8 +++++--- arch/x86/mm/pat/set_memory.c | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 9379647..002f19e 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -218,10 +218,12 @@ enum page_cache_mode { #define _PAGE_TABLE_NOENC (__PP|__RW|_USR|___A| 0|___D| 0| 0) #define _PAGE_TABLE (__PP|__RW|_USR|___A| 0|___D| 0| 0| _ENC) -#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX|___D| 0|___G) -#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0|___D| 0|___G) +#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX| 0| 0|___G) +#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0| 0| 0|___G) +#define __PAGE_KERNEL (__PP|__RW| 0|___A|__NX|___D| 0|___G) +#define __PAGE_KERNEL_EXEC (__PP|__RW| 0|___A| 0|___D| 0|___G) #define __PAGE_KERNEL_NOCACHE (__PP|__RW| 0|___A|__NX|___D| 0|___G| __NC) -#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX|___D| 0|___G) +#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX| 0| 0|___G) #define __PAGE_KERNEL_LARGE (__PP|__RW| 0|___A|__NX|___D|_PSE|___G) #define __PAGE_KERNEL_LARGE_EXEC (__PP|__RW| 0|___A| 0|___D|_PSE|___G) #define __PAGE_KERNEL_WP (__PP|__RW| 0|___A|__NX|___D| 0|___G| __WP) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index df4182b..bda9f12 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -2074,12 +2074,12 @@ int set_memory_nx(unsigned long addr, int numpages) int set_memory_ro(unsigned long addr, int numpages) { - return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0); + return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW | _PAGE_DIRTY), 0); } int set_memory_rox(unsigned long addr, int numpages) { - pgprot_t clr = __pgprot(_PAGE_RW); + pgprot_t clr = __pgprot(_PAGE_RW | _PAGE_DIRTY); if (__supported_pte_mask & _PAGE_NX) clr.pgprot |= _PAGE_NX;