From patchwork Fri Nov 4 22:35:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 15823 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp678527wru; Fri, 4 Nov 2022 15:41:20 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4t2ob2NJXCylA8q3oteafpoqVhJtXJ66LobHtfc0J01Blhd+7vW/71sqaXBuZu6lyqADFO X-Received: by 2002:a63:2c90:0:b0:439:ee2c:ab2f with SMTP id s138-20020a632c90000000b00439ee2cab2fmr33752814pgs.2.1667601679798; Fri, 04 Nov 2022 15:41:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667601679; cv=none; d=google.com; s=arc-20160816; b=NMSo840MSOg1c/dtROvhZTz/8+XTPoa2qWSuytNADAwBLFXC+byo4fnM5mo8DO4fO0 j96U62cUbkDqc/aFPGML6daTL4lUmYF2e2q0nSw0L28zCGLklDCCdVIgIPke37gIUuFt W9S5l2pSofWkObj8c7X57UDUYV7gW7HFLtZIxxSrbc6ORrXHbE5+z158UWMJdwpaUf6R eIzQbI+kYQAeLrp9QzMYtXm1NcW07F7Mdk/spfATZSjqF8tKN+Yb9WcZ/W8S7U2KzYBL k7LjyHQWncK/BXwM4bnbaTQfa1sL+tbcmp0b3xjbeTaookAAi3X2ypH8DU+PFIyCzKzm SHYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=XiM16Dm0rAaZdxXbCBWDj+qQN92LNq0rwVghQU9otjk=; b=xX1FbvhXkb6IrZDGD+QKY/F5MY8m1rGOnBn/Y/B2RYgjkxHr/moY1z3vMb3iLOP/7q w52Trv/rSacXsIF/U1BzafF7e8c9vbWrrRVbIL1OSDJw7jS5lM8saQaxLixljlyJNbVM /Z4F/5K+4LE7dUgAH7SyalwR8AJT/C+avCqTjqnKcIye2V1fEvNX6KXvOqniZ8ZiEiz3 RXdbKQfVxFxor3yS3Lt4H0NHqdMFtl8FwddTPM7uu4ylHL8LCGXw72ay/qTEi225ICz+ ZgxEGoebFBBaS/Ic4qrjTZX+YbYy3UYGQsfSv3VufuIdwMU3WVz1cmMt95LLAKcvjNsB gSEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=delmJX49; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ng17-20020a17090b1a9100b00213f1db312esi950313pjb.111.2022.11.04.15.41.05; Fri, 04 Nov 2022 15:41:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=delmJX49; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229781AbiKDWkY (ORCPT + 99 others); Fri, 4 Nov 2022 18:40:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47214 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229496AbiKDWj6 (ORCPT ); Fri, 4 Nov 2022 18:39:58 -0400 Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DABAA4044F; Fri, 4 Nov 2022 15:39:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1667601570; x=1699137570; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=s4pESg4b+rdmfkzmthwTSS4lIUw19qtNeWA9uReG7HU=; b=delmJX49R61nYkAZk3MvRj3Jq9D/QyZ4NQF4GBg1+EalmV48rPnwzb8r PJdHnGdL+jhFfIV31xso1GnZRAOSWj4bpo3bi5FCtdN7Cwu904ypv00G3 0Z+204qWDF7JFk6XEm1HW72bbyhZ/dtX3j8yyvBk2Nwf4yUpMrstA7oZS ra4EJuqU6QNAutV9EtD4CMttoU0nTxTs7SyLhGL6V6Uafq+OE4ToypEpj /iOpVMsyZIK95MFpo1J/gPhZs9x4MZP3ZuySzmi/e1kb5ClvSqPN6tMbv dGMXgXWVwMZNspN2EpbXZhZVugmnOVZIksBmVhyWFH8bDcq8saa96Sx0G Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10521"; a="311840506" X-IronPort-AV: E=Sophos;i="5.96,138,1665471600"; d="scan'208";a="311840506" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Nov 2022 15:39:29 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10521"; a="668514010" X-IronPort-AV: E=Sophos;i="5.96,138,1665471600"; d="scan'208";a="668514010" Received: from adhjerms-mobl1.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.212.227.68]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Nov 2022 15:39:28 -0700 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V . Shankar" , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org Cc: rick.p.edgecombe@intel.com, Yu-cheng Yu , Christoph Hellwig Subject: [PATCH v3 08/37] x86/mm: Remove _PAGE_DIRTY from kernel RO pages Date: Fri, 4 Nov 2022 15:35:35 -0700 Message-Id: <20221104223604.29615-9-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20221104223604.29615-1-rick.p.edgecombe@intel.com> References: <20221104223604.29615-1-rick.p.edgecombe@intel.com> X-Spam-Status: No, score=-5.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748607098991614524?= X-GMAIL-MSGID: =?utf-8?q?1748607098991614524?= From: Yu-cheng Yu New processors that support Shadow Stack regard Write=0,Dirty=1 PTEs as shadow stack pages. In normal cases, it can be helpful to create Write=1 PTEs as also Dirty=1 if HW dirty tracking is not needed, because if the Dirty bit is not already set the CPU has to set Dirty=1 when it the memory gets written to. This creates addiontal work for the CPU. So tradional wisdom was to simply set the Dirty bit whenever you didn't care about it. However, it was never really very helpful for read only kernel memory. When CR4.CET=1 and IA32_S_CET.SH_STK_EN=1, some instructions can write to such supervisor memory. The kernel does not set IA32_S_CET.SH_STK_EN, so avoiding kernel Write=0,Dirty=1 memory is not strictly needed for any functional reason. But having Write=0,Dirty=1 kernel memory doesn't have any functional benefit either, so to reduce ambiguity between shadow stack and regular Write=0 pages, removed Dirty=1 from any kernel Write=0 PTEs. Tested-by: Pengfei Xu Tested-by: John Allen Signed-off-by: Yu-cheng Yu Co-developed-by: Rick Edgecombe Signed-off-by: Rick Edgecombe Cc: "H. Peter Anvin" Cc: Kees Cook Cc: Thomas Gleixner Cc: Dave Hansen Cc: Christoph Hellwig Cc: Andy Lutomirski Cc: Ingo Molnar Cc: Borislav Petkov Cc: Peter Zijlstra --- v3: - Update commit log (Andrew Cooper, Peterz) v2: - Normalize PTE bit descriptions between patches arch/x86/include/asm/pgtable_types.h | 6 +++--- arch/x86/mm/pat/set_memory.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index aa174fed3a71..ff82237e7b6b 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -192,10 +192,10 @@ enum page_cache_mode { #define _KERNPG_TABLE (__PP|__RW| 0|___A| 0|___D| 0| 0| _ENC) #define _PAGE_TABLE_NOENC (__PP|__RW|_USR|___A| 0|___D| 0| 0) #define _PAGE_TABLE (__PP|__RW|_USR|___A| 0|___D| 0| 0| _ENC) -#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX|___D| 0|___G) -#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0|___D| 0|___G) +#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX| 0| 0|___G) +#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0| 0| 0|___G) #define __PAGE_KERNEL_NOCACHE (__PP|__RW| 0|___A|__NX|___D| 0|___G| __NC) -#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX|___D| 0|___G) +#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX| 0| 0|___G) #define __PAGE_KERNEL_LARGE (__PP|__RW| 0|___A|__NX|___D|_PSE|___G) #define __PAGE_KERNEL_LARGE_EXEC (__PP|__RW| 0|___A| 0|___D|_PSE|___G) #define __PAGE_KERNEL_WP (__PP|__RW| 0|___A|__NX|___D| 0|___G| __WP) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 2e5a045731de..af2267a9cdab 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -2026,7 +2026,7 @@ int set_memory_nx(unsigned long addr, int numpages) int set_memory_ro(unsigned long addr, int numpages) { - return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0); + return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW | _PAGE_DIRTY), 0); } int set_memory_rw(unsigned long addr, int numpages)