From patchwork Thu Jan 19 21:22:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Edgecombe, Rick P" X-Patchwork-Id: 45981 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp555587wrn; Thu, 19 Jan 2023 13:34:36 -0800 (PST) X-Google-Smtp-Source: AMrXdXsvyYFF+UOjMmM3URyzXs6IuxT7snYkwmlOdIrbkdT8NSiQVfPgVbra2A0TudSvwOoa/J6S X-Received: by 2002:a17:902:7601:b0:193:236:3a2b with SMTP id k1-20020a170902760100b0019302363a2bmr10998289pll.3.1674164075774; Thu, 19 Jan 2023 13:34:35 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674164075; cv=none; d=google.com; s=arc-20160816; b=zdJNufrs1bW2Y8f7QphawuRGD+iIE61f95yyB8jfNNyUIlCUGkkNazEWAdD5eR37O2 CYHehXFCa314sq7Sd8Rw+DUZGNkDn8y25jQOmTEZ6rX8jE1RMtaLK2OrazFhMLJGORr6 W7HqeqyRsTbgoaZXXSnofwdctKLTdPJqUjPoL1MIAvLGicnawO882OsQW20jIRJilRD9 AUYNx6gY6I/fvYFXknycnlofO2ZAkYi8eAYkN72mzrYs9GbYa6LHeEy0m7nKN/cLLAA1 jdq4IF1ttuxQ4U4HLuXFy6cmoocJYj+/XVX9hp0YilIb9LLFmYjvc8SbJvVRmOMVbcM+ vEiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:in-reply-to:message-id:date:subject :cc:to:from:dkim-signature; bh=BVe42IZ3bUVWxOXb5SeOdBeUgISVBwg/EiJcXbj5PIQ=; b=ca4Y77rJr9pCpinxBHKEedFWaAkK0GAyZA0SU7uF9XKn74wPjqXNeEprOSHjpMvZjf RnsIkw8w4fXJVSTE+i+GjQ/o7JsqlAyKDosVNJGnOnhlml2QOJrozlKZimFPVel1L8x5 Nf4sE5pfmjIDOnhNWEqF6bk2TkrIXn3/UJneZLqrv9XzlxSsjrKtf58UJR+hfhyyJpdK SjUomVLGdLEZyFSy83K/UvKvyqaVobWyN69E73TG/oBUBfzVePejaj43ELd2xouUHp2j 7uoYBcu9wMW0+GrsSIP6NWQ7jHUItwSdsua1UMXO7JswXpf8Wa4m6wVT1RciOa7AH2vT 0PWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=K9anBuZf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ba9-20020a170902720900b00192972afbc5si38844158plb.459.2023.01.19.13.34.23; Thu, 19 Jan 2023 13:34:35 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=K9anBuZf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230260AbjASVdA (ORCPT + 99 others); Thu, 19 Jan 2023 16:33:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231207AbjASVbN (ORCPT ); Thu, 19 Jan 2023 16:31:13 -0500 Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5EBC0A7930; Thu, 19 Jan 2023 13:25:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1674163532; x=1705699532; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=3Wysy2UxXgn7XrxNNcTO6OHZIBa9HpH74QVE6RG86iA=; b=K9anBuZfDLYjz7R1vDNkH5UsUFaApob41Pz4+TG6oa6u1DXPC/qwkeWI er7Y8kmQsmkzoaLVWaH0QTTAMeAA0ee3o14dCLdU6owfDlxtl2McQafxh SpkJWqOiFve3Gic/Zp5JNtxHesXokF3GGirwFe6qZW0A2/8n/WApd5y7P I0yEWGhSyjjOzB5f7dfYY6ovPLn9sk9yY+a8gOGSpUUUsyZsYzypTu5E3 /4s4zVGQae6TKvY4rXKVqUyE53X8XLga4EK0fmULdUYWr6X3CuDBz5qOW Ba2nH9pqnzkF4ioIuH0lbZ41OJJw0g4Qtl+h4J4Yna8i+1RD0th4m2vC+ A==; X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="323119341" X-IronPort-AV: E=Sophos;i="5.97,230,1669104000"; d="scan'208";a="323119341" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jan 2023 13:23:37 -0800 X-IronPort-AV: E=McAfee;i="6500,9779,10595"; a="989139021" X-IronPort-AV: E=Sophos;i="5.97,230,1669104000"; d="scan'208";a="989139021" Received: from hossain3-mobl.amr.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.252.128.187]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Jan 2023 13:23:36 -0800 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com Cc: rick.p.edgecombe@intel.com, Yu-cheng Yu , Christoph Hellwig Subject: [PATCH v5 08/39] x86/mm: Remove _PAGE_DIRTY from kernel RO pages Date: Thu, 19 Jan 2023 13:22:46 -0800 Message-Id: <20230119212317.8324-9-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230119212317.8324-1-rick.p.edgecombe@intel.com> References: <20230119212317.8324-1-rick.p.edgecombe@intel.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755488270149892573?= X-GMAIL-MSGID: =?utf-8?q?1755488270149892573?= From: Yu-cheng Yu New processors that support Shadow Stack regard Write=0,Dirty=1 PTEs as shadow stack pages. In normal cases, it can be helpful to create Write=1 PTEs as also Dirty=1 if HW dirty tracking is not needed, because if the Dirty bit is not already set the CPU has to set Dirty=1 when the memory gets written to. This creates additional work for the CPU. So traditional wisdom was to simply set the Dirty bit whenever you didn't care about it. However, it was never really very helpful for read-only kernel memory. When CR4.CET=1 and IA32_S_CET.SH_STK_EN=1, some instructions can write to such supervisor memory. The kernel does not set IA32_S_CET.SH_STK_EN, so avoiding kernel Write=0,Dirty=1 memory is not strictly needed for any functional reason. But having Write=0,Dirty=1 kernel memory doesn't have any functional benefit either, so to reduce ambiguity between shadow stack and regular Write=0 pages, remove Dirty=1 from any kernel Write=0 PTEs. Tested-by: Pengfei Xu Tested-by: John Allen Signed-off-by: Yu-cheng Yu Co-developed-by: Rick Edgecombe Signed-off-by: Rick Edgecombe Cc: "H. Peter Anvin" Cc: Kees Cook Cc: Thomas Gleixner Cc: Dave Hansen Cc: Christoph Hellwig Cc: Andy Lutomirski Cc: Ingo Molnar Cc: Borislav Petkov Cc: Peter Zijlstra Reviewed-by: Kees Cook --- v5: - Spelling and grammar in commit log (Boris) v3: - Update commit log (Andrew Cooper, Peterz) v2: - Normalize PTE bit descriptions between patches arch/x86/include/asm/pgtable_types.h | 6 +++--- arch/x86/mm/pat/set_memory.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 447d4bee25c4..0646ad00178b 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -192,10 +192,10 @@ enum page_cache_mode { #define _KERNPG_TABLE (__PP|__RW| 0|___A| 0|___D| 0| 0| _ENC) #define _PAGE_TABLE_NOENC (__PP|__RW|_USR|___A| 0|___D| 0| 0) #define _PAGE_TABLE (__PP|__RW|_USR|___A| 0|___D| 0| 0| _ENC) -#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX|___D| 0|___G) -#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0|___D| 0|___G) +#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX| 0| 0|___G) +#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0| 0| 0|___G) #define __PAGE_KERNEL_NOCACHE (__PP|__RW| 0|___A|__NX|___D| 0|___G| __NC) -#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX|___D| 0|___G) +#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX| 0| 0|___G) #define __PAGE_KERNEL_LARGE (__PP|__RW| 0|___A|__NX|___D|_PSE|___G) #define __PAGE_KERNEL_LARGE_EXEC (__PP|__RW| 0|___A| 0|___D|_PSE|___G) #define __PAGE_KERNEL_WP (__PP|__RW| 0|___A|__NX|___D| 0|___G| __WP) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 356758b7d4b4..d41706ad29db 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -2073,7 +2073,7 @@ int set_memory_nx(unsigned long addr, int numpages) int set_memory_ro(unsigned long addr, int numpages) { - return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0); + return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW | _PAGE_DIRTY), 0); } int set_memory_rox(unsigned long addr, int numpages)