From patchwork Mon Mar 20 16:39:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 72300 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:604a:0:0:0:0:0 with SMTP id j10csp1329039wrt; Mon, 20 Mar 2023 10:07:19 -0700 (PDT) X-Google-Smtp-Source: AK7set+rRIuNpvBH9QM1LOgx83cMbxf86cIVhaYViHqp3rbSCGTHlk713q3/dmCIupFB57KdneID X-Received: by 2002:aa7:9534:0:b0:627:effd:71ba with SMTP id c20-20020aa79534000000b00627effd71bamr6418295pfp.6.1679332038582; Mon, 20 Mar 2023 10:07:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1679332038; cv=none; d=google.com; s=arc-20160816; b=0Ju3VQ7N1z2K3bWBzej2UEUVaVw9Ge6cTKIsF3+wC1/yqTq7uTqzwnEvOa91qhQS0H YESS1PbjkjHxX6ii3Hl97Fw0EZX32X3nVmeyYwVhuUXZqqN+Wnalbq8RoKWmP2BYSnWc SkuzQpGUPsJQNPCbYXPWbiOYPKRyo48ntUz6pmGMJGvCAZ3EsLEQ9s2Lp0DQVv3GtvKp A8CnvAMJ26T25HjGZh/x1FvEreIqBK6hCe8DGyW+PMs+F6UOq9UA7d5GxWK6XhAKeb8H 6v7NowFAMT/+C+6bn69B/++ggQjsrx4lGZihi5YUaK06y3GCtbNX+p4c6O1evPuDBQlM FRfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=IyWmU3LDAqcjF6F6Xb+HcI6kQKClv30nzS+jjqZZwXU=; b=gZ0WkPre+yhvSKCe9Yqc+/YPmyBbD+LINUY9c02HCdirW5thF4G9tHPUMiGSeEvHpp VjjUt1lgWL9RUhtP99uc6CrYgvfGKZcfFwxS6mg6eFduNkRAgjj2yH/3uXOokpt08h0O 3GpIMUarWhbVCZV68LMYaVj8hRXF6cwn89c84mqUDTs4FtWL6AAMKaoM9GNftHDcJAgl h8mwFizgYQ4mh4syw6knrUAz83pLdWKmC6CEqdtGbdjIdPdwFFJKDAoCnK1/99TU7nat R70ZIz47IP6Ifjpqodq4jXQfTgtzQ4zJe/RRwfGFs1pE9j1UHoU9YQgBBKwbk2egIeoP c+Ig== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=vs4o1swu; dkim=neutral (no key) header.i=@linutronix.de header.b=VdYQxu1G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p11-20020a056a000b4b00b00624289e73c7si11556839pfo.77.2023.03.20.10.07.02; Mon, 20 Mar 2023 10:07:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=vs4o1swu; dkim=neutral (no key) header.i=@linutronix.de header.b=VdYQxu1G; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232419AbjCTQu1 (ORCPT + 99 others); Mon, 20 Mar 2023 12:50:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41822 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232474AbjCTQtc (ORCPT ); Mon, 20 Mar 2023 12:49:32 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 659B1618D; Mon, 20 Mar 2023 09:42:06 -0700 (PDT) Date: Mon, 20 Mar 2023 16:39:29 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1679330369; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IyWmU3LDAqcjF6F6Xb+HcI6kQKClv30nzS+jjqZZwXU=; b=vs4o1swuV7Qs9VTfP134h6nDbBrAnM8a+dORwAUJaGA+9wiIqtAz+XyUzfwuqUEUNpRiTH fgJf5gttUbo4bEBTNCN41dJkq+UdC3ouuRW+O2hKgY4T2X67i9Rak7J8yW+ulj3CYu49CO 103SsXpP3R43yyrfutmKj14AgD201xa1+IC/B7UBtQT6KEiWWRLpBwqTettWE/lZH9G/Da Hb/SE88AhPGP53SoN21z7gHE++ZR+bcd42YqO2ScDt7j1nb76r3IK86Yk0Vjmw32LaO6QQ 0lXAKuGvhPHzyo8ahToPuMbKqlSMZC0GqQ1URXmEAgOE+Yh+yBOWFVpj3RAv4A== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1679330369; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=IyWmU3LDAqcjF6F6Xb+HcI6kQKClv30nzS+jjqZZwXU=; b=VdYQxu1GjN9Pmnl1ktkGHvh4n8h9RsI9b42y5Bxvs/4NuQFHyySWVV8pDLo3T+4/t3f+Qv y0Ww6iwfshs9SaDQ== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86/mm: Remove _PAGE_DIRTY from kernel RO pages Cc: "Yu-cheng Yu" , Rick Edgecombe , Dave Hansen , "Borislav Petkov (AMD)" , Kees Cook , "Mike Rapoport (IBM)" , Pengfei Xu , John Allen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <167933036914.5837.4622429665589179520.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1760907271465817621?= X-GMAIL-MSGID: =?utf-8?q?1760907271465817621?= The following commit has been merged into the x86/shstk branch of tip: Commit-ID: 4cecb5493945804d039ac918006465400f6418ee Gitweb: https://git.kernel.org/tip/4cecb5493945804d039ac918006465400f6418ee Author: Rick Edgecombe AuthorDate: Sat, 18 Mar 2023 17:15:04 -07:00 Committer: Dave Hansen CommitterDate: Mon, 20 Mar 2023 09:01:08 -07:00 x86/mm: Remove _PAGE_DIRTY from kernel RO pages New processors that support Shadow Stack regard Write=0,Dirty=1 PTEs as shadow stack pages. In normal cases, it can be helpful to create Write=1 PTEs as also Dirty=1 if HW dirty tracking is not needed, because if the Dirty bit is not already set the CPU has to set Dirty=1 when the memory gets written to. This creates additional work for the CPU. So traditional wisdom was to simply set the Dirty bit whenever you didn't care about it. However, it was never really very helpful for read-only kernel memory. When CR4.CET=1 and IA32_S_CET.SH_STK_EN=1, some instructions can write to such supervisor memory. The kernel does not set IA32_S_CET.SH_STK_EN, so avoiding kernel Write=0,Dirty=1 memory is not strictly needed for any functional reason. But having Write=0,Dirty=1 kernel memory doesn't have any functional benefit either, so to reduce ambiguity between shadow stack and regular Write=0 pages, remove Dirty=1 from any kernel Write=0 PTEs. Co-developed-by: Yu-cheng Yu Signed-off-by: Yu-cheng Yu Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230319001535.23210-10-rick.p.edgecombe%40intel.com --- arch/x86/include/asm/pgtable_types.h | 6 +++--- arch/x86/mm/pat/set_memory.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 447d4be..0646ad0 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -192,10 +192,10 @@ enum page_cache_mode { #define _KERNPG_TABLE (__PP|__RW| 0|___A| 0|___D| 0| 0| _ENC) #define _PAGE_TABLE_NOENC (__PP|__RW|_USR|___A| 0|___D| 0| 0) #define _PAGE_TABLE (__PP|__RW|_USR|___A| 0|___D| 0| 0| _ENC) -#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX|___D| 0|___G) -#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0|___D| 0|___G) +#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX| 0| 0|___G) +#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0| 0| 0|___G) #define __PAGE_KERNEL_NOCACHE (__PP|__RW| 0|___A|__NX|___D| 0|___G| __NC) -#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX|___D| 0|___G) +#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX| 0| 0|___G) #define __PAGE_KERNEL_LARGE (__PP|__RW| 0|___A|__NX|___D|_PSE|___G) #define __PAGE_KERNEL_LARGE_EXEC (__PP|__RW| 0|___A| 0|___D|_PSE|___G) #define __PAGE_KERNEL_WP (__PP|__RW| 0|___A|__NX|___D| 0|___G| __WP) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 356758b..1b5c0dc 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -2073,12 +2073,12 @@ int set_memory_nx(unsigned long addr, int numpages) int set_memory_ro(unsigned long addr, int numpages) { - return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0); + return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW | _PAGE_DIRTY), 0); } int set_memory_rox(unsigned long addr, int numpages) { - pgprot_t clr = __pgprot(_PAGE_RW); + pgprot_t clr = __pgprot(_PAGE_RW | _PAGE_DIRTY); if (__supported_pte_mask & _PAGE_NX) clr.pgprot |= _PAGE_NX;