From patchwork Fri Jun 16 19:17:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: tip-bot2 for Thomas Gleixner X-Patchwork-Id: 109327 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp1566526vqr; Fri, 16 Jun 2023 12:26:12 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ41ARIXzybWqqvkWMe4rBL/WkE6wcReqca9FhR88We+Xpx57jqoMkgUR6lTjtuu+WpzibzN X-Received: by 2002:a17:90a:ea0a:b0:24d:ef23:fe28 with SMTP id w10-20020a17090aea0a00b0024def23fe28mr1923590pjy.49.1686943572091; Fri, 16 Jun 2023 12:26:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686943572; cv=none; d=google.com; s=arc-20160816; b=vKc+LWTCgAok1ianxgDbzBLyuuwIkneEEn8wOiPtNKsYr5Yfxp8hxCSaRwLrm3KG1b kVsEmiL/afzwlm5Gb3iU6V/ZZSbfPukK9c/kNc2LHIdveSZVsJVrxIw8sGi3AEmBzuHH arjw0+JfcnwKKHrz4f9mrJhh8mXJWKZJW0r76/baNEJ9gL+h8cMlTK3Mu+NJD2Ucj4wB FNefLywXb23uOOnXkOMb1KZyhVzf6b0qDzrr+k588GLXcrX4II2MzK+YGplDGeYStqZF XvCsaf83zO2OANF0sPQo2pnkBb+2XUn/up9EfqNUKJHuUb/gfaW4B2DLIQcGrA1P12FG WzWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:robot-unsubscribe :robot-id:message-id:mime-version:cc:subject:to:reply-to:sender:from :dkim-signature:dkim-signature:date; bh=V1fBaDsUl+9k5SZLqSIJ9Oo8MPX0J+YZOQ1n9yrpp9w=; b=PnC1SFqgBuN7c3pGd+R5hNoxUyzTXBEl0VX1labWjVIS6lojfZb2P9r5Ql/tByTSo0 vn9QN5XkXzkndvaBmVSqeD/VD4t9C/Du9D6BJEnXDvedJPA80wr+TdF+zCvdh5bUpaDV pJpP1WnwwYfQ4W3mCuhyldxviBHzeQ3lFzp5hDwQ77P9XLcmBumyhwAY6ZDeHzvFal4f WFtmfRcYzUvdOJ0febiGTqn02r5HIE/0iQAHV6K9QLN5mPKt0TbAtfUn10rvPXCk2+NW 1tJ1xPbNeXiqfA1uZzmOQM81l+1KmlGniyHaYolzEiCgi11HS9dljSSGYGbEzz/MAFQ9 4LQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=OQHxCVOC; dkim=neutral (no key) header.i=@linutronix.de header.b=hHf6XJ35; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q34-20020a17090a752500b00255fb1f4a17si2198468pjk.42.2023.06.16.12.25.58; Fri, 16 Jun 2023 12:26:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=OQHxCVOC; dkim=neutral (no key) header.i=@linutronix.de header.b=hHf6XJ35; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345517AbjFPTTS (ORCPT + 99 others); Fri, 16 Jun 2023 15:19:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48122 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346009AbjFPTRL (ORCPT ); Fri, 16 Jun 2023 15:17:11 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 52B293A82; Fri, 16 Jun 2023 12:17:04 -0700 (PDT) Date: Fri, 16 Jun 2023 19:17:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1686943023; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=V1fBaDsUl+9k5SZLqSIJ9Oo8MPX0J+YZOQ1n9yrpp9w=; b=OQHxCVOCbwkplnggYIek69RjySzUt4wcAft1VpZ5KlKoYA14fpW1C/0xfrHmgAsdUnjZ/v o41V1KjALW6KqtvKRwJeQ8I6I3LPSPh11hrhusufV8P7I8tN6Al/Ks9qlXhxcL0nk76Unf QQJ7uDYaZY7eETgGen4QYZDJxzLW2Pv/5yM1SDOhAgB+ryc5oZheMoCMENhoDHfqvvukAY uLNBkKiGKPOEiWvs1knLhnLTml7Xo9ds7VMdDotii7ER4TF24h2IjRRzy54owF88QcvcVB KOJgbj5F++hl64oRoukK23kzdU8nUtzj/I4XmQ5ZEXM8D+B+KTKE+CS1oxhY5g== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1686943023; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=V1fBaDsUl+9k5SZLqSIJ9Oo8MPX0J+YZOQ1n9yrpp9w=; b=hHf6XJ35Fw4Qw7au8DwaB9D1JseMVQ0R74hRzMCgCOafHhLpQP8BldXvJcQ8XeLcgq7gG1 VM5jIgdIRs8NqJDg== From: "tip-bot2 for Rick Edgecombe" Sender: tip-bot2@linutronix.de Reply-to: linux-kernel@vger.kernel.org To: linux-tip-commits@vger.kernel.org Subject: [tip: x86/shstk] x86/mm: Remove _PAGE_DIRTY from kernel RO pages Cc: "Yu-cheng Yu" , Rick Edgecombe , Dave Hansen , "Borislav Petkov (AMD)" , Kees Cook , "Mike Rapoport (IBM)" , Pengfei Xu , John Allen , x86@kernel.org, linux-kernel@vger.kernel.org MIME-Version: 1.0 Message-ID: <168694302255.404.6530532908295082254.tip-bot2@tip-bot2> Robot-ID: Robot-Unsubscribe: Contact to get blacklisted from these emails X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1768888543265350430?= X-GMAIL-MSGID: =?utf-8?q?1768888543265350430?= The following commit has been merged into the x86/shstk branch of tip: Commit-ID: eb310c4caf713ff12237526bb94b0de229118137 Gitweb: https://git.kernel.org/tip/eb310c4caf713ff12237526bb94b0de229118137 Author: Rick Edgecombe AuthorDate: Mon, 12 Jun 2023 17:10:39 -07:00 Committer: Dave Hansen CommitterDate: Thu, 15 Jun 2023 16:31:33 -07:00 x86/mm: Remove _PAGE_DIRTY from kernel RO pages New processors that support Shadow Stack regard Write=0,Dirty=1 PTEs as shadow stack pages. In normal cases, it can be helpful to create Write=1 PTEs as also Dirty=1 if HW dirty tracking is not needed, because if the Dirty bit is not already set the CPU has to set Dirty=1 when the memory gets written to. This creates additional work for the CPU. So traditional wisdom was to simply set the Dirty bit whenever you didn't care about it. However, it was never really very helpful for read-only kernel memory. When CR4.CET=1 and IA32_S_CET.SH_STK_EN=1, some instructions can write to such supervisor memory. The kernel does not set IA32_S_CET.SH_STK_EN, so avoiding kernel Write=0,Dirty=1 memory is not strictly needed for any functional reason. But having Write=0,Dirty=1 kernel memory doesn't have any functional benefit either, so to reduce ambiguity between shadow stack and regular Write=0 pages, remove Dirty=1 from any kernel Write=0 PTEs. Co-developed-by: Yu-cheng Yu Signed-off-by: Yu-cheng Yu Signed-off-by: Rick Edgecombe Signed-off-by: Dave Hansen Reviewed-by: Borislav Petkov (AMD) Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook Link: https://lore.kernel.org/all/20230613001108.3040476-14-rick.p.edgecombe%40intel.com --- arch/x86/include/asm/pgtable_types.h | 8 +++++--- arch/x86/mm/pat/set_memory.c | 4 ++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h index 91062b4..b639b8d 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -218,10 +218,12 @@ enum page_cache_mode { #define _PAGE_TABLE_NOENC (__PP|__RW|_USR|___A| 0|___D| 0| 0) #define _PAGE_TABLE (__PP|__RW|_USR|___A| 0|___D| 0| 0| _ENC) -#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX|___D| 0|___G) -#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0|___D| 0|___G) +#define __PAGE_KERNEL_RO (__PP| 0| 0|___A|__NX| 0| 0|___G) +#define __PAGE_KERNEL_ROX (__PP| 0| 0|___A| 0| 0| 0|___G) +#define __PAGE_KERNEL (__PP|__RW| 0|___A|__NX|___D| 0|___G) +#define __PAGE_KERNEL_EXEC (__PP|__RW| 0|___A| 0|___D| 0|___G) #define __PAGE_KERNEL_NOCACHE (__PP|__RW| 0|___A|__NX|___D| 0|___G| __NC) -#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX|___D| 0|___G) +#define __PAGE_KERNEL_VVAR (__PP| 0|_USR|___A|__NX| 0| 0|___G) #define __PAGE_KERNEL_LARGE (__PP|__RW| 0|___A|__NX|___D|_PSE|___G) #define __PAGE_KERNEL_LARGE_EXEC (__PP|__RW| 0|___A| 0|___D|_PSE|___G) #define __PAGE_KERNEL_WP (__PP|__RW| 0|___A|__NX|___D| 0|___G| __WP) diff --git a/arch/x86/mm/pat/set_memory.c b/arch/x86/mm/pat/set_memory.c index 7159cf7..fc627ac 100644 --- a/arch/x86/mm/pat/set_memory.c +++ b/arch/x86/mm/pat/set_memory.c @@ -2073,12 +2073,12 @@ int set_memory_nx(unsigned long addr, int numpages) int set_memory_ro(unsigned long addr, int numpages) { - return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW), 0); + return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_RW | _PAGE_DIRTY), 0); } int set_memory_rox(unsigned long addr, int numpages) { - pgprot_t clr = __pgprot(_PAGE_RW); + pgprot_t clr = __pgprot(_PAGE_RW | _PAGE_DIRTY); if (__supported_pte_mask & _PAGE_NX) clr.pgprot |= _PAGE_NX;