Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753346AbdG3AwU (ORCPT ); Sat, 29 Jul 2017 20:52:20 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:54265 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752587AbdG3AwS (ORCPT ); Sat, 29 Jul 2017 20:52:18 -0400 Date: Sat, 29 Jul 2017 17:51:37 -0700 From: Ram Pai To: Thiago Jung Bauermann Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, arnd@arndb.de, corbet@lwn.net, mhocko@kernel.org, dave.hansen@intel.com, mingo@redhat.com, paulus@samba.org, aneesh.kumar@linux.vnet.ibm.com, akpm@linux-foundation.org, khandual@linux.vnet.ibm.com Subject: Re: [RFC v6 21/62] powerpc: introduce execute-only pkey Reply-To: Ram Pai References: <1500177424-13695-1-git-send-email-linuxram@us.ibm.com> <1500177424-13695-22-git-send-email-linuxram@us.ibm.com> <87shhgdx5i.fsf@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87shhgdx5i.fsf@linux.vnet.ibm.com> User-Agent: Mutt/1.5.20 (2009-12-10) X-TM-AS-GCONF: 00 x-cbid: 17073000-0056-0000-0000-000003AE91CA X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007450; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000214; SDB=6.00894824; UDB=6.00447468; IPR=6.00674991; BA=6.00005499; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016445; XFM=3.00000015; UTC=2017-07-30 00:52:16 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17073000-0057-0000-0000-000007E4B7E3 Message-Id: <20170730005137.GK5664@ram.oc3035372033.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-07-29_13:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=2 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707300013 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2966 Lines: 91 On Fri, Jul 28, 2017 at 07:17:13PM -0300, Thiago Jung Bauermann wrote: > > Ram Pai writes: > > --- a/arch/powerpc/mm/pkeys.c > > +++ b/arch/powerpc/mm/pkeys.c > > @@ -97,3 +97,60 @@ int __arch_set_user_pkey_access(struct task_struct *tsk, int pkey, > > init_iamr(pkey, new_iamr_bits); > > return 0; > > } > > + > > +static inline bool pkey_allows_readwrite(int pkey) > > +{ > > + int pkey_shift = pkeyshift(pkey); > > + > > + if (!(read_uamor() & (0x3UL << pkey_shift))) > > + return true; > > + > > + return !(read_amr() & ((AMR_RD_BIT|AMR_WR_BIT) << pkey_shift)); > > +} > > + > > +int __execute_only_pkey(struct mm_struct *mm) > > +{ > > + bool need_to_set_mm_pkey = false; > > + int execute_only_pkey = mm->context.execute_only_pkey; > > + int ret; > > + > > + /* Do we need to assign a pkey for mm's execute-only maps? */ > > + if (execute_only_pkey == -1) { > > + /* Go allocate one to use, which might fail */ > > + execute_only_pkey = mm_pkey_alloc(mm); > > + if (execute_only_pkey < 0) > > + return -1; > > + need_to_set_mm_pkey = true; > > + } > > + > > + /* > > + * We do not want to go through the relatively costly > > + * dance to set AMR if we do not need to. Check it > > + * first and assume that if the execute-only pkey is > > + * readwrite-disabled than we do not have to set it > > + * ourselves. > > + */ > > + if (!need_to_set_mm_pkey && > > + !pkey_allows_readwrite(execute_only_pkey)) ^^^^^ Here uamor and amr is read once each. > > + return execute_only_pkey; > > + > > + /* > > + * Set up AMR so that it denies access for everything > > + * other than execution. > > + */ > > + ret = __arch_set_user_pkey_access(current, execute_only_pkey, > > + (PKEY_DISABLE_ACCESS | PKEY_DISABLE_WRITE)); ^^^^^^^ here amr and iamr are written once each if the the function returns successfully. > > + /* > > + * If the AMR-set operation failed somehow, just return > > + * 0 and effectively disable execute-only support. > > + */ > > + if (ret) { > > + mm_set_pkey_free(mm, execute_only_pkey); ^^^ here only if __arch_set_user_pkey_access() fails amr and iamr and uamor will be written once each. > > + return -1; > > + } > > + > > + /* We got one, store it and use it from here on out */ > > + if (need_to_set_mm_pkey) > > + mm->context.execute_only_pkey = execute_only_pkey; > > + return execute_only_pkey; > > +} > > If you follow the code flow in __execute_only_pkey, the AMR and UAMOR > are read 3 times in total, and AMR is written twice. IAMR is read and > written twice. Since they are SPRs and access to them is slow (or isn't > it?), is it worth it to read them once in __execute_only_pkey and pass > down their values to the callees, and then write them once at the end of > the function? If my calculations are right: uamor may be read once and may be written once. amr may be read once and is written once. iamr is written once. So not that bad, i think. RP