Received: by 10.213.65.68 with SMTP id h4csp581583imn; Fri, 23 Mar 2018 10:52:22 -0700 (PDT) X-Google-Smtp-Source: AG47ELue5lIKA/gVT2hXjJuHMIhJcgr8wkBYQ2637ERJBS7PCS7wTKE54pGg8wOT4AvcbtzwMfLh X-Received: by 10.98.237.2 with SMTP id u2mr5441244pfh.80.1521827542586; Fri, 23 Mar 2018 10:52:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521827542; cv=none; d=google.com; s=arc-20160816; b=Yuhh6NbAoYlzynQ8NaQprdLZzZ/YadlJCwsKDkqCoFFWh60Re5TmN8cEa1xYkkKSVq /5Gam+UBHLMMiuSjS+OJ92oD/W60thGbVsO5u7bSM8/iZI+SPRTVTxRpyN4VXAwqujh6 X3qmjZp+3Bu4W6iXp22EaHpp4MWzFpmVAZHf0L9c/n3i+usSaB/pzf3Cgxo1+7J8vLcM yQ9ASkQdrvci51VGXKPcV1/t+6tzx1HOCSu32DIPeYmlMGlIiGyIBgCd5ub5JotLMgLN Ho3ZQRrTMwG4qdw2IO1X41WIv4jZos83zssLzBVOjK2eVujT+yTnuRKU/KqxzNx2J10O yJRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:in-reply-to:references:date :from:cc:to:subject:arc-authentication-results; bh=LeNIijpNTizJ4p3/TUjFOomWUvF/eVUci4SKDNc1S6w=; b=mpDmaa4q4U7r+MXRpHODYAzbm57ONhx37krKh1USYg0X/nDdM3kM/5eHnyM7bysFBk oslgWGXjfoi+RPfJO51SOpCaoLaTNDQkF8yr/xOsNPfZwT4AR96LNHRSejKqu7pduBTN TMCrHVQ+0y6WiSaEoFEr+nMpW6HDtGRdXV/urItLQrgK8bCTQtPQcV5oyUjxCEX25zNl 9ry2tzO1PGiPxtuhz0eLW41AgGK0a7wuMUpH6Kv6um8j8Nc+Ja49RmdItTKjqxgnoNyI +nULM0ZLZHe7+5Jh+4kw7jM7KpkZordCVqZOpzSwUSZyLVgsj7WyTRsotTkbIRimPToo WArw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1-v6si2001370plx.463.2018.03.23.10.52.08; Fri, 23 Mar 2018 10:52:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752257AbeCWRqw (ORCPT + 99 others); Fri, 23 Mar 2018 13:46:52 -0400 Received: from mga03.intel.com ([134.134.136.65]:4868 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752053AbeCWRqu (ORCPT ); Fri, 23 Mar 2018 13:46:50 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga103.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 23 Mar 2018 10:46:50 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,351,1517904000"; d="scan'208";a="44763499" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.39.119]) by orsmga002.jf.intel.com with ESMTP; 23 Mar 2018 10:46:50 -0700 Subject: [PATCH 01/11] x86/mm: factor out pageattr _PAGE_GLOBAL setting To: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org, Dave Hansen , aarcange@redhat.com, luto@kernel.org, torvalds@linux-foundation.org, keescook@google.com, hughd@google.com, jgross@suse.com, x86@kernel.org, namit@vmware.com From: Dave Hansen Date: Fri, 23 Mar 2018 10:44:49 -0700 References: <20180323174447.55F35636@viggo.jf.intel.com> In-Reply-To: <20180323174447.55F35636@viggo.jf.intel.com> Message-Id: <20180323174449.2C319A44@viggo.jf.intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Hansen The pageattr code has a pattern repeated where it sets _PAGE_GLOBAL for present PTEs but clears it for non-present PTEs. The intention is to keep _PAGE_GLOBAL from getting confused with _PAGE_PROTNONE since _PAGE_GLOBAL is for present PTEs and _PAGE_PROTNONE is for non-present But, this pattern makes no sense. Effectively, it says, if you use the pageattr code, always set _PAGE_GLOBAL when _PAGE_PRESENT. canon_pgprot() will clear it if unsupported, but we *always* set it. This gets confusing when we have PTI and non-PTI and we want some areas to have _PAGE_GLOBAL and some not. This updated version of the code says: 1. Clear _PAGE_GLOBAL when !_PAGE_PRESENT 2. Never set _PAGE_GLOBAL implicitly 3. Allow _PAGE_GLOBAL to be in cpa.set_mask 4. Allow _PAGE_GLOBAL to be inherited from previous PTE Aside: _PAGE_GLOBAL is ignored when CR4.PGE=1, so why do we even go to the trouble of filtering it anywhere? Signed-off-by: Dave Hansen Cc: Andrea Arcangeli Cc: Andy Lutomirski Cc: Linus Torvalds Cc: Kees Cook Cc: Hugh Dickins Cc: Juergen Gross Cc: x86@kernel.org Cc: Nadav Amit --- b/arch/x86/mm/pageattr.c | 68 ++++++++++++++++------------------------------- 1 file changed, 24 insertions(+), 44 deletions(-) diff -puN arch/x86/mm/pageattr.c~kpti-centralize-global-setting arch/x86/mm/pageattr.c --- a/arch/x86/mm/pageattr.c~kpti-centralize-global-setting 2018-03-21 16:31:56.262192322 -0700 +++ b/arch/x86/mm/pageattr.c 2018-03-21 16:31:56.266192322 -0700 @@ -512,6 +512,23 @@ static void __set_pmd_pte(pte_t *kpte, u #endif } +static pgprot_t pgprot_clear_protnone_bits(pgprot_t prot) +{ + /* + * _PAGE_GLOBAL means "global page" for present PTEs. + * But, it is also used to indicate _PAGE_PROTNONE + * for non-present PTEs. + * + * This ensures that a _PAGE_GLOBAL PTE going from + * present to non-present is not confused as + * _PAGE_PROTNONE. + */ + if (!(pgprot_val(prot) & _PAGE_PRESENT)) + pgprot_val(prot) &= ~_PAGE_GLOBAL; + + return prot; +} + static int try_preserve_large_page(pte_t *kpte, unsigned long address, struct cpa_data *cpa) @@ -577,18 +594,11 @@ try_preserve_large_page(pte_t *kpte, uns * different bit positions in the two formats. */ req_prot = pgprot_4k_2_large(req_prot); - - /* - * Set the PSE and GLOBAL flags only if the PRESENT flag is - * set otherwise pmd_present/pmd_huge will return true even on - * a non present pmd. The canon_pgprot will clear _PAGE_GLOBAL - * for the ancient hardware that doesn't support it. - */ - if (pgprot_val(req_prot) & _PAGE_PRESENT) - pgprot_val(req_prot) |= _PAGE_PSE | _PAGE_GLOBAL; + req_prot = pgprot_clear_protnone_bits(req_prot); + if (pgprot_val(req_prot) & _PAGE_PRESENT) + pgprot_val(req_prot) |= _PAGE_PSE; else - pgprot_val(req_prot) &= ~(_PAGE_PSE | _PAGE_GLOBAL); - + pgprot_val(req_prot) &= ~_PAGE_PSE; req_prot = canon_pgprot(req_prot); /* @@ -698,16 +708,7 @@ __split_large_page(struct cpa_data *cpa, return 1; } - /* - * Set the GLOBAL flags only if the PRESENT flag is set - * otherwise pmd/pte_present will return true even on a non - * present pmd/pte. The canon_pgprot will clear _PAGE_GLOBAL - * for the ancient hardware that doesn't support it. - */ - if (pgprot_val(ref_prot) & _PAGE_PRESENT) - pgprot_val(ref_prot) |= _PAGE_GLOBAL; - else - pgprot_val(ref_prot) &= ~_PAGE_GLOBAL; + ref_prot = pgprot_clear_protnone_bits(ref_prot); /* * Get the target pfn from the original entry: @@ -930,18 +931,7 @@ static void populate_pte(struct cpa_data pte = pte_offset_kernel(pmd, start); - /* - * Set the GLOBAL flags only if the PRESENT flag is - * set otherwise pte_present will return true even on - * a non present pte. The canon_pgprot will clear - * _PAGE_GLOBAL for the ancient hardware that doesn't - * support it. - */ - if (pgprot_val(pgprot) & _PAGE_PRESENT) - pgprot_val(pgprot) |= _PAGE_GLOBAL; - else - pgprot_val(pgprot) &= ~_PAGE_GLOBAL; - + pgprot = pgprot_clear_protnone_bits(pgprot); pgprot = canon_pgprot(pgprot); while (num_pages-- && start < end) { @@ -1234,17 +1224,7 @@ repeat: new_prot = static_protections(new_prot, address, pfn); - /* - * Set the GLOBAL flags only if the PRESENT flag is - * set otherwise pte_present will return true even on - * a non present pte. The canon_pgprot will clear - * _PAGE_GLOBAL for the ancient hardware that doesn't - * support it. - */ - if (pgprot_val(new_prot) & _PAGE_PRESENT) - pgprot_val(new_prot) |= _PAGE_GLOBAL; - else - pgprot_val(new_prot) &= ~_PAGE_GLOBAL; + new_prot = pgprot_clear_protnone_bits(new_prot); /* * We need to keep the pfn from the existing PTE, _