Received: by 10.213.65.68 with SMTP id h4csp1074201imn; Fri, 6 Apr 2018 14:08:48 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/mPLVxmjwKBa1W/AjJycAxWLQrI/b3RFnOEMbL4hqa9NLobKvTdNMUCGLAHqesN4qLwsMY X-Received: by 2002:a17:902:aa48:: with SMTP id c8-v6mr28110738plr.361.1523048928008; Fri, 06 Apr 2018 14:08:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523048927; cv=none; d=google.com; s=arc-20160816; b=ovLj8SbGY8nWzG3LsKNaQuE72ZUkXIxoBZXui33ydC7HXWIf6uiDniBTK6+8ai2+VL E5C+3sTtKYINRxwj6wwqyaG4TdOhQPls4OXIBvgUVGpHgcs3vf10ljNjLyEd/m9ZoPB3 g2X7cnNZnrw0Aulj7T8MOn2XZRW7zK+5BXCejNyGKD9wnbEq2yc7G1yR6AD3hKrcLvQv nGGkP5iBevkHFgnq1hM9Q/rPuz9RrJ7D/k3dtM4gr2SF5g7iOc2BEaeEW600GTrvO6wk gy+tJZW57Yl4nAO6u0t2W+NxXRdSR6JarwTwMBWxaz/F/Ws7q+wVcflaJf7ndxF28+zn 9pZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:in-reply-to:references:date :from:cc:to:subject:arc-authentication-results; bh=3jWEtP/+x8LRBOkVzPVW8i/vYX/CuAjtBZImTX/5aBA=; b=M5+fg5zS80M1e8xpOKmP9RihQCqPRUy9sk8t3Cb2lYc+sNJFJFu2HueRxbJf0VXjwK 4syc//46nRBhJlFmXZrIIC9TXg5xzvml5rvTMi/g+THY6Hwv3RtJ4kL2uePyXhEC1Tq/ jC75T1kvm7sgjOfMFxGRYatFOuXrQ53OPJ6MCwmBAhPnu3/HItCeI4mSqSY0y4d6VzTd dsmAi4QO7bTmfhiiTjMjE3uL/qJPHGFpNQ6cLZeb7MIRPeJmM+6MsO4SPiFGN3/hVL0H W117r99V8e4N7Rk9b50Pb6exVbG1O2F1wyIkjAEWty2xl76FLSx3sPqW6noYvSYnrN7O M5UA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n4si8365157pfn.352.2018.04.06.14.08.06; Fri, 06 Apr 2018 14:08:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751871AbeDFU6B (ORCPT + 99 others); Fri, 6 Apr 2018 16:58:01 -0400 Received: from mga09.intel.com ([134.134.136.24]:6145 "EHLO mga09.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751447AbeDFU57 (ORCPT ); Fri, 6 Apr 2018 16:57:59 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Apr 2018 13:57:59 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.48,416,1517904000"; d="scan'208";a="189308031" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.39.119]) by orsmga004.jf.intel.com with ESMTP; 06 Apr 2018 13:57:59 -0700 Subject: [PATCH 01/11] x86/mm: factor out pageattr _PAGE_GLOBAL setting To: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org, Dave Hansen , aarcange@redhat.com, luto@kernel.org, torvalds@linux-foundation.org, keescook@google.com, hughd@google.com, jgross@suse.com, x86@kernel.org, namit@vmware.com From: Dave Hansen Date: Fri, 06 Apr 2018 13:55:02 -0700 References: <20180406205501.24A1A4E7@viggo.jf.intel.com> In-Reply-To: <20180406205501.24A1A4E7@viggo.jf.intel.com> Message-Id: <20180406205502.86E199DA@viggo.jf.intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Hansen The pageattr code has a pattern repeated where it sets _PAGE_GLOBAL for present PTEs but clears it for non-present PTEs. The intention is to keep _PAGE_GLOBAL from getting confused with _PAGE_PROTNONE since _PAGE_GLOBAL is for present PTEs and _PAGE_PROTNONE is for non-present But, this pattern makes no sense. Effectively, it says, if you use the pageattr code, always set _PAGE_GLOBAL when _PAGE_PRESENT. canon_pgprot() will clear it if unsupported (because it masks the value with __supported_pte_mask) but we *always* set it. Even if canon_pgprot() did not filter _PAGE_GLOBAL, it would be OK. _PAGE_GLOBAL is ignored when CR4.PGE=0 by the hardware. This unconditional setting of _PAGE_GLOBAL is a problem when we have PTI and non-PTI and we want some areas to have _PAGE_GLOBAL and some not. This updated version of the code says: 1. Clear _PAGE_GLOBAL when !_PAGE_PRESENT 2. Never set _PAGE_GLOBAL implicitly 3. Allow _PAGE_GLOBAL to be in cpa.set_mask 4. Allow _PAGE_GLOBAL to be inherited from previous PTE Signed-off-by: Dave Hansen Cc: Andrea Arcangeli Cc: Andy Lutomirski Cc: Linus Torvalds Cc: Kees Cook Cc: Hugh Dickins Cc: Juergen Gross Cc: x86@kernel.org Cc: Nadav Amit --- b/arch/x86/mm/pageattr.c | 66 ++++++++++++++++------------------------------- 1 file changed, 23 insertions(+), 43 deletions(-) diff -puN arch/x86/mm/pageattr.c~kpti-centralize-global-setting arch/x86/mm/pageattr.c --- a/arch/x86/mm/pageattr.c~kpti-centralize-global-setting 2018-04-06 10:47:53.651796130 -0700 +++ b/arch/x86/mm/pageattr.c 2018-04-06 10:47:53.655796130 -0700 @@ -512,6 +512,23 @@ static void __set_pmd_pte(pte_t *kpte, u #endif } +static pgprot_t pgprot_clear_protnone_bits(pgprot_t prot) +{ + /* + * _PAGE_GLOBAL means "global page" for present PTEs. + * But, it is also used to indicate _PAGE_PROTNONE + * for non-present PTEs. + * + * This ensures that a _PAGE_GLOBAL PTE going from + * present to non-present is not confused as + * _PAGE_PROTNONE. + */ + if (!(pgprot_val(prot) & _PAGE_PRESENT)) + pgprot_val(prot) &= ~_PAGE_GLOBAL; + + return prot; +} + static int try_preserve_large_page(pte_t *kpte, unsigned long address, struct cpa_data *cpa) @@ -577,18 +594,11 @@ try_preserve_large_page(pte_t *kpte, uns * different bit positions in the two formats. */ req_prot = pgprot_4k_2_large(req_prot); - - /* - * Set the PSE and GLOBAL flags only if the PRESENT flag is - * set otherwise pmd_present/pmd_huge will return true even on - * a non present pmd. The canon_pgprot will clear _PAGE_GLOBAL - * for the ancient hardware that doesn't support it. - */ + req_prot = pgprot_clear_protnone_bits(req_prot); if (pgprot_val(req_prot) & _PAGE_PRESENT) - pgprot_val(req_prot) |= _PAGE_PSE | _PAGE_GLOBAL; + pgprot_val(req_prot) |= _PAGE_PSE; else - pgprot_val(req_prot) &= ~(_PAGE_PSE | _PAGE_GLOBAL); - + pgprot_val(req_prot) &= ~_PAGE_PSE; req_prot = canon_pgprot(req_prot); /* @@ -698,16 +708,7 @@ __split_large_page(struct cpa_data *cpa, return 1; } - /* - * Set the GLOBAL flags only if the PRESENT flag is set - * otherwise pmd/pte_present will return true even on a non - * present pmd/pte. The canon_pgprot will clear _PAGE_GLOBAL - * for the ancient hardware that doesn't support it. - */ - if (pgprot_val(ref_prot) & _PAGE_PRESENT) - pgprot_val(ref_prot) |= _PAGE_GLOBAL; - else - pgprot_val(ref_prot) &= ~_PAGE_GLOBAL; + ref_prot = pgprot_clear_protnone_bits(ref_prot); /* * Get the target pfn from the original entry: @@ -930,18 +931,7 @@ static void populate_pte(struct cpa_data pte = pte_offset_kernel(pmd, start); - /* - * Set the GLOBAL flags only if the PRESENT flag is - * set otherwise pte_present will return true even on - * a non present pte. The canon_pgprot will clear - * _PAGE_GLOBAL for the ancient hardware that doesn't - * support it. - */ - if (pgprot_val(pgprot) & _PAGE_PRESENT) - pgprot_val(pgprot) |= _PAGE_GLOBAL; - else - pgprot_val(pgprot) &= ~_PAGE_GLOBAL; - + pgprot = pgprot_clear_protnone_bits(pgprot); pgprot = canon_pgprot(pgprot); while (num_pages-- && start < end) { @@ -1234,17 +1224,7 @@ repeat: new_prot = static_protections(new_prot, address, pfn); - /* - * Set the GLOBAL flags only if the PRESENT flag is - * set otherwise pte_present will return true even on - * a non present pte. The canon_pgprot will clear - * _PAGE_GLOBAL for the ancient hardware that doesn't - * support it. - */ - if (pgprot_val(new_prot) & _PAGE_PRESENT) - pgprot_val(new_prot) |= _PAGE_GLOBAL; - else - pgprot_val(new_prot) &= ~_PAGE_GLOBAL; + new_prot = pgprot_clear_protnone_bits(new_prot); /* * We need to keep the pfn from the existing PTE, _