Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2832518imm; Fri, 20 Jul 2018 05:51:09 -0700 (PDT) X-Google-Smtp-Source: AAOMgpfj9bR/uXXCZMVW72569phZeFWNgmtkyQOQeoWMNC7LlRX+0SYbajV4qkx7FXiYOl16nWiy X-Received: by 2002:a63:d80f:: with SMTP id b15-v6mr1982971pgh.347.1532091069881; Fri, 20 Jul 2018 05:51:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532091069; cv=none; d=google.com; s=arc-20160816; b=e3cVNrCPkgtkWZfs+ZXR5tDFz+TlftxC1cRWSbMzqpw51gTixYnarFpsLkvYUI/vim bTZPk/v69pE7woHpad66KhU6f/Fgh6GwNpl8xpcpViZX0bF64YbHD1wR1w9d3FZ0xf2m WEzafafcx82KT7ycW+6O8md1khHxgbSuMDyXoCFfm6XGbLZTRGg6iiTT8cZCN/FnbsnH U5ZXTf1ZewtpyweWwYtbA24+FW4CFcAx4TQ/SzBfCxGx6jvH5ZHiZ71t/SDx/fuwg5sg vayG5Ojy07E7kjvTSYfN0spc3eq06XsF9xozNBYoSfaZIv3Xmzl62zELtQeGNsPNgmcf IAdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature:arc-authentication-results; bh=ZfBdQniUB9bdKP6xaDSKOtdMjQtgEZeyYrQxnd5Vw0U=; b=Az5bK+4dOR/YgSHq1wgDOp20G8+SwI/O0wQjeuV8lnmMEGNWIBBI73DXP3UAu7aR/h iPJ6Nl22zCZ4SEOCBxt1dHQspfzZEKYSqLZB58hXKq04kk82Uxs9B4KYHjsTE7DBQQh4 k5kgvQVvs/P8umzc1/WN2WBEZN/M2QpaqJmGG9OIaH2967fthrVG+u60DPKMAof8x4Z5 qZmqDvxjUrFTLQqDYLtZGpT+Td7srAYaN7vHt91IBZp4RWjr91IMogN0SZukbgAWHLbS 5cal+ksIP3Yf7AL7qpAapF9yp0Gxi7/Ovx3zqSX5GaYl4H8l99hPG/NNE6bcsNCchXLq BQbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=T72rB7Yz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a90-v6si485645plc.285.2018.07.20.05.50.55; Fri, 20 Jul 2018 05:51:09 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@shutemov-name.20150623.gappssmtp.com header.s=20150623 header.b=T72rB7Yz; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390116AbeGTNbH (ORCPT + 99 others); Fri, 20 Jul 2018 09:31:07 -0400 Received: from mail-pg1-f170.google.com ([209.85.215.170]:36982 "EHLO mail-pg1-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389761AbeGTNbG (ORCPT ); Fri, 20 Jul 2018 09:31:06 -0400 Received: by mail-pg1-f170.google.com with SMTP id n7-v6so6809643pgq.4 for ; Fri, 20 Jul 2018 05:43:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov-name.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=ZfBdQniUB9bdKP6xaDSKOtdMjQtgEZeyYrQxnd5Vw0U=; b=T72rB7YzA58+6ElNFB3+liZx04korcF3rBD4SgW5RYBFaccmeRMl4mlf28DC4RoIfo JMYTCWiBK9HQrbseLREC2IA/A0Qj1zNJ/sq+Rjx+O2NZoco+Wi1Pou4xJvOAIU0IqGTD VNU+muS4YhLt6kcgubwbsIFAofmaS6sxybNTf6mQSpTwumGPCb1m+7ufYrpGqN5JcEht /1GGBVsNtchaPdvPimfQW6SFbl10nsLJc4LEkUDPzOGC3LAMjQREuqcHQYXNkpmy78+0 G9zdKwxgEgF9+IFsiY1Ge+MGJA/LwIy9Yg6dC3nWHxEGlB6yNxF5QqRCJ6r1Y2iYBbQh SdBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=ZfBdQniUB9bdKP6xaDSKOtdMjQtgEZeyYrQxnd5Vw0U=; b=hELPFibxFtBUQbZWu+pg5jmvPaK1T4T4bl87GDjB7PpGtbol7QcGWSd0Zu9rbjxoi/ gUs2H0ivfihleWU4B/yWgS3JB0/9vjHk+qx2Iq5UKFuCPkFR7vFr0fGuEmhuP6Ci5cZp f+llTczZ25kcOs1G9ijc6034Mxgb3YdrQJkbE1n18TGl0Nngj6R8WRWbXrYgPcmJrIYW AEx37XJngaZMsHmGRdy1iR5kemlNT6Mr+pPzu6ucC4gNoWF/XI1rIgceDJ+tG7XAgaB4 Ru9OTOpZyuBPVfT9aykymc6TZfYsJ2M/QM5W1jkIIPdAOaPhz4nxB7QD8uH7kHU9KOQJ +IFw== X-Gm-Message-State: AOUpUlH8PR95+rE8bquTtPwFxyZeOA2hl5Twp1/87Knv1UXP2BlmEL1I Omgd2BXRTu1HP7B+Khpld/Vb4Q== X-Received: by 2002:a63:2dc1:: with SMTP id t184-v6mr1979381pgt.62.1532090580816; Fri, 20 Jul 2018 05:43:00 -0700 (PDT) Received: from kshutemo-mobl1.localdomain (fmdmzpr03-ext.fm.intel.com. [192.55.54.38]) by smtp.gmail.com with ESMTPSA id g11-v6sm2505536pfh.63.2018.07.20.05.42.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 20 Jul 2018 05:43:00 -0700 (PDT) Received: by kshutemo-mobl1.localdomain (Postfix, from userid 1000) id 9FF13300254; Fri, 20 Jul 2018 15:42:56 +0300 (+03) Date: Fri, 20 Jul 2018 15:42:56 +0300 From: "Kirill A. Shutemov" To: Dave Hansen Cc: "Kirill A. Shutemov" , Ingo Molnar , x86@kernel.org, Thomas Gleixner , "H. Peter Anvin" , Tom Lendacky , Kai Huang , Jacob Pan , linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCHv5 09/19] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify() Message-ID: <20180720124256.nvtw4mw2lcjkfrte@kshutemo-mobl1> References: <20180717112029.42378-1-kirill.shutemov@linux.intel.com> <20180717112029.42378-10-kirill.shutemov@linux.intel.com> <202c809d-8720-8dbb-51f5-1018e947a62a@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202c809d-8720-8dbb-51f5-1018e947a62a@intel.com> User-Agent: NeoMutt/20180622 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 18, 2018 at 04:30:35PM -0700, Dave Hansen wrote: > On 07/17/2018 04:20 AM, Kirill A. Shutemov wrote: > > An encrypted VMA will have KeyID stored in vma->vm_page_prot. This way > > we don't need to do anything special to setup encrypted page table > > entries > > We don't do anything special for protection keys, either. They just > work too. > > > diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h > > index 99fff853c944..3731f7e08757 100644 > > --- a/arch/x86/include/asm/pgtable_types.h > > +++ b/arch/x86/include/asm/pgtable_types.h > > @@ -120,8 +120,21 @@ > > * protection key is treated like _PAGE_RW, for > > * instance, and is *not* included in this mask since > > * pte_modify() does modify it. > > + * > > + * They include the physical address and the memory encryption keyID. > > + * The paddr and the keyID never occupy the same bits at the same time. > > + * But, a given bit might be used for the keyID on one system and used for > > + * the physical address on another. As an optimization, we manage them in > > + * one unit here since their combination always occupies the same hardware > > + * bits. PTE_PFN_MASK_MAX stores combined mask. > > + * > > + * Cast PAGE_MASK to a signed type so that it is sign-extended if > > + * virtual addresses are 32-bits but physical addresses are larger > > + * (ie, 32-bit PAE). > > */ > > Could you please make the comment block consistent? You're a lot wider > than the comment above. Okay. > > -#define _PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \ > > +#define PTE_PFN_MASK_MAX \ > > + (((signed long)PAGE_MASK) & ((1ULL << __PHYSICAL_MASK_SHIFT) - 1)) > > +#define _PAGE_CHG_MASK (PTE_PFN_MASK_MAX | _PAGE_PCD | _PAGE_PWT | \ > > _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY | \ > > _PAGE_SOFT_DIRTY) > > Man, I'm not a fan of this. This saves us from consuming 6 VM_HIGH bits > (which we are not short on). But, at the cost of complexity. 15, not 6. We have up-to 15 KeyID bits architecturally. We can just have a separate field in vm_area_struct if we must. But vm_page_prot work fine so far. I don't see a big reasone to change them. > Protection keys eat up PTE space and have an interface called > pkey_mprotect(). MKTME KeyIDs take up PTE space and will probably have > an interface called something_mprotect(). Yet, the implementations are > going to be _very_ different with pkeys being excluded from > _PAGE_CHG_MASK and KeyIDs being included. > > I think you're saved here because we don't _actually_ do pte_modify() on > an existing PTE: we blow the old one away upon encrypted_mprotect() and > replace the PTE with a new one. > > But, this is incompatible with any case where we want to change the > KeyID and keep the old PTE target. With AES-XTS, I guess this is a safe > assumption, but it's worrying. > > Are there scenarios where we want to keep PTE contents, but change the > KeyID? I don't see such scenario. If for some reason we would need to map the same memory with different KeyID it can be done from scratch. Without modifing existing mapping. -- Kirill A. Shutemov