Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp2230172imm; Fri, 7 Sep 2018 12:54:29 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbxlIMmBvLm/48QpQ1F5BINZm+i4u0mjAMMvig3NJWwsi8l4DPFMALFclly2smmFV+VvjE3 X-Received: by 2002:a63:df4e:: with SMTP id h14-v6mr9983441pgj.300.1536350069146; Fri, 07 Sep 2018 12:54:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536350069; cv=none; d=google.com; s=arc-20160816; b=snkcYvimiPmUUQsVDV4NLudHMJKOBs2QGHXVLX6Fk1ZFBNcFNfMvv9AxluVjg+ZzNM jzOtMPSkPPO4qWNDlMOCYESxLeW+h37ypK2H8lkfukr4NIR6ORCyN2xGRKC9wtaEi9Zm KQU3ZQVS4afVLFfmD0gwhBD10mJFWUPMDsODg0YzGEN8pCacoeSrbcHS5BLIe+EF/WS7 EaOGUcFIquzdSpY5nm006ecIO34a9efyXxaqhe6hXpne8wxkZ5rOmMZD77IWzzE7gmbs XxQ54DiwP98D6+vQjzSTi6erVYrTuYAKGp50XI/PleF6qbYEfEc9bq8+36se6DYXJgkS uUgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:in-reply-to:references:date :from:cc:to:subject; bh=Y2LSkjz5vZyRqzcHDnf2s525IHHknPTxjLF7jsEHhPc=; b=uxnj4ftG5BMS9c8L3VPgf9hzuCKgRRNZoKoqpPk7Sq8EGFLbhANy6R5xrTLO9KI1s9 CJ6/ZdzSq22cPPFpuI77XjK6XtNTr9GHxi+q4EXQKh8gW3rJ0Y7z7mdHPgG8ebJ44Nuh OCYE2cfucoDZKc4R8mBPpN/jeb/F8V8tBqS0lrr1WHC86mBy2dY5s8ADQ5HeTDqwbiWI 8cspQDr9eg7PGWvMw1rFdRHvvAdk4V/Prlqp+imNzllNDryqKCUWu6iC2NouTP7loM8z CKqH7fGXsRBKv/Nrmrmsp8pZj45KUU+FHfIRb2fMXdRgLkdgQ71cmt6vN4neI8PQX864 ELZQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r7-v6si9240247pfi.147.2018.09.07.12.54.14; Fri, 07 Sep 2018 12:54:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727715AbeIHAeY (ORCPT + 99 others); Fri, 7 Sep 2018 20:34:24 -0400 Received: from mga17.intel.com ([192.55.52.151]:2913 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725987AbeIHAeY (ORCPT ); Fri, 7 Sep 2018 20:34:24 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 07 Sep 2018 12:51:57 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,343,1531810800"; d="scan'208";a="72482174" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.77.144]) by orsmga006.jf.intel.com with ESMTP; 07 Sep 2018 12:51:35 -0700 Subject: [RFC][PATCH 8/8] x86/mm: remove spurious fault pkey check To: linux-kernel@vger.kernel.org Cc: Dave Hansen , sean.j.christopherson@intel.com, peterz@infradead.org, tglx@linutronix.de, x86@kernel.org, luto@kernel.org From: Dave Hansen Date: Fri, 07 Sep 2018 12:49:04 -0700 References: <20180907194852.3C351B82@viggo.jf.intel.com> In-Reply-To: <20180907194852.3C351B82@viggo.jf.intel.com> Message-Id: <20180907194904.3333BC92@viggo.jf.intel.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dave Hansen Spurious faults only ever occur in the kernel's address space. They are also constrained specifically to faults with one of these error codes: X86_PF_WRITE | X86_PF_PROT X86_PF_INSTR | X86_PF_PROT So, it's never even possible to reach spurious_kernel_fault_check() with X86_PF_PK set. In addition, the kernel's address space never has pages with user-mode protections. Protection Keys are only enforced on pages with user-mode protection. This gives us lots of reasons to not check for protection keys in our sprurious kernel fault handling. But, let's also add some warnings to ensure that these assumptions about protection keys hold true. Signed-off-by: Dave Hansen Cc: Sean Christopherson Cc: "Peter Zijlstra (Intel)" Cc: Thomas Gleixner Cc: x86@kernel.org Cc: Andy Lutomirski --- b/arch/x86/mm/fault.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff -puN arch/x86/mm/fault.c~pkeys-fault-warnings arch/x86/mm/fault.c --- a/arch/x86/mm/fault.c~pkeys-fault-warnings 2018-09-07 12:32:23.190741335 -0700 +++ b/arch/x86/mm/fault.c 2018-09-07 12:32:23.194741335 -0700 @@ -1037,12 +1037,6 @@ static int spurious_kernel_fault_check(u if ((error_code & X86_PF_INSTR) && !pte_exec(*pte)) return 0; - /* - * Note: We do not do lazy flushing on protection key - * changes, so no spurious fault will ever set X86_PF_PK. - */ - if ((error_code & X86_PF_PK)) - return 1; return 1; } @@ -1213,6 +1207,13 @@ do_kern_addr_space_fault(struct pt_regs unsigned long address) { /* + * Protection keys exceptions only happen on user pages. We + * have no user pages in the kernel portion of the address + * space, so do not expect them here. + */ + WARN_ON_ONCE(hw_error_code & X86_PF_PK); + + /* * We can fault-in kernel-space virtual memory on-demand. The * 'reference' page table is init_mm.pgd. * _