Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp2255958ybt; Tue, 16 Jun 2020 00:52:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwL2t58yDFSGqt0BI7F/9MBf1IJcInSZPlLGt9/z0Ij9m1i18TguqnRxHTl2b3Jp0FfDdg1 X-Received: by 2002:aa7:dace:: with SMTP id x14mr1426952eds.343.1592293960784; Tue, 16 Jun 2020 00:52:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592293960; cv=none; d=google.com; s=arc-20160816; b=u3ja4Z685QY3yZR/eBGAXt++8a+c+aSfgvRFUr+cnNNZfLOz0jPhxHwUcuvxvLZqhR 7HOfP+QgPYpG03bYkuIQ94KWz4KFWYxfT2PNRkqrRXCG1nG2SCipi5jsd5hOQ8AIyv1x 09zK4B2YpQOR4W/SyAM62Z1ixbaH6y+pZWK6FS9+JRshz3NhegvB/TY/dTzhu2JNJIoM xruo7yh5N0mLwlKks1NqE6jE2yuEiycMwC4UiCCtE0ZhrQi4LNyE+F4PdXrKC1bUJ0zY lPFaYoNj5Out+NOysmUkD7tm2i1dyx4b8DQF4S2qKRuHlLboRZXb1Y6TGnQ02KuI88O+ R80w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ZajOneOdlQKQYlo8Wv9k+OekhqsO1R3/YXgaBEECIjE=; b=iInnK3CHwtnQR8g3CHAjQJ4135D4HDdiALl0Fk3Js+D2ntDLCmiE4G8O253rjNHtDQ xGNXC9pDsEGKmrgLco2aePU3MgGMM9Lo/Nd3gVxs3QxvLEjk7HgWjak2PrBf3QDvM2gO kGOq0zMaAjLOzyv94TYRMt3cshaEN9u181y6vbQnMf1JV3yw5i1BpXWRO94SNr8L0ms7 KrtikydhpKzUTQPr82YIvPAMexYH0yXesDetzaQoU69fJZHS9BeWrL5+shAFkKrp35M1 VRdNPLmHKR3+g8PjCerj3EOzKGIDF8lHunl+GNFLlI2ZVtVxiO5SY5KjYobGhQkqrL4d pZew== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=iqIaqckV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id kt1si10803591ejb.260.2020.06.16.00.52.18; Tue, 16 Jun 2020 00:52:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=iqIaqckV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727118AbgFPHuN (ORCPT + 99 others); Tue, 16 Jun 2020 03:50:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57002 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726899AbgFPHt5 (ORCPT ); Tue, 16 Jun 2020 03:49:57 -0400 Received: from mail-pl1-x643.google.com (mail-pl1-x643.google.com [IPv6:2607:f8b0:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D4296C08C5C3 for ; Tue, 16 Jun 2020 00:49:49 -0700 (PDT) Received: by mail-pl1-x643.google.com with SMTP id g12so8012584pll.10 for ; Tue, 16 Jun 2020 00:49:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZajOneOdlQKQYlo8Wv9k+OekhqsO1R3/YXgaBEECIjE=; b=iqIaqckVAQUEvZtp4+/qsmQGE37BQNoO7PPWo/5IR2umOLzuafxrc36ojsqisBA3bi 4zDJkmA8POCcTYB6xD7jmfglS/ATrJpAhXrtlCt2PRv4l86gJXFiKqXPxzD8cJrtBfyx OCYp+xbwpnhRS2dDLpCWXdlx5v5ovlS/TJnjk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZajOneOdlQKQYlo8Wv9k+OekhqsO1R3/YXgaBEECIjE=; b=DmGNr3WAGJLGCUNsz0b3lfWQTE3XUZRDp5W5dJQHQrzpoyk4uclRLHqUZ2u11hxY6b szQNA4srHq9iXymy2m/P1eCk0SpLXg79KGbgXmQU4NgrYYck/xtsdHIupySz9/QeNbI4 D2uZGLJvowym3mspaKLuRhUK/V0S/L6GdYPfyeYIeLWewf1rgr1RRjiWS8l2u9nPkG1x zYa9K7hdrP/fdyAS6ClQ/8p76VYXRiwozs/3ktSLpQxgI6G4B2fTG//VTTP+rY7LMjDQ n9Fzm/4Oklx7Cq5qH+xOrJFzS7MqYZlytDYZQ41etWpk41Gg7LbBVFZ2VayAmlCj+S80 Tuvg== X-Gm-Message-State: AOAM532UlVJqIXU/21Mc1cI37Mc1E21Zj/IjahCA+SSrq8cahnjgQHD3 fTD1JDoO+VMTN5bC74PDoLxNXA== X-Received: by 2002:a17:90a:f508:: with SMTP id cs8mr1719058pjb.16.1592293789402; Tue, 16 Jun 2020 00:49:49 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id m22sm17139899pfk.216.2020.06.16.00.49.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Jun 2020 00:49:46 -0700 (PDT) From: Kees Cook To: linux-kernel@vger.kernel.org Cc: Kees Cook , Christian Brauner , Sargun Dhillon , Tycho Andersen , Jann Horn , "zhujianwei (C)" , Dave Hansen , Matthew Wilcox , Andy Lutomirski , Will Drewry , Shuah Khan , Matt Denton , Chris Palmer , Jeffrey Vander Stoep , Aleksa Sarai , Hehuazhen , x86@kernel.org, Linux Containers , linux-security-module@vger.kernel.org, linux-api@vger.kernel.org Subject: [PATCH 6/8] x86: Provide API for local kernel TLB flushing Date: Tue, 16 Jun 2020 00:49:32 -0700 Message-Id: <20200616074934.1600036-7-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200616074934.1600036-1-keescook@chromium.org> References: <20200616074934.1600036-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The seccomp constant action bitmap filter evaluation routine depends on being able to quickly clear the PTE "accessed" bit for a temporary allocation. Provide access to the existing CPU-local kernel memory TLB flushing routines. Signed-off-by: Kees Cook --- arch/x86/include/asm/tlbflush.h | 2 ++ arch/x86/mm/tlb.c | 12 +++++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h index 8c87a2e0b660..ae853e77d6bc 100644 --- a/arch/x86/include/asm/tlbflush.h +++ b/arch/x86/include/asm/tlbflush.h @@ -228,6 +228,8 @@ extern void flush_tlb_all(void); extern void flush_tlb_mm_range(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned int stride_shift, bool freed_tables); +extern void local_flush_tlb_kernel_range(unsigned long start, + unsigned long end); extern void flush_tlb_kernel_range(unsigned long start, unsigned long end); static inline void flush_tlb_page(struct vm_area_struct *vma, unsigned long a) diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 1a3569b43aa5..ffcf2bd0ce1c 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -959,16 +959,22 @@ void flush_tlb_all(void) on_each_cpu(do_flush_tlb_all, NULL, 1); } -static void do_kernel_range_flush(void *info) +void local_flush_tlb_kernel_range(unsigned long start, unsigned long end) { - struct flush_tlb_info *f = info; unsigned long addr; /* flush range by one by one 'invlpg' */ - for (addr = f->start; addr < f->end; addr += PAGE_SIZE) + for (addr = start; addr < end; addr += PAGE_SIZE) flush_tlb_one_kernel(addr); } +static void do_kernel_range_flush(void *info) +{ + struct flush_tlb_info *f = info; + + local_flush_tlb_kernel_range(f->start, f->end); +} + void flush_tlb_kernel_range(unsigned long start, unsigned long end) { /* Balance as user space task's flush, a bit conservative */ -- 2.25.1