Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1543810ybh; Tue, 14 Jul 2020 00:07:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzaLDvOYgsWefk9wFSWPRbULTlstStgBLeGzEqEUx9r0xVctq+Q1lVU5+n+bgTEglCSV5yG X-Received: by 2002:aa7:df16:: with SMTP id c22mr2961947edy.388.1594710466970; Tue, 14 Jul 2020 00:07:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594710466; cv=none; d=google.com; s=arc-20160816; b=ZoVwrdLWY/J53PUDifPaHM9Me/MXFyj52rS2ty3zsWC+tbDdBsySkv8Qz1FE/IeQRF LfPrlUWiH1XIiOihzeDn4AHS08WViHgAS19tlBQyIu8rJ8liiLDOWUf0opio2WZMUTkq ETKbORH3W7X1mrHvN8xju4IegDrs87eRU9DCR4m6IkSc0DVTd4Lx/kluBGfHwA/yzBds fM+42z+xrjM6ZfXiZ4L3oOVKSV1F8x978HzHxyE/n91HnxTgIU0p/Qlbmlmyvw2IQyt1 3j9ugfJLyjPuKtY6KVoqOq9/Qv5DBQ6A0ZegjBrdY/UqSgLfI2rFB2T0Q/VxbAc8UzaG RTYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :ironport-sdr:ironport-sdr; bh=3XZWThh1BT4wrqU2+XDaLcQwoJ46K9wDa44ocCagxT8=; b=ExlnUVjdYtVa/qq7gAyFO6t5uFBZJDZnsJ2o0TGY++HH8JoQBhLVXzujy/tzxPLxp1 jQbHInR+D05UNyalbWgOUWyh87N2Xnb+B7gGcqGop02lIOYzpPZz1ipPneRRzp/VjUJb oSdZJR+aY6C+Uyg1d6WNUk5q83MdNpywMQVVofDFohRmhOxMsho2Rd1R8/utmnbT6sev bjiWwG3MYKB0LstHUzIPxBMLbmLJ69hgARPRLV8rxJmNa24P9rSEU9evQ4zbwjKOgByV /0MkTAJyK4nV2CUyFBF97vUsp0SFM8pJ07DBtnjZzmTa+5BteQHq5gn3PuFmbT1CmHCC pn1w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u16si4377269eje.469.2020.07.14.00.07.24; Tue, 14 Jul 2020 00:07:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727775AbgGNHEy (ORCPT + 99 others); Tue, 14 Jul 2020 03:04:54 -0400 Received: from mga02.intel.com ([134.134.136.20]:7568 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726964AbgGNHEX (ORCPT ); Tue, 14 Jul 2020 03:04:23 -0400 IronPort-SDR: g8izOY92QYbvCb/YVWxnMmgkQ1KonhvoN4mEpeapEZGPRPlN8eTnCQEzzCiGodv4Z2S0UY59Mx c+X4MlOOq2sQ== X-IronPort-AV: E=McAfee;i="6000,8403,9681"; a="136970732" X-IronPort-AV: E=Sophos;i="5.75,350,1589266800"; d="scan'208";a="136970732" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2020 00:04:22 -0700 IronPort-SDR: i0LqExrBzUtJkU9eqNM0y424kEtZ8Ql24Gg0EKNp03C+/z+emnIMY4v+O6oNf5WcrrVRGG2n8D +66KNsFjR4FQ== X-IronPort-AV: E=Sophos;i="5.75,350,1589266800"; d="scan'208";a="360295775" Received: from iweiny-desk2.sc.intel.com (HELO localhost) ([10.3.52.147]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jul 2020 00:04:21 -0700 From: ira.weiny@intel.com To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Andy Lutomirski , Peter Zijlstra Cc: Ira Weiny , x86@kernel.org, Dave Hansen , Dan Williams , Vishal Verma , Andrew Morton , Fenghua Yu , linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-nvdimm@lists.01.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: [RFC PATCH 12/15] kmap: Add stray write protection for device pages Date: Tue, 14 Jul 2020 00:02:17 -0700 Message-Id: <20200714070220.3500839-13-ira.weiny@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200714070220.3500839-1-ira.weiny@intel.com> References: <20200714070220.3500839-1-ira.weiny@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ira Weiny Device managed pages may have additional protections. These protections need to be removed prior to valid use by kernel users. Check for special treatment of device managed pages in kmap and take action if needed. We use kmap as an interface for generic kernel code because under normal circumstances it would be a bug for general kernel code to not use kmap prior to accessing kernel memory. Therefore, this should allow any valid kernel users to seamlessly use these pages without issues. Signed-off-by: Ira Weiny --- include/linux/highmem.h | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/include/linux/highmem.h b/include/linux/highmem.h index d6e82e3de027..7f809d8d5a94 100644 --- a/include/linux/highmem.h +++ b/include/linux/highmem.h @@ -8,6 +8,7 @@ #include #include #include +#include #include @@ -31,6 +32,20 @@ static inline void invalidate_kernel_vmap_range(void *vaddr, int size) #include +static inline void enable_access(struct page *page) +{ + if (!page_is_access_protected(page)) + return; + dev_access_enable(); +} + +static inline void disable_access(struct page *page) +{ + if (!page_is_access_protected(page)) + return; + dev_access_disable(); +} + #ifdef CONFIG_HIGHMEM extern void *kmap_atomic_high_prot(struct page *page, pgprot_t prot); extern void kunmap_atomic_high(void *kvaddr); @@ -55,6 +70,11 @@ static inline void *kmap(struct page *page) else addr = kmap_high(page); kmap_flush_tlb((unsigned long)addr); + /* + * Even non-highmem pages may have additional access protections which + * need to be checked and potentially enabled. + */ + enable_access(page); return addr; } @@ -63,6 +83,11 @@ void kunmap_high(struct page *page); static inline void kunmap(struct page *page) { might_sleep(); + /* + * Even non-highmem pages may have additional access protections which + * need to be checked and potentially disabled. + */ + disable_access(page); if (!PageHighMem(page)) return; kunmap_high(page); @@ -85,6 +110,7 @@ static inline void *kmap_atomic_prot(struct page *page, pgprot_t prot) { preempt_disable(); pagefault_disable(); + enable_access(page); if (!PageHighMem(page)) return page_address(page); return kmap_atomic_high_prot(page, prot); @@ -137,6 +163,7 @@ static inline unsigned long totalhigh_pages(void) { return 0UL; } static inline void *kmap(struct page *page) { might_sleep(); + enable_access(page); return page_address(page); } @@ -146,6 +173,7 @@ static inline void kunmap_high(struct page *page) static inline void kunmap(struct page *page) { + disable_access(page); #ifdef ARCH_HAS_FLUSH_ON_KUNMAP kunmap_flush_on_unmap(page_address(page)); #endif @@ -155,6 +183,7 @@ static inline void *kmap_atomic(struct page *page) { preempt_disable(); pagefault_disable(); + enable_access(page); return page_address(page); } #define kmap_atomic_prot(page, prot) kmap_atomic(page) @@ -216,7 +245,8 @@ static inline void kmap_atomic_idx_pop(void) #define kunmap_atomic(addr) \ do { \ BUILD_BUG_ON(__same_type((addr), struct page *)); \ - kunmap_atomic_high(addr); \ + disable_access(kmap_to_page(addr)); \ + kunmap_atomic_high(addr); \ pagefault_enable(); \ preempt_enable(); \ } while (0) -- 2.25.1