Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp538292pxb; Fri, 28 Jan 2022 04:56:04 -0800 (PST) X-Google-Smtp-Source: ABdhPJx8CajSry7TJFqPCNxJNm5L12ewOAoxnYv8+DJ0V0zEogEjRuX3JSABxSvjAcCOFdOjdVWv X-Received: by 2002:a17:907:97d0:: with SMTP id js16mr6629688ejc.67.1643374564476; Fri, 28 Jan 2022 04:56:04 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643374564; cv=none; d=google.com; s=arc-20160816; b=GBfjL06SG2DMoylmVWC1OCaxS4KC01O2wL9EyL6y9iIOF/1AJeBb7hBOdkv1wwjPYg NSoCTb9bqHf3OPxo6eNRFbRo9W2sYOxg2YII3Mf7skScooevdNYRWaD44Co22PSWpVuu u+bUwPw60pgOW2xxCyi7NjXPLAOWRwacR75CWRpUo67KTH0WLhnwQTDoRPto5rVBLR8v PFLdtrwEgpZ6HBoXJ957WmRq61UmrdAmIUgWQAh9F6RHG0lzKAJN+9KqGGWubY1N3PgW SVv8QvHFcCG+AS/iXmDGifeGi/q6xEYGuDzQBvRc8Ur0+GNRqTysj+jk7gPRkjuy83Qu N9dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=pCj15WkmC7Lr7phXfdPQ+O5QezN1C6Sbe9Q9blYxs1g=; b=sP5K0Cf+g+6Z1YEpjtBfn3BO2BmCepBx9AZgsh72MdmHQ2srX58oVDAr4HtDZuaWFz o4cdmvrIlTuo67cLvxH6cgy0IyKtyvO7+va4XiNljOJhioKd7sAEsld+rJaJ+OJS1hFZ tVSEAp1U0LvGAzauUY2ftBYJRGjadUQ/qYN15sJDjh1qh0uPxJeparuE/jWPCj03UauX 8nW3ISGlMZh81mrUzMaAL4Sxhd6rL+gGZrSEpEMU7Z0oE9+NuuIEJCTTFb1IQIF0HjOB mrbe9lQi2iIQhKmDxyYREPSfrLcKctqemvaUaj73KkUBXR0D6dnOCvfqSEuu5XBPPrvg d4CA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=oCIhi6yv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id qb37si3306027ejc.904.2022.01.28.04.55.38; Fri, 28 Jan 2022 04:56:04 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=oCIhi6yv; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245106AbiA0R4J (ORCPT + 99 others); Thu, 27 Jan 2022 12:56:09 -0500 Received: from mga12.intel.com ([192.55.52.136]:65462 "EHLO mga12.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244837AbiA0RzZ (ORCPT ); Thu, 27 Jan 2022 12:55:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1643306125; x=1674842125; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=f7V0dsd3Osql3GdcBex4B2w6PKjtIBuODoy6hMsgF5w=; b=oCIhi6yvjPKAH4nKuoToAGc81tPhmbfZ/UarkmVQLxGstW7ItcXMtvHC Rd3YMz2HH5HIN/hrxGKChrU+K/1DtawOw3ueV3SEQUcuOCoHA7uxQQAVA qCNJS4BdSPAguR0byO1u+otBfsVHB2sBn3QTHix5zO+giiZW8H5wtcauV ij2HObThwTNVOMtZdSrg+sn5XB9VPc2NYijhjUViK1BhT7v8GUJo/x8ZW BhOjc5MirFBYVeHCB2tClijTgkE/1b7xCFQnJ4NQ6shLCcO/5//t0Gef9 rw31NsBrphzQ/+tVfqy69EvDpYwk/FO69LB3mRFl4niXnDpxwEOtW+Qzr Q==; X-IronPort-AV: E=McAfee;i="6200,9189,10239"; a="226899124" X-IronPort-AV: E=Sophos;i="5.88,321,1635231600"; d="scan'208";a="226899124" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jan 2022 09:55:08 -0800 X-IronPort-AV: E=Sophos;i="5.88,321,1635231600"; d="scan'208";a="674796073" Received: from iweiny-desk2.sc.intel.com (HELO localhost) ([10.3.52.147]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jan 2022 09:55:08 -0800 From: ira.weiny@intel.com To: Dave Hansen , "H. Peter Anvin" , Dan Williams Cc: Ira Weiny , Fenghua Yu , Rick Edgecombe , linux-kernel@vger.kernel.org Subject: [PATCH V8 09/44] x86/pkeys: Enable PKS on cpus which support it Date: Thu, 27 Jan 2022 09:54:30 -0800 Message-Id: <20220127175505.851391-10-ira.weiny@intel.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220127175505.851391-1-ira.weiny@intel.com> References: <20220127175505.851391-1-ira.weiny@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ira Weiny Protection Keys for Supervisor pages (PKS) enables fast, hardware thread specific, manipulation of permission restrictions on supervisor page mappings. It uses the same mechanism of Protection Keys as those on User mappings but applies that mechanism to supervisor mappings using a supervisor specific MSR. Bit 24 of CR4 is used to enable the feature by software. Define pks_setup() to be called when PKS is configured. Initially, pks_setup() initializes the per-cpu MSR with 0 to enable all access on all pkeys. asm/pks.h is added as a new file to store new internal functions and structures such as pks_setup(). Co-developed-by: Fenghua Yu Signed-off-by: Fenghua Yu Signed-off-by: Ira Weiny --- Changes for V8 Move setup_pks() into this patch with a default of all access for all pkeys. From Thomas s/setup_pks/pks_setup/ Update Change log to better reflect exactly what this patch does. --- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/pks.h | 15 +++++++++++++++ arch/x86/include/uapi/asm/processor-flags.h | 2 ++ arch/x86/kernel/cpu/common.c | 2 ++ arch/x86/mm/pkeys.c | 16 ++++++++++++++++ 5 files changed, 36 insertions(+) create mode 100644 arch/x86/include/asm/pks.h diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h index 3faf0f97edb1..fca56ca646a0 100644 --- a/arch/x86/include/asm/msr-index.h +++ b/arch/x86/include/asm/msr-index.h @@ -786,6 +786,7 @@ #define MSR_IA32_TSC_DEADLINE 0x000006E0 +#define MSR_IA32_PKRS 0x000006E1 #define MSR_TSX_FORCE_ABORT 0x0000010F diff --git a/arch/x86/include/asm/pks.h b/arch/x86/include/asm/pks.h new file mode 100644 index 000000000000..8180fc59790b --- /dev/null +++ b/arch/x86/include/asm/pks.h @@ -0,0 +1,15 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _ASM_X86_PKS_H +#define _ASM_X86_PKS_H + +#ifdef CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS + +void pks_setup(void); + +#else /* !CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */ + +static inline void pks_setup(void) { } + +#endif /* CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */ + +#endif /* _ASM_X86_PKS_H */ diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include/uapi/asm/processor-flags.h index bcba3c643e63..191c574b2390 100644 --- a/arch/x86/include/uapi/asm/processor-flags.h +++ b/arch/x86/include/uapi/asm/processor-flags.h @@ -130,6 +130,8 @@ #define X86_CR4_SMAP _BITUL(X86_CR4_SMAP_BIT) #define X86_CR4_PKE_BIT 22 /* enable Protection Keys support */ #define X86_CR4_PKE _BITUL(X86_CR4_PKE_BIT) +#define X86_CR4_PKS_BIT 24 /* enable Protection Keys for Supervisor */ +#define X86_CR4_PKS _BITUL(X86_CR4_PKS_BIT) /* * x86-64 Task Priority Register, CR8 diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 7b8382c11788..83c1abce7d93 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -59,6 +59,7 @@ #include #include #include +#include #include "cpu.h" @@ -1632,6 +1633,7 @@ static void identify_cpu(struct cpuinfo_x86 *c) x86_init_rdrand(c); setup_pku(c); + pks_setup(); /* * Clear/Set all flags overridden by options, need do it diff --git a/arch/x86/mm/pkeys.c b/arch/x86/mm/pkeys.c index cf12d8bf122b..02629219e683 100644 --- a/arch/x86/mm/pkeys.c +++ b/arch/x86/mm/pkeys.c @@ -206,3 +206,19 @@ u32 pkey_update_pkval(u32 pkval, int pkey, u32 accessbits) pkval &= ~(PKEY_ACCESS_MASK << shift); return pkval | accessbits << shift; } + +#ifdef CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS + +/* + * PKS is independent of PKU and either or both may be supported on a CPU. + */ +void pks_setup(void) +{ + if (!cpu_feature_enabled(X86_FEATURE_PKS)) + return; + + wrmsrl(MSR_IA32_PKRS, 0); + cr4_set_bits(X86_CR4_PKS); +} + +#endif /* CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */ -- 2.31.1