Received: by 2002:a05:6a10:af89:0:0:0:0 with SMTP id iu9csp539522pxb; Fri, 28 Jan 2022 04:57:55 -0800 (PST) X-Google-Smtp-Source: ABdhPJwbnQl4po8i+WW2KaygMCdod70HTRwUUCDK6dRD1d7+NlYwGd5DXrXbo07PmO2Pr4Frn1Gq X-Received: by 2002:a17:907:86a2:: with SMTP id qa34mr6865802ejc.674.1643374674756; Fri, 28 Jan 2022 04:57:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643374674; cv=none; d=google.com; s=arc-20160816; b=M+aYCmNOOH9ml4AgEREqDi8UUeBDOhSGXyuvV8PW3rLS+2LTPOJjIs4Cf0eDK0Yw/f 09rJ86GpUA+9uepnZU+jKIcE+63TqQnTklMIR15ghACRuMqZiW/2Ks7Vwv5HDE+DtEDS MFuiSfHHT6z+/0YJPcvrPuZUv76CINRpJFnc3qlpw0IVMXXlws7NEVZBDjgNEcCYPmij iVBSHa79dzaibACg3zn5o5tv/Dp5gKdkOaCz+JLSytL66gR2p9VwtGESmS6hRg5qcWXT rNMVcq6yQj5GiwKX5s0UAXsXI0KqJJyBNH4f/9CKk3dSHIEsjDlqO+xz+a3/MwDuQ7/K uhIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=zn+6w00ashspsTv975boapDVLZMzuOYaXON7QDOBZZs=; b=OZdj3/MTjWiZn4IJyLKDRQYNlusf+yHyMBsD70coEOYPIcssreSLpvq/or51pTDV8G klKvrZcpk+Lejf0V8rRAOssppDcEq/FxceRsWfcLXwIbMcl73+pQNxUQvREeNHie5VzC Ub6f5WgqkKObgpplaHCw6aowEVkzwYRVs8M+irKQPO4matAMEDY92/ybpVEskmHe8qjg UH6F8vkLVwHAOyxf8GR1V4zlMpxzKUbDhQCxBrJZMvy2CPvITllDqaTNojhvNqNbZrCx U6o9f1HEoo/H4fv/DyhRF2cLY6T4WJuS30rGZpjN4Lw8ncb7E9kJQZEYaBBkjkrqNV0X YokQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=YnQy4Vez; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j13si3011048edj.500.2022.01.28.04.57.29; Fri, 28 Jan 2022 04:57:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=YnQy4Vez; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245219AbiA0R4c (ORCPT + 99 others); Thu, 27 Jan 2022 12:56:32 -0500 Received: from mga02.intel.com ([134.134.136.20]:19413 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244818AbiA0Rzc (ORCPT ); Thu, 27 Jan 2022 12:55:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1643306132; x=1674842132; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=C3DkGtAeq/fvKF1BtRuemGQclgEwuaGMDhc79ROPFiw=; b=YnQy4VezkywlEXKiqqt/KARNW4vm4HM5YywPKjLLOaR7K6kxI90bck2M 2Zz+fjhg+zSUjJjfnwBbNl0SfKGDqU0h90pxaY0340MheRNGjnZJWABbO 9rHDEIFDaS9+CoWjw54lgiOn+FFjQMdGPe4ldKclRS753r7ehCtyVswLu +zHoPIOe3vmfDdIsE3kZtKdobhry1fsXsTxlbdIss/7M2g5EqvvvxBdsE hyaPe3AGg7YKzGhOfENH9JfIw0U2G7YPqCs34JZ333VzMrVo6kRGWvg5D f2/o4lRu4LcqLumKV73wwLUkGIDADMWSIAL0CTa238HhGV4KM1dSGFJaS A==; X-IronPort-AV: E=McAfee;i="6200,9189,10239"; a="234302444" X-IronPort-AV: E=Sophos;i="5.88,321,1635231600"; d="scan'208";a="234302444" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jan 2022 09:55:12 -0800 X-IronPort-AV: E=Sophos;i="5.88,321,1635231600"; d="scan'208";a="674796152" Received: from iweiny-desk2.sc.intel.com (HELO localhost) ([10.3.52.147]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jan 2022 09:55:11 -0800 From: ira.weiny@intel.com To: Dave Hansen , "H. Peter Anvin" , Dan Williams Cc: Ira Weiny , Fenghua Yu , Rick Edgecombe , linux-kernel@vger.kernel.org Subject: [PATCH V8 28/44] mm/pkeys: Introduce pks_update_exception() Date: Thu, 27 Jan 2022 09:54:49 -0800 Message-Id: <20220127175505.851391-29-ira.weiny@intel.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20220127175505.851391-1-ira.weiny@intel.com> References: <20220127175505.851391-1-ira.weiny@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ira Weiny Some PKS use cases will want to catch permissions violations and optionally allow them. pks_update_protection() updates the protection of the current running context. It will _not_ work to change the protections of a thread which has been interrupted. Therefore updating a thread from within an exception is not possible with pks_update_protection(). Introduce pks_update_exception() to update the faulted threads protections in addition to the current context. A PKS fault callback can then be used to adjust the permissions of the faulted thread as necessary. Add documentation Signed-off-by: Ira Weiny --- Changes for V8 Remove the concept of abandoning a pkey in favor of using the custom fault handler via this new pks_update_exception() call Without an abandon call there is no need for an abandon mask on sched in, new thread creation, or within exceptions... This now lets all invalid access' fault Ensure that all entry points into the pks has feature checks... Place abandon fault check before the test callback to ensure testing does not detect the double fault of the abandon code and flag it incorrectly as a fault. Change return type of pks_handle_abandoned_pkeys() to bool --- Documentation/core-api/protection-keys.rst | 3 ++ arch/x86/mm/pkeys.c | 49 +++++++++++++++++++--- include/linux/pkeys.h | 5 +++ 3 files changed, 51 insertions(+), 6 deletions(-) diff --git a/Documentation/core-api/protection-keys.rst b/Documentation/core-api/protection-keys.rst index 115afc67153f..b89308bf117e 100644 --- a/Documentation/core-api/protection-keys.rst +++ b/Documentation/core-api/protection-keys.rst @@ -147,6 +147,9 @@ Changing permissions of individual keys .. kernel-doc:: include/linux/pks-keys.h :identifiers: pks_mk_readwrite pks_mk_noaccess +.. kernel-doc:: arch/x86/mm/pkeys.c + :identifiers: pks_update_exception + MSR details ----------- diff --git a/arch/x86/mm/pkeys.c b/arch/x86/mm/pkeys.c index 1da78580d6de..6723ae42732a 100644 --- a/arch/x86/mm/pkeys.c +++ b/arch/x86/mm/pkeys.c @@ -319,6 +319,15 @@ void pks_setup(void) cr4_set_bits(X86_CR4_PKS); } +static void __pks_update_protection(int pkey, u32 protection) +{ + u32 pkrs = current->thread.pks_saved_pkrs; + + current->thread.pks_saved_pkrs = pkey_update_pkval(pkrs, pkey, + protection); + pks_write_pkrs(current->thread.pks_saved_pkrs); +} + /* * Do not call this directly, see pks_mk*(). * @@ -332,18 +341,46 @@ void pks_setup(void) */ void pks_update_protection(int pkey, u32 protection) { - u32 pkrs; - if (!cpu_feature_enabled(X86_FEATURE_PKS)) return; - pkrs = current->thread.pks_saved_pkrs; - current->thread.pks_saved_pkrs = pkey_update_pkval(pkrs, pkey, - protection); preempt_disable(); - pks_write_pkrs(current->thread.pks_saved_pkrs); + __pks_update_protection(pkey, protection); preempt_enable(); } EXPORT_SYMBOL_GPL(pks_update_protection); +/** + * pks_update_exception() - Update the protections of a faulted thread + * + * @regs: Faulting thread registers + * @pkey: pkey to update + * @protection: protection bits to use. + * + * CONTEXT: Exception + * + * pks_update_protection() updates the protection of the current running + * context. It will not work to change the protections of a thread which has + * been interrupted. If a PKS fault callback fires it may want to update the + * faulted threads protections in addition to it's own. + * + * Use pks_update_exception() to update the faulted threads protections + * in addition to the current context. + */ +void pks_update_exception(struct pt_regs *regs, int pkey, u32 protection) +{ + struct pt_regs_extended *ept_regs; + u32 old; + + if (!cpu_feature_enabled(X86_FEATURE_PKS)) + return; + + __pks_update_protection(pkey, protection); + + ept_regs = to_extended_pt_regs(regs); + old = ept_regs->aux.pks_thread_pkrs; + ept_regs->aux.pks_thread_pkrs = pkey_update_pkval(old, pkey, protection); +} +EXPORT_SYMBOL_GPL(pks_update_exception); + #endif /* CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */ diff --git a/include/linux/pkeys.h b/include/linux/pkeys.h index 5f4965f5449b..c318d97f5da8 100644 --- a/include/linux/pkeys.h +++ b/include/linux/pkeys.h @@ -56,6 +56,7 @@ static inline bool arch_pkeys_enabled(void) #include void pks_update_protection(int pkey, u32 protection); +void pks_update_exception(struct pt_regs *regs, int pkey, u32 protection); /** * pks_mk_noaccess() - Disable all access to the domain @@ -85,6 +86,10 @@ static inline void pks_mk_readwrite(int pkey) static inline void pks_mk_noaccess(int pkey) {} static inline void pks_mk_readwrite(int pkey) {} +static inline void pks_update_exception(struct pt_regs *regs, + int pkey, + u32 protection) +{ } #endif /* CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */ -- 2.31.1