Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp4335102pxb; Wed, 20 Apr 2022 00:28:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxb/9Z2nmTk0/H496LbEC+qE3v4Ju6sBZYbeHV9oqI455LLwJkeuK8B6EwW37sxd81QkH82 X-Received: by 2002:a63:de53:0:b0:3aa:8b0:b690 with SMTP id y19-20020a63de53000000b003aa08b0b690mr11137774pgi.580.1650439695223; Wed, 20 Apr 2022 00:28:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650439695; cv=none; d=google.com; s=arc-20160816; b=Jup7g5GCv8Ly/wsG+b3BlpP2A7xyLGVTOyMOtndjZ8tvo8ikiWZvzJcZYv7f0gQDdK hI2zaDrCT6qQFZGPCa1TAbzX28G+pWjCRe00676d88rmkJk4IdNJFiI0KEy8s3rtLnyd DruCRrfJnStWwYuY3juUbDhqca7JReRQvy0Ndp+/L+lMTmVLxjC+zTar89Xhhyos+w4B hNpRLAbmErL4cmwc+zYW49+p/XWdXQ+5c7Z5XqLAHw/76WLn96N5lE7KG4G+rfuKIRhX mr0E5DktXWnI3IaKPrAjBQlSnGLyJ4/zQsvmoxUnxmyPny3BWWGw0iQlni1xnM2pbg2V y4YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=hFaW2JqSNPsEZt3ZyfABRtRO3ezRJu1pL/IZKuSNfUo=; b=fvVQM35tEKtibI8RifgaeRn3wsN75lQxMvPodAZw7sfzMi/daXjGiMMShcDMWxp06N WqeM1GfE0x3eNJzWrFmsegAxfR0foZRKk85mtLTkGM1sk2+Yj2j3DALlzC/e4erCrESU O+Q7TdvLQ72JwP6MmSKduDfuN2jB63EPkNdPbCRSX9pYO8pppkGl+0DfWtdpPaZn2lZc tg8cGoHrW9iuZs6+KjogUZJpK5x5zAooirWLH+92y4VMFl/102pPa1FfvOamYeiZzLWF 5Zt2YUZ0eA/z40XTknM9YQMRKYXVWd92WnFlnhsbmpDhsudNFHXKyrboKBjBHncj1h/m n4hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Jmmu8xTp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u9-20020a63df09000000b003a821909e2fsi1540429pgg.716.2022.04.20.00.28.01; Wed, 20 Apr 2022 00:28:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=Jmmu8xTp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1355890AbiDSRKy (ORCPT + 99 others); Tue, 19 Apr 2022 13:10:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59840 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1355604AbiDSRJr (ORCPT ); Tue, 19 Apr 2022 13:09:47 -0400 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E2E2762C2 for ; Tue, 19 Apr 2022 10:07:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1650388022; x=1681924022; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=yN0yRbdkpZNX+e/QEdD0Iwhz8NeQzBwyhB1u8C+FbRs=; b=Jmmu8xTpkoaKgQlbIMTn/N+SAyUxEEjebGUVMl/MTjNaYnK3BsSns0gv hI/GS4kIRmx5vnlViONryVhvFblJnQ0le/qmMIbGmas51O1+kxgkoQFBk kB6M536ZqovX7NFGqueOFYJz9dhE4oK/XX1QUR0jv7YRyZT4iNyd5BQOO 9do84tEHbN3BxcRLptK0SnwIZPfbmqBNmzaGxgSNCEfvPpLRmOrb/SQpz WwbRz4GsGwrolbsnoYxTr98ujcCE/dJC2NsoDF2uC/A/xzy+tpXtLJrKu jVKb1cShtxxNF8UaSAyL4Moocf7aNtEW5mKfKeSaesrd1uoWm7Iazvy2Z g==; X-IronPort-AV: E=McAfee;i="6400,9594,10322"; a="263991825" X-IronPort-AV: E=Sophos;i="5.90,273,1643702400"; d="scan'208";a="263991825" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2022 10:07:02 -0700 X-IronPort-AV: E=Sophos;i="5.90,273,1643702400"; d="scan'208";a="861588291" Received: from ajacosta-mobl1.amr.corp.intel.com (HELO localhost) ([10.212.11.4]) by fmsmga005-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Apr 2022 10:07:02 -0700 From: ira.weiny@intel.com To: Dave Hansen , "H. Peter Anvin" , Dan Williams Cc: Ira Weiny , Fenghua Yu , Rick Edgecombe , "Shankar, Ravi V" , linux-kernel@vger.kernel.org Subject: [PATCH V10 14/44] mm/pkeys: Introduce pks_set_readwrite() Date: Tue, 19 Apr 2022 10:06:19 -0700 Message-Id: <20220419170649.1022246-15-ira.weiny@intel.com> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220419170649.1022246-1-ira.weiny@intel.com> References: <20220419170649.1022246-1-ira.weiny@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ira Weiny When kernel code needs access to a PKS protected page they will need to change the protections for the pkey to Read/Write. Define pks_set_readwrite() to update the specified pkey. Define pks_update_protection() as a helper to do the heavy lifting and allow for subsequent pks_set_*() calls. Define PKEY_READ_WRITE rather than use a magic value of '0' in pks_update_protection(). Finally, ensure preemption is disabled for pks_write_pkrs() because the context of this call can not generally be predicted. pks.h is created to avoid conflicts and header dependencies with the user space pkey code. Add documentation. Signed-off-by: Ira Weiny --- changes for v9 Move MSR documentation note to this patch move declarations to incline/linux/pks.h from rick edgecombe change pkey type to u8 validate pkey range in pks_update_protection from 0day fix documentation link from dave hansen s/pks_mk_*/pks_set_*/ use pkey s/pks_saved_pkrs/pkrs/ changes for v8 define pkey_read_write make the call inline clean up the names use pks_write_pkrs() with preemption disabled split this out from 'add pks kernel api' include documentation in this patch --- Documentation/core-api/protection-keys.rst | 15 +++++++++++ arch/x86/mm/pkeys.c | 31 ++++++++++++++++++++++ include/linux/pks.h | 31 ++++++++++++++++++++++ include/uapi/asm-generic/mman-common.h | 1 + 4 files changed, 78 insertions(+) create mode 100644 include/linux/pks.h diff --git a/Documentation/core-api/protection-keys.rst b/Documentation/core-api/protection-keys.rst index fe63acf5abbe..3af92e1cbffd 100644 --- a/Documentation/core-api/protection-keys.rst +++ b/Documentation/core-api/protection-keys.rst @@ -142,3 +142,18 @@ Adding pages to a pkey protected domain .. kernel-doc:: arch/x86/include/asm/pgtable_types.h :doc: PKS_KEY_ASSIGNMENT + +Changing permissions of individual keys +--------------------------------------- + +.. kernel-doc:: include/linux/pks.h + :identifiers: pks_set_readwrite + +MSR details +~~~~~~~~~~~ + +WRMSR is typically an architecturally serializing instruction. However, +WRMSR(MSR_IA32_PKRS) is an exception. It is not a serializing instruction and +instead maintains ordering properties similar to WRPKRU. Thus it is safe to +immediately use a mapping when the pks_set*() functions returns. Check the +latest SDM for details. diff --git a/arch/x86/mm/pkeys.c b/arch/x86/mm/pkeys.c index 39e4c2cbc279..e4cbc79686ea 100644 --- a/arch/x86/mm/pkeys.c +++ b/arch/x86/mm/pkeys.c @@ -6,6 +6,7 @@ #include /* debugfs_create_u32() */ #include /* mm_struct, vma, etc... */ #include /* PKEY_* */ +#include #include #include @@ -275,4 +276,34 @@ void pks_setup(void) cr4_set_bits(X86_CR4_PKS); } +/* + * Do not call this directly, see pks_set*(). + * + * @pkey: Key for the domain to change + * @protection: protection bits to be used + * + * Protection utilizes the same protection bits specified for User pkeys + * PKEY_DISABLE_ACCESS + * PKEY_DISABLE_WRITE + * + */ +void pks_update_protection(u8 pkey, u8 protection) +{ + u32 pkrs; + + if (!cpu_feature_enabled(X86_FEATURE_PKS)) + return; + + if (WARN_ON_ONCE(pkey >= PKS_KEY_MAX)) + return; + + pkrs = current->thread.pkrs; + current->thread.pkrs = pkey_update_pkval(pkrs, pkey, + protection); + preempt_disable(); + pks_write_pkrs(current->thread.pkrs); + preempt_enable(); +} +EXPORT_SYMBOL_GPL(pks_update_protection); + #endif /* CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */ diff --git a/include/linux/pks.h b/include/linux/pks.h new file mode 100644 index 000000000000..8b705a937b19 --- /dev/null +++ b/include/linux/pks.h @@ -0,0 +1,31 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +#ifndef _LINUX_PKS_H +#define _LINUX_PKS_H + +#ifdef CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS + +#include + +#include + +void pks_update_protection(u8 pkey, u8 protection); + +/** + * pks_set_readwrite() - Make the domain Read/Write + * @pkey: the pkey for which the access should change. + * + * Allow all access, read and write, to the domain specified by pkey. This is + * not a global update and only affects the current running thread. + */ +static inline void pks_set_readwrite(u8 pkey) +{ + pks_update_protection(pkey, PKEY_READ_WRITE); +} + +#else /* !CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */ + +static inline void pks_set_readwrite(u8 pkey) {} + +#endif /* CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */ + +#endif /* _LINUX_PKS_H */ diff --git a/include/uapi/asm-generic/mman-common.h b/include/uapi/asm-generic/mman-common.h index 6c1aa92a92e4..f179544bd33a 100644 --- a/include/uapi/asm-generic/mman-common.h +++ b/include/uapi/asm-generic/mman-common.h @@ -80,6 +80,7 @@ /* compatibility flags */ #define MAP_FILE 0 +#define PKEY_READ_WRITE 0x0 #define PKEY_DISABLE_ACCESS 0x1 #define PKEY_DISABLE_WRITE 0x2 #define PKEY_ACCESS_MASK (PKEY_DISABLE_ACCESS |\ -- 2.35.1