Received: by 2002:a05:7412:2a91:b0:fc:a2b0:25d7 with SMTP id u17csp504959rdh; Wed, 14 Feb 2024 03:36:55 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWnj87zYxc8VX35tdyGbMEQrHwO+6p2AlFTwUjwFGLKK581AbnpVNwworHc30k8BAR19QQ4EY4q4U1idc3TAHFWOiC6OVXbdzjCfREozQ== X-Google-Smtp-Source: AGHT+IFCYH0yxH+JQWiflMfiRoO3b8fWzaMJs5CI2lSH4RvKnRnLJTfzqc6f93mR8igJpuRUfzKG X-Received: by 2002:ac8:59ce:0:b0:42c:b64:7868 with SMTP id f14-20020ac859ce000000b0042c0b647868mr2623917qtf.53.1707910615314; Wed, 14 Feb 2024 03:36:55 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1707910615; cv=pass; d=google.com; s=arc-20160816; b=yIjOTjZq3HC+KA7tsMjRxHh8bkS3QsXVxm6gYEPTZ4cqcjomIDHkqTv/HhAJHBqBL/ hecytKp5JmIouDzC4f6v1/fOLMIDJGuF1Knhpbwq9VOFMEf5q1kFBjqhOXlWDCW4tYVK pvAu9wUZrdniuuq3oFItU4VJ4+RHcyuZ2BpWfCVdiWfBFCNQRyGf5zLLGC5JJ/cLW0mm 33yIf4Y+MpoD0K2/I9HU8J3F3dyHswK2rHHhHsYAg5tDFvMIRHSijpy/mrgUBXk5zB44 9xWSCjJ8nIoY0rIRILEJvxay9ltTMbPJPSjGSaPMqa3O30uh5FahTfzViBnWZuiAEerJ RTVg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=99U5z0ElWDJxhGO7uX4CvYyY7i4IPJKIdyI1FUwatwQ=; fh=c1VTNPzSJvpj8K7oO2WEFSihx4ZWRSADQr+VGT/JtQo=; b=MFLDjUjiLh09y84C0inJ3YqMwpzr5p1QqtUXbt4+q3w4FKxiKfkYxktcYvxoBxbG3C 3eVnTBiBGDMoDbFbjgi/2BJoXframYvmQdVV8c29cHjdOLH4ODeYG2NocJHmyjpY2aD4 13wl7MPYSuTnpoXuiY9Gy40AwZtTM3xociut8DfEpbMfvtS6CXLED+TWFYOdUrjKlVZi ceWIa6kTIvUjiIqhQBr7PF3DIzK07BjSK3FYkMHVozpm3A3ckyc7+oktJQ25bxJqSaL2 8RLpFUPR8yOCO/ojw534ohAlHg9G9F6pShd5EZj0c4ODxk/FNaxZcBjCWy84MMtOeE79 SZMQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-65140-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65140-linux.lists.archive=gmail.com@vger.kernel.org" X-Forwarded-Encrypted: i=2; AJvYcCXLE1XXl+yBSVmiWhMWcD7QYUR9ekgiwgNaE3e7ZG7oOzJDZqiKWpFKZaM68MW5IQ+LO9VlRsCX6Ko6/pwteWpBZO33PzznCPsCAXTCVw== Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id f8-20020ac84648000000b0042ab065ed98si4891324qto.772.2024.02.14.03.36.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 03:36:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-65140-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-65140-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-65140-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id BE4DE1C228C3 for ; Wed, 14 Feb 2024 11:36:54 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 075F91A58E; Wed, 14 Feb 2024 11:36:42 +0000 (UTC) Received: from frasgout11.his.huawei.com (frasgout11.his.huawei.com [14.137.139.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 73CAE1947D; Wed, 14 Feb 2024 11:36:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=14.137.139.23 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707910601; cv=none; b=fljmPV3xI5SNNLgR8/Y8lLh4kH78J99sICC3+5vUSQDgdesVgiBuiKySkG1hA2lzrNh5KSpnr1qDjJuO9xqPlhsEEY/C5DfPyoPLGf3/o0LENN2vI9QTkdkjnMVK7zSsqfPB13H+zO9ZOHpqXJBLOWYW7N/ZGIdZWPThg2mgAC0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1707910601; c=relaxed/simple; bh=XX4ZJh1efWO1B3rAxShAcHfODcw783OuO5HzO8Mr6W0=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=qcY6syD3Vex2ffc1j1zVH7wfAsoZUbENiGnI3tOxk0Ono7z6pwGuDQ9aA+8tL3twnka6hm0bmsVsLWt2a71C5JK/4oau2xOOHZ/LLAyvEdj0pMjrixkF/gTtqhJPFoM6ZUj63aUXmvYIBU8VAoxMWYAVP/qwAOaqGtTHTWJo8Js= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=14.137.139.23 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.18.186.51]) by frasgout11.his.huawei.com (SkyGuard) with ESMTP id 4TZbNw1Yybz9xrtH; Wed, 14 Feb 2024 19:21:20 +0800 (CST) Received: from mail02.huawei.com (unknown [7.182.16.47]) by mail.maildlp.com (Postfix) with ESMTP id B516014066B; Wed, 14 Feb 2024 19:36:25 +0800 (CST) Received: from huaweicloud.com (unknown [10.45.156.69]) by APP1 (Coremail) with SMTP id LxC2BwAHshp7pcxlDJx9Ag--.51624S5; Wed, 14 Feb 2024 12:36:25 +0100 (CET) From: Petr Tesarik To: Jonathan Corbet , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org (maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)), "H. Peter Anvin" , Andy Lutomirski , Oleg Nesterov , Peter Zijlstra , Xin Li , Arnd Bergmann , Andrew Morton , Rick Edgecombe , Kees Cook , "Masami Hiramatsu (Google)" , Pengfei Xu , Josh Poimboeuf , Ze Gao , "Kirill A. Shutemov" , Kai Huang , David Woodhouse , Brian Gerst , Jason Gunthorpe , Joerg Roedel , "Mike Rapoport (IBM)" , Tina Zhang , Jacob Pan , linux-doc@vger.kernel.org (open list:DOCUMENTATION), linux-kernel@vger.kernel.org (open list) Cc: Roberto Sassu , petr@tesarici.cz, Petr Tesarik Subject: [PATCH v1 3/8] sbm: x86: map system data structures into the sandbox Date: Wed, 14 Feb 2024 12:35:11 +0100 Message-Id: <20240214113516.2307-4-petrtesarik@huaweicloud.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240214113516.2307-1-petrtesarik@huaweicloud.com> References: <20240214113516.2307-1-petrtesarik@huaweicloud.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID:LxC2BwAHshp7pcxlDJx9Ag--.51624S5 X-Coremail-Antispam: 1UD129KBjvJXoWxWFWDtrykCFy7Cr43Ar4Utwb_yoWrGr47pF nxCF1kKFW7K343uwn3Cr40yr15Zws2k3W7Kry2kryrZF17t3W5Ars2g3yDtFW8GFWvga4F qFW3tF4rGa1DZw7anT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUmq14x267AKxVWrJVCq3wAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_JrWl82xGYIkIc2 x26xkF7I0E14v26ryj6s0DM28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2z4x0 Y4vE2Ix0cI8IcVAFwI0_JFI_Gr1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Gr1j6F4UJw A2z4x0Y4vEx4A2jsIE14v26r4j6F4UM28EF7xvwVC2z280aVCY1x0267AKxVW8Jr0_Cr1U M2AIxVAIcxkEcVAq07x20xvEncxIr21l5I8CrVACY4xI64kE6c02F40Ex7xfMcIj6xIIjx v20xvE14v26r106r15McIj6I8E87Iv67AKxVWUJVW8JwAm72CE4IkC6x0Yz7v_Jr0_Gr1l F7xvr2IYc2Ij64vIr41lF7I21c0EjII2zVCS5cI20VAGYxC7M4IIrI8v6xkF7I0E8cxan2 IY04v7MxkF7I0Ew4C26cxK6c8Ij28IcwCF04k20xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkE bVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E7480Y4vE14v26r106r1rMI8E67 AF67kF1VAFwI0_Wrv_Gr1UMIIYrxkI7VAKI48JMIIF0xvE2Ix0cI8IcVAFwI0_JFI_Gr1l IxAIcVC0I7IYx2IY6xkF7I0E14v26r4UJVWxJr1lIxAIcVCF04k26cxKx2IYs7xG6r1j6r 1xMIIF0xvEx4A2jsIE14v26r4j6F4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Gr1j6F4UJbIY CTnIWIevJa73UjIFyTuYvjfUnPEfUUUUU X-CM-SenderInfo: hshw23xhvd2x3n6k3tpzhluzxrxghudrp/ From: Petr Tesarik Map CPU system data structures (GDT, TSS, IDT) read-only into every sandbox instance. Map interrupt stacks read-write. The TSS mappings may look confusing. The trick is that TSS pages are mapped twice in the kernel address space: once read-only and once read-write. The GDT entry for the TR register uses the read-only address, but since __pa() does not work for virtual addresses in this range (cpu_entry_area), use the read-write mapping to get TSS physical address. Signed-off-by: Petr Tesarik --- arch/x86/include/asm/page_64_types.h | 1 + arch/x86/kernel/sbm/core.c | 74 ++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h index 06ef25411d62..62f6e40b3361 100644 --- a/arch/x86/include/asm/page_64_types.h +++ b/arch/x86/include/asm/page_64_types.h @@ -29,6 +29,7 @@ #define IST_INDEX_DB 2 #define IST_INDEX_MCE 3 #define IST_INDEX_VC 4 +#define IST_INDEX_NUM 7 /* * Set __PAGE_OFFSET to the most negative possible address + diff --git a/arch/x86/kernel/sbm/core.c b/arch/x86/kernel/sbm/core.c index de6986801148..f3a123d64afc 100644 --- a/arch/x86/kernel/sbm/core.c +++ b/arch/x86/kernel/sbm/core.c @@ -7,9 +7,13 @@ * SandBox Mode (SBM) implementation for the x86 architecture. */ +#include +#include #include +#include #include #include +#include #include #include #include @@ -155,6 +159,72 @@ static int map_kernel(struct x86_sbm_state *state) return 0; } +/** map_cpu_data() - map CPU system data structures into a sandbox instance + * @sbm: Target sandbox instance. + * + * Create sandbox page tables for: + * * Global Descriptor Table (GDT) + * * Task State Segment (TSS) + * * Interrupt Descriptor Table (IDT). + * + * Return: Zero on success, negative error code on failure. + */ +static int map_cpu_data(struct x86_sbm_state *state) +{ + unsigned long off; + phys_addr_t paddr; + unsigned int ist; + void *vaddr; + int cpu; + int err; + + for_each_possible_cpu(cpu) { + struct cpu_entry_area *cea; + struct tss_struct *tss; + + err = map_page(state, (unsigned long)get_cpu_gdt_ro(cpu), + PHYS_PFN(get_cpu_gdt_paddr(cpu)), + PAGE_KERNEL_RO); + if (err) + return err; + + cea = get_cpu_entry_area(cpu); + + tss = &cea->tss; + paddr = __pa(&per_cpu(cpu_tss_rw, cpu)); + for (off = 0; off < sizeof(cpu_tss_rw); off += PAGE_SIZE) { + err = map_page(state, (unsigned long)tss + off, + PHYS_PFN(paddr + off), PAGE_KERNEL_RO); + if (err) + return err; + } + + paddr = slow_virt_to_phys(&cea->entry_stack_page); + err = map_page(state, (unsigned long)&cea->entry_stack_page, + PHYS_PFN(paddr), PAGE_KERNEL); + if (err) + return err; + + for (ist = 0; ist < IST_INDEX_NUM; ++ist) { + vaddr = (void *)tss->x86_tss.ist[ist]; + if (!vaddr) + continue; + + for (off = EXCEPTION_STKSZ; off; off -= PAGE_SIZE) { + paddr = slow_virt_to_phys(vaddr - off); + err = map_page(state, (unsigned long)vaddr - off, + PHYS_PFN(paddr), PAGE_KERNEL); + if (err) + return err; + } + } + } + + paddr = slow_virt_to_phys((void *)CPU_ENTRY_AREA_RO_IDT); + return map_page(state, CPU_ENTRY_AREA_RO_IDT, PHYS_PFN(paddr), + PAGE_KERNEL_RO); +} + int arch_sbm_init(struct sbm *sbm) { struct x86_sbm_state *state; @@ -194,6 +264,10 @@ int arch_sbm_init(struct sbm *sbm) if (err) return err; + err = map_cpu_data(state); + if (err) + return err; + return 0; } -- 2.34.1