[v6,19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash

Message ID	20201125051634.509286-20-aneesh.kumar@linux.ibm.com (mailing list archive)
State	Changes Requested
Headers	show Return-Path: <linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org> From: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com> To: linuxppc-dev@lists.ozlabs.org, mpe@ellerman.id.au Subject: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash Date: Wed, 25 Nov 2020 10:46:31 +0530 Message-Id: <20201125051634.509286-20-aneesh.kumar@linux.ibm.com> In-Reply-To: <20201125051634.509286-1-aneesh.kumar@linux.ibm.com> References: <20201125051634.509286-1-aneesh.kumar@linux.ibm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>, Sandipan Das <sandipan@linux.ibm.com> Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" <linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>
Series	Kernel userspace access/execution prevention with hash translation \| expand [v6,00/22] Kernel userspace access/execution prevention with hash translation [v6,01/22] powerpc: Add new macro to handle NESTED_IFCLR [v6,02/22] KVM: PPC: BOOK3S: PR: Ignore UAMOR SPR [v6,03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS [v6,04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init [v6,05/22] powerpc/book3s64/kuap: Move KUAP related function outside radix [v6,06/22] powerpc/book3s64/kuep: Move KUEP related function outside radix [v6,07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP [v6,08/22] powerpc/book3s64/kuap: Use Key 3 for kernel mapping with hash translation [v6,09/22] powerpc/exec: Set thread.regs early during exec [v6,10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit fro… [v6,11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. [v6,12/22] powerpc/book3s64/pkeys: Reset userspace AMR correctly on exec [v6,13/22] powerpc/ptrace-view: Use pt_regs values instead of thread_struct based one. [v6,14/22] powerpc/book3s64/pkeys: Don't update SPRN_AMR when in kernel mode. [v6,15/22] powerpc/book3s64/kuap: Restrict access to userspace based on userspace AMR [v6,16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP [v6,17/22] powerpc/book3s64/kuap: Use Key 3 to implement KUAP with hash translation. [v6,18/22] powerpc/book3s64/kuep: Use Key 3 to implement KUEP with hash translation. [v6,19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash [v6,20/22] powerpc/book3s64/hash/kuep: Enable KUEP on hash [v6,21/22] powerpc/book3s64/hash/kup: Don't hardcode kup key [v6,22/22] powerpc/book3s64/pkeys: Optimize FTR_KUAP and FTR_KUEP disabled case

Context	Check	Description
snowpatch_ozlabs/apply_patch	success	Successfully applied on branch powerpc/merge (4c202167192a77481310a3cacae9f12618b92216)
snowpatch_ozlabs/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 13 lines checked
snowpatch_ozlabs/needsstable	success	Patch has no Fixes tags

Aneesh Kumar K V Nov. 25, 2020, 5:16 a.m. UTC

Reviewed-by: Sandipan Das <sandipan@linux.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
---
 arch/powerpc/mm/book3s64/pkeys.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Christophe Leroy March 15, 2021, 12:06 p.m. UTC | #1

Le 25/11/2020 à 06:16, Aneesh Kumar K.V a écrit :
> Reviewed-by: Sandipan Das <sandipan@linux.ibm.com>
> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>

PPC_HAVE_KUAP is only selected on book3s/64 when PPC_RADIX_MMU is selected. Is that normal ?


> ---
>   arch/powerpc/mm/book3s64/pkeys.c | 7 ++++++-
>   1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/powerpc/mm/book3s64/pkeys.c b/arch/powerpc/mm/book3s64/pkeys.c
> index f747d66cc87d..84f8664ffc47 100644
> --- a/arch/powerpc/mm/book3s64/pkeys.c
> +++ b/arch/powerpc/mm/book3s64/pkeys.c
> @@ -257,7 +257,12 @@ void __init setup_kuep(bool disabled)
>   #ifdef CONFIG_PPC_KUAP
>   void __init setup_kuap(bool disabled)
>   {
> -	if (disabled || !early_radix_enabled())
> +	if (disabled)
> +		return;
> +	/*
> +	 * On hash if PKEY feature is not enabled, disable KUAP too.
> +	 */
> +	if (!early_radix_enabled() && !early_mmu_has_feature(MMU_FTR_PKEY))
>   		return;
>   
>   	if (smp_processor_id() == boot_cpuid) {
>

Aneesh Kumar K V March 15, 2021, 12:59 p.m. UTC | #2

On 3/15/21 5:36 PM, Christophe Leroy wrote:
> 
> 
> Le 25/11/2020 à 06:16, Aneesh Kumar K.V a écrit :
>> Reviewed-by: Sandipan Das <sandipan@linux.ibm.com>
>> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
> 
> PPC_HAVE_KUAP is only selected on book3s/64 when PPC_RADIX_MMU is 
> selected. Is that normal ?
> 


I guess we missed fixing that with this patch. How about

modified   arch/powerpc/platforms/Kconfig.cputype
@@ -103,6 +103,8 @@ config PPC_BOOK3S_64
  	select ARCH_SUPPORTS_NUMA_BALANCING
  	select IRQ_WORK
  	select PPC_MM_SLICES
+	select PPC_HAVE_KUEP
+	select PPC_HAVE_KUAP

  config PPC_BOOK3E_64
  	bool "Embedded processors"
@@ -365,8 +367,6 @@ config PPC_RADIX_MMU
  	bool "Radix MMU Support"
  	depends on PPC_BOOK3S_64
  	select ARCH_HAS_GIGANTIC_PAGE
-	select PPC_HAVE_KUEP
-	select PPC_HAVE_KUAP
  	default y
  	help
  	  Enable support for the Power ISA 3.0 Radix style MMU. Currently this





-aneesh

Christophe Leroy March 15, 2021, 1:02 p.m. UTC | #3

Le 15/03/2021 à 13:59, Aneesh Kumar K.V a écrit :
> On 3/15/21 5:36 PM, Christophe Leroy wrote:
>>
>>
>> Le 25/11/2020 à 06:16, Aneesh Kumar K.V a écrit :
>>> Reviewed-by: Sandipan Das <sandipan@linux.ibm.com>
>>> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
>>
>> PPC_HAVE_KUAP is only selected on book3s/64 when PPC_RADIX_MMU is selected. Is that normal ?
>>
> 
> 
> I guess we missed fixing that with this patch. How about

Yes, looks good to me.

> 
> modified   arch/powerpc/platforms/Kconfig.cputype
> @@ -103,6 +103,8 @@ config PPC_BOOK3S_64
>       select ARCH_SUPPORTS_NUMA_BALANCING
>       select IRQ_WORK
>       select PPC_MM_SLICES
> +    select PPC_HAVE_KUEP
> +    select PPC_HAVE_KUAP
> 
>   config PPC_BOOK3E_64
>       bool "Embedded processors"
> @@ -365,8 +367,6 @@ config PPC_RADIX_MMU
>       bool "Radix MMU Support"
>       depends on PPC_BOOK3S_64
>       select ARCH_HAS_GIGANTIC_PAGE
> -    select PPC_HAVE_KUEP
> -    select PPC_HAVE_KUAP
>       default y
>       help
>         Enable support for the Power ISA 3.0 Radix style MMU. Currently this
> 
> 
> 
> 
> 
> -aneesh

Christophe Leroy Oct. 8, 2021, 9:32 a.m. UTC | #4

Le 25/11/2020 à 06:16, Aneesh Kumar K.V a écrit :
> Reviewed-by: Sandipan Das <sandipan@linux.ibm.com>
> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
> ---
>   arch/powerpc/mm/book3s64/pkeys.c | 7 ++++++-
>   1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/powerpc/mm/book3s64/pkeys.c b/arch/powerpc/mm/book3s64/pkeys.c
> index f747d66cc87d..84f8664ffc47 100644
> --- a/arch/powerpc/mm/book3s64/pkeys.c
> +++ b/arch/powerpc/mm/book3s64/pkeys.c
> @@ -257,7 +257,12 @@ void __init setup_kuep(bool disabled)
>   #ifdef CONFIG_PPC_KUAP
>   void __init setup_kuap(bool disabled)
>   {
> -	if (disabled || !early_radix_enabled())
> +	if (disabled)
> +		return;
> +	/*
> +	 * On hash if PKEY feature is not enabled, disable KUAP too.
> +	 */
> +	if (!early_radix_enabled() && !early_mmu_has_feature(MMU_FTR_PKEY))

pkey_early_init_devtree() bails out without setting MMU_FTR_PKEY with 
the following:

	/*
	 * Only P7 and above supports SPRN_AMR update with MSR[PR] = 1
	 */
	if (!early_cpu_has_feature(CPU_FTR_ARCH_206))
		return;



Why would it be impossible to do KUAP in that case ? KUAP doesn't 
require updating SPRN_AMR with MSR[PR] = 1


>   		return;
>   
>   	if (smp_processor_id() == boot_cpuid) {
>

Michael Ellerman Oct. 11, 2021, 3:28 a.m. UTC | #5

Christophe Leroy <christophe.leroy@csgroup.eu> writes:
> Le 25/11/2020 à 06:16, Aneesh Kumar K.V a écrit :
>> Reviewed-by: Sandipan Das <sandipan@linux.ibm.com>
>> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
>> ---
>>   arch/powerpc/mm/book3s64/pkeys.c | 7 ++++++-
>>   1 file changed, 6 insertions(+), 1 deletion(-)
>> 
>> diff --git a/arch/powerpc/mm/book3s64/pkeys.c b/arch/powerpc/mm/book3s64/pkeys.c
>> index f747d66cc87d..84f8664ffc47 100644
>> --- a/arch/powerpc/mm/book3s64/pkeys.c
>> +++ b/arch/powerpc/mm/book3s64/pkeys.c
>> @@ -257,7 +257,12 @@ void __init setup_kuep(bool disabled)
>>   #ifdef CONFIG_PPC_KUAP
>>   void __init setup_kuap(bool disabled)
>>   {
>> -	if (disabled || !early_radix_enabled())
>> +	if (disabled)
>> +		return;
>> +	/*
>> +	 * On hash if PKEY feature is not enabled, disable KUAP too.
>> +	 */
>> +	if (!early_radix_enabled() && !early_mmu_has_feature(MMU_FTR_PKEY))
>
> pkey_early_init_devtree() bails out without setting MMU_FTR_PKEY with 
> the following:
>
> 	/*
> 	 * Only P7 and above supports SPRN_AMR update with MSR[PR] = 1
> 	 */
> 	if (!early_cpu_has_feature(CPU_FTR_ARCH_206))
> 		return;
>
>
>
> Why would it be impossible to do KUAP in that case ? KUAP doesn't 
> require updating SPRN_AMR with MSR[PR] = 1

You're right, it would be possible to do KUAP in that case.

That's an artifact of KUAP being implemented using PKEYs on hash. For
the PKEYs user-visible API we want AMR to be user controlled.

It's possible we could untangle all that, allowing KUAP to be
implemented on earlier CPUs, but I'm not sure it's going to be high on
anyone's todo list.

cheers

[v6,19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash

Checks

Commit Message

Comments

Patch