| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Jan 2022 09:54:32 -0800
From: ira.weiny@...el.com
To: Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Dan Williams <dan.j.williams@...el.com>
Cc: Ira Weiny <ira.weiny@...el.com>, Fenghua Yu <fenghua.yu@...el.com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH V8 11/44] mm/pkeys: Define static PKS key array and default values
From: Ira Weiny <ira.weiny@...el.com>
Kernel users will need a way to allocate a PKS Pkey for their use.
Introduce pks-keys.h as a place to define enum pks_pkey_consumers and
the macro PKS_INIT_VALUE. PKS_INIT_VALUE holds the default value for
each key. Kernel users reserve a key value by adding an entry to the
enum pks_pkey_consumers with a unique value [1-15] and replacing that
value in the PKS_INIT_VALUE macro using the desired default macro;
PKR_RW_KEY(), PKR_WD_KEY(), or PKR_AD_KEY().
Use this value to initialize all CPUs at boot.
pks-keys.h is added as a new header with minimal header dependencies.
This allows the use of PKS_INIT_VALUE within other headers where the
additional includes from pkeys.h caused major conflicts. The main
conflict was using PKS_INIT_VALUE for INIT_TRHEAD in asm/processor.h
Add documentation.
Signed-off-by: Ira Weiny <ira.weiny@...el.com>
---
Changes for V8
Create pks-keys.h to solve header conflicts in subsequent
patches.
Remove create_initial_pkrs_value() which did not work
Replace it with PKS_INIT_VALUE
Fix up documentation to match
s/PKR_RW_BIT/PKR_RW_KEY()/
s/PKRS_INIT_VALUE/PKS_INIT_VALUE
Split this off of the previous patch
Update documentation and embed it in the code to help ensure it
is kept up to date.
Changes for V7
Create a dynamic pkrs_initial_value in early init code.
Clean up comments
Add comment to macro guard
---
Documentation/core-api/protection-keys.rst | 4 ++
arch/x86/include/asm/pkeys_common.h | 1 +
arch/x86/mm/pkeys.c | 2 +-
include/linux/pkeys.h | 2 +
include/linux/pks-keys.h | 59 ++++++++++++++++++++++
5 files changed, 67 insertions(+), 1 deletion(-)
create mode 100644 include/linux/pks-keys.h
diff --git a/Documentation/core-api/protection-keys.rst b/Documentation/core-api/protection-keys.rst
index 58670e3ee39e..af283a1a9aa0 100644
--- a/Documentation/core-api/protection-keys.rst
+++ b/Documentation/core-api/protection-keys.rst
@@ -129,6 +129,10 @@ Kernel users intending to use PKS support should depend on
ARCH_HAS_SUPERVISOR_PKEYS, and select ARCH_ENABLE_SUPERVISOR_PKEYS to turn on
this support within the core.
+PKS Key Allocation
+------------------
+.. kernel-doc:: include/linux/pks-keys.h
+ :doc: PKS_KEY_ALLOCATION
MSR details
-----------
diff --git a/arch/x86/include/asm/pkeys_common.h b/arch/x86/include/asm/pkeys_common.h
index d02ab5bc3fff..efb101dee3aa 100644
--- a/arch/x86/include/asm/pkeys_common.h
+++ b/arch/x86/include/asm/pkeys_common.h
@@ -8,6 +8,7 @@
#define PKR_PKEY_SHIFT(pkey) (pkey * PKR_BITS_PER_PKEY)
+#define PKR_RW_KEY(pkey) (0 << PKR_PKEY_SHIFT(pkey))
#define PKR_AD_KEY(pkey) (PKR_AD_BIT << PKR_PKEY_SHIFT(pkey))
#define PKR_WD_KEY(pkey) (PKR_WD_BIT << PKR_PKEY_SHIFT(pkey))
diff --git a/arch/x86/mm/pkeys.c b/arch/x86/mm/pkeys.c
index 02629219e683..a5b5b86e97ce 100644
--- a/arch/x86/mm/pkeys.c
+++ b/arch/x86/mm/pkeys.c
@@ -217,7 +217,7 @@ void pks_setup(void)
if (!cpu_feature_enabled(X86_FEATURE_PKS))
return;
- wrmsrl(MSR_IA32_PKRS, 0);
+ wrmsrl(MSR_IA32_PKRS, PKS_INIT_VALUE);
cr4_set_bits(X86_CR4_PKS);
}
diff --git a/include/linux/pkeys.h b/include/linux/pkeys.h
index 86be8bf27b41..e9ea8f152915 100644
--- a/include/linux/pkeys.h
+++ b/include/linux/pkeys.h
@@ -48,4 +48,6 @@ static inline bool arch_pkeys_enabled(void)
#endif /* ! CONFIG_ARCH_HAS_PKEYS */
+#include <linux/pks-keys.h>
+
#endif /* _LINUX_PKEYS_H */
diff --git a/include/linux/pks-keys.h b/include/linux/pks-keys.h
new file mode 100644
index 000000000000..05fe4a1cf888
--- /dev/null
+++ b/include/linux/pks-keys.h
@@ -0,0 +1,59 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_PKS_KEYS_H
+#define _LINUX_PKS_KEYS_H
+
+#ifdef CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS
+
+#include <asm/pkeys_common.h>
+
+/**
+ * DOC: PKS_KEY_ALLOCATION
+ *
+ * Users reserve a key value by adding an entry to enum pks_pkey_consumers with
+ * a unique value from 1 to 15. Then replacing that value in the
+ * PKS_INIT_VALUE macro using the desired default protection; PKR_RW_KEY(),
+ * PKR_WD_KEY(), or PKR_AD_KEY().
+ *
+ * PKS_KEY_DEFAULT must remain 0 key with a default of read/write to support
+ * non-pks protected pages. Unused keys should be set (Access Disabled
+ * PKR_AD_KEY()).
+ *
+ * For example to configure a key for 'MY_FEATURE' with a default of Write
+ * Disabled.
+ *
+ * .. code-block:: c
+ *
+ * enum pks_pkey_consumers
+ * {
+ * PKS_KEY_DEFAULT = 0,
+ * PKS_KEY_MY_FEATURE = 1,
+ * }
+ *
+ * #define PKS_INIT_VALUE (PKR_RW_KEY(PKS_KEY_DEFAULT) |
+ * PKR_WD_KEY(PKS_KEY_MY_FEATURE) |
+ * PKR_AD_KEY(2) | PKR_AD_KEY(3) |
+ * PKR_AD_KEY(4) | PKR_AD_KEY(5) |
+ * PKR_AD_KEY(6) | PKR_AD_KEY(7) |
+ * PKR_AD_KEY(8) | PKR_AD_KEY(9) |
+ * PKR_AD_KEY(10) | PKR_AD_KEY(11) |
+ * PKR_AD_KEY(12) | PKR_AD_KEY(13) |
+ * PKR_AD_KEY(14) | PKR_AD_KEY(15))
+ *
+ */
+enum pks_pkey_consumers {
+ PKS_KEY_DEFAULT = 0, /* Must be 0 for default PTE values */
+};
+
+#define PKS_INIT_VALUE (PKR_RW_KEY(PKS_KEY_DEFAULT) | \
+ PKR_AD_KEY(1) | \
+ PKR_AD_KEY(2) | PKR_AD_KEY(3) | \
+ PKR_AD_KEY(4) | PKR_AD_KEY(5) | \
+ PKR_AD_KEY(6) | PKR_AD_KEY(7) | \
+ PKR_AD_KEY(8) | PKR_AD_KEY(9) | \
+ PKR_AD_KEY(10) | PKR_AD_KEY(11) | \
+ PKR_AD_KEY(12) | PKR_AD_KEY(13) | \
+ PKR_AD_KEY(14) | PKR_AD_KEY(15))
+
+#endif /* CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */
+
+#endif /* _LINUX_PKS_KEYS_H */
--
2.31.1
Powered by blists - more mailing lists