lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220127175505.851391-12-ira.weiny@intel.com>
Date:   Thu, 27 Jan 2022 09:54:32 -0800
From:   ira.weiny@...el.com
To:     Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Dan Williams <dan.j.williams@...el.com>
Cc:     Ira Weiny <ira.weiny@...el.com>, Fenghua Yu <fenghua.yu@...el.com>,
        Rick Edgecombe <rick.p.edgecombe@...el.com>,
        linux-kernel@...r.kernel.org
Subject: [PATCH V8 11/44] mm/pkeys: Define static PKS key array and default values

From: Ira Weiny <ira.weiny@...el.com>

Kernel users will need a way to allocate a PKS Pkey for their use.

Introduce pks-keys.h as a place to define enum pks_pkey_consumers and
the macro PKS_INIT_VALUE.  PKS_INIT_VALUE holds the default value for
each key.  Kernel users reserve a key value by adding an entry to the
enum pks_pkey_consumers with a unique value [1-15] and replacing that
value in the PKS_INIT_VALUE macro using the desired default macro;
PKR_RW_KEY(), PKR_WD_KEY(), or PKR_AD_KEY().

Use this value to initialize all CPUs at boot.

pks-keys.h is added as a new header with minimal header dependencies.
This allows the use of PKS_INIT_VALUE within other headers where the
additional includes from pkeys.h caused major conflicts.  The main
conflict was using PKS_INIT_VALUE for INIT_TRHEAD in asm/processor.h

Add documentation.

Signed-off-by: Ira Weiny <ira.weiny@...el.com>

---
Changes for V8
	Create pks-keys.h to solve header conflicts in subsequent
		patches.
	Remove create_initial_pkrs_value() which did not work
		Replace it with PKS_INIT_VALUE
		Fix up documentation to match
	s/PKR_RW_BIT/PKR_RW_KEY()/
	s/PKRS_INIT_VALUE/PKS_INIT_VALUE
	Split this off of the previous patch
	Update documentation and embed it in the code to help ensure it
	is kept up to date.

Changes for V7
	Create a dynamic pkrs_initial_value in early init code.
	Clean up comments
	Add comment to macro guard
---
 Documentation/core-api/protection-keys.rst |  4 ++
 arch/x86/include/asm/pkeys_common.h        |  1 +
 arch/x86/mm/pkeys.c                        |  2 +-
 include/linux/pkeys.h                      |  2 +
 include/linux/pks-keys.h                   | 59 ++++++++++++++++++++++
 5 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 include/linux/pks-keys.h

diff --git a/Documentation/core-api/protection-keys.rst b/Documentation/core-api/protection-keys.rst
index 58670e3ee39e..af283a1a9aa0 100644
--- a/Documentation/core-api/protection-keys.rst
+++ b/Documentation/core-api/protection-keys.rst
@@ -129,6 +129,10 @@ Kernel users intending to use PKS support should depend on
 ARCH_HAS_SUPERVISOR_PKEYS, and select ARCH_ENABLE_SUPERVISOR_PKEYS to turn on
 this support within the core.
 
+PKS Key Allocation
+------------------
+.. kernel-doc:: include/linux/pks-keys.h
+        :doc: PKS_KEY_ALLOCATION
 
 MSR details
 -----------
diff --git a/arch/x86/include/asm/pkeys_common.h b/arch/x86/include/asm/pkeys_common.h
index d02ab5bc3fff..efb101dee3aa 100644
--- a/arch/x86/include/asm/pkeys_common.h
+++ b/arch/x86/include/asm/pkeys_common.h
@@ -8,6 +8,7 @@
 
 #define PKR_PKEY_SHIFT(pkey)	(pkey * PKR_BITS_PER_PKEY)
 
+#define PKR_RW_KEY(pkey)	(0          << PKR_PKEY_SHIFT(pkey))
 #define PKR_AD_KEY(pkey)	(PKR_AD_BIT << PKR_PKEY_SHIFT(pkey))
 #define PKR_WD_KEY(pkey)	(PKR_WD_BIT << PKR_PKEY_SHIFT(pkey))
 
diff --git a/arch/x86/mm/pkeys.c b/arch/x86/mm/pkeys.c
index 02629219e683..a5b5b86e97ce 100644
--- a/arch/x86/mm/pkeys.c
+++ b/arch/x86/mm/pkeys.c
@@ -217,7 +217,7 @@ void pks_setup(void)
 	if (!cpu_feature_enabled(X86_FEATURE_PKS))
 		return;
 
-	wrmsrl(MSR_IA32_PKRS, 0);
+	wrmsrl(MSR_IA32_PKRS, PKS_INIT_VALUE);
 	cr4_set_bits(X86_CR4_PKS);
 }
 
diff --git a/include/linux/pkeys.h b/include/linux/pkeys.h
index 86be8bf27b41..e9ea8f152915 100644
--- a/include/linux/pkeys.h
+++ b/include/linux/pkeys.h
@@ -48,4 +48,6 @@ static inline bool arch_pkeys_enabled(void)
 
 #endif /* ! CONFIG_ARCH_HAS_PKEYS */
 
+#include <linux/pks-keys.h>
+
 #endif /* _LINUX_PKEYS_H */
diff --git a/include/linux/pks-keys.h b/include/linux/pks-keys.h
new file mode 100644
index 000000000000..05fe4a1cf888
--- /dev/null
+++ b/include/linux/pks-keys.h
@@ -0,0 +1,59 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_PKS_KEYS_H
+#define _LINUX_PKS_KEYS_H
+
+#ifdef CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS
+
+#include <asm/pkeys_common.h>
+
+/**
+ * DOC: PKS_KEY_ALLOCATION
+ *
+ * Users reserve a key value by adding an entry to enum pks_pkey_consumers with
+ * a unique value from 1 to 15.  Then replacing that value in the
+ * PKS_INIT_VALUE macro using the desired default protection; PKR_RW_KEY(),
+ * PKR_WD_KEY(), or PKR_AD_KEY().
+ *
+ * PKS_KEY_DEFAULT must remain 0 key with a default of read/write to support
+ * non-pks protected pages.  Unused keys should be set (Access Disabled
+ * PKR_AD_KEY()).
+ *
+ * For example to configure a key for 'MY_FEATURE' with a default of Write
+ * Disabled.
+ *
+ * .. code-block:: c
+ *
+ *	enum pks_pkey_consumers
+ *	{
+ *		PKS_KEY_DEFAULT         = 0,
+ *		PKS_KEY_MY_FEATURE      = 1,
+ *	}
+ *
+ *	#define PKS_INIT_VALUE (PKR_RW_KEY(PKS_KEY_DEFAULT)		|
+ *				PKR_WD_KEY(PKS_KEY_MY_FEATURE)		|
+ *				PKR_AD_KEY(2)	| PKR_AD_KEY(3)		|
+ *				PKR_AD_KEY(4)	| PKR_AD_KEY(5)		|
+ *				PKR_AD_KEY(6)	| PKR_AD_KEY(7)		|
+ *				PKR_AD_KEY(8)	| PKR_AD_KEY(9)		|
+ *				PKR_AD_KEY(10)	| PKR_AD_KEY(11)	|
+ *				PKR_AD_KEY(12)	| PKR_AD_KEY(13)	|
+ *				PKR_AD_KEY(14)	| PKR_AD_KEY(15))
+ *
+ */
+enum pks_pkey_consumers {
+	PKS_KEY_DEFAULT		= 0, /* Must be 0 for default PTE values */
+};
+
+#define PKS_INIT_VALUE (PKR_RW_KEY(PKS_KEY_DEFAULT)		| \
+			PKR_AD_KEY(1)	| \
+			PKR_AD_KEY(2)	| PKR_AD_KEY(3)		| \
+			PKR_AD_KEY(4)	| PKR_AD_KEY(5)		| \
+			PKR_AD_KEY(6)	| PKR_AD_KEY(7)		| \
+			PKR_AD_KEY(8)	| PKR_AD_KEY(9)		| \
+			PKR_AD_KEY(10)	| PKR_AD_KEY(11)	| \
+			PKR_AD_KEY(12)	| PKR_AD_KEY(13)	| \
+			PKR_AD_KEY(14)	| PKR_AD_KEY(15))
+
+#endif /* CONFIG_ARCH_ENABLE_SUPERVISOR_PKEYS */
+
+#endif /* _LINUX_PKS_KEYS_H */
-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ