lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20220205054039.GE785175@iweiny-DESK2.sc.intel.com>
Date:   Fri, 4 Feb 2022 21:40:39 -0800
From:   Ira Weiny <ira.weiny@...el.com>
To:     Dan Williams <dan.j.williams@...el.com>
Cc:     "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>,
        "hpa@...or.com" <hpa@...or.com>,
        "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
        "Yu, Fenghua" <fenghua.yu@...el.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH V8 36/44] memremap_pages: Reserve a PKS PKey for eventual
 use by PMEM

On Fri, Feb 04, 2022 at 09:12:11AM -0800, Dan Williams wrote:
> On Tue, Feb 1, 2022 at 10:35 AM Edgecombe, Rick P
> <rick.p.edgecombe@...el.com> wrote:
> >
> > On Thu, 2022-01-27 at 09:54 -0800, ira.weiny@...el.com wrote:
> > >  enum pks_pkey_consumers {
> > > -       PKS_KEY_DEFAULT         = 0, /* Must be 0 for default PTE
> > > values */
> > > -       PKS_KEY_TEST            = 1,
> > > -       PKS_KEY_NR_CONSUMERS    = 2,
> > > +       PKS_KEY_DEFAULT                 = 0, /* Must be 0 for default
> > > PTE values */
> > > +       PKS_KEY_TEST                    = 1,
> > > +       PKS_KEY_PGMAP_PROTECTION        = 2,
> > > +       PKS_KEY_NR_CONSUMERS            = 3,
> > >  };
> >
> > The c spec says that any enum member that doesn't have an "=" will be
> > one more than the previous member. As a consequence you can leave the
> > "=" off PKS_KEY_NR_CONSUMERS and it will get auto adjusted when you add
> > more like this.
> >
> > I know we've gone around and around on this, but why also specify the
> > value for each key? They should auto increment and the first one is
> > guaranteed to be zero.

Because it was easier to ensure that the init value had all the defaults
covered.

> >
> > Otherwise this doesn't use any of the features of "enum", it's just a
> > verbose series of const int's.

True but does this really matter?

> 
> Going further, this can also build in support for dynamically (at
> build time) freeing keys based on config, something like:
> 
> enum {
> #if IS_ENABLED(CONFIG_PKS_TEST)
> PKS_KEY_TEST,
> #endif
> #if IS_ENABLED(CONFIG_DEVMAP_PROTECTION)
> PKS_KEY_PGMAP_PROTECTION,
> #endif
> PKS_KEY_NR_CONSUMERS,
> }

This is all well and good until you get to the point of trying to define the
initial MSR value.

What Rick proposes without the Kconfig check is easier than this.  But to do
what both you and Rick suggest this is the best crap I've been able to come up
with that actually works...


/* pkeys_common.h */
#define PKR_AD_BIT 0x1u
#define PKR_WD_BIT 0x2u
#define PKR_BITS_PER_PKEY 2

#define PKR_PKEY_SHIFT(pkey)    (pkey * PKR_BITS_PER_PKEY)

#define PKR_KEY_INIT_RW(pkey)   (0          << PKR_PKEY_SHIFT(pkey))
#define PKR_KEY_INIT_AD(pkey)   (PKR_AD_BIT << PKR_PKEY_SHIFT(pkey))
#define PKR_KEY_INIT_WD(pkey)   (PKR_WD_BIT << PKR_PKEY_SHIFT(pkey))


/* pks-keys.h */
#define PKR_KEY_MASK(pkey)   (0xffffffff & ~((PKR_WD_BIT|PKR_AD_BIT) << PKR_PKEY_SHIFT(pkey)))

enum pks_pkey_consumers {
        PKS_KEY_DEFAULT                 = 0, /* Must be 0 for default PTE values */
#if IS_ENABLED(CONFIG_PKS_TEST)
        PKS_KEY_TEST,
#endif
#if IS_ENABLED(CONFIG_DEVMAP_ACCESS_PROTECTION)
        PKS_KEY_PGMAP_PROTECTION,
#endif
        PKS_KEY_NR_CONSUMERS
};

#define PKS_DEFAULT_VALUE PKR_KEY_INIT_RW(PKS_KEY_DEFAULT)
#define PKS_DEFAULT_MASK  PKR_KEY_MASK(PKS_KEY_DEFAULT)

#if IS_ENABLED(CONFIG_PKS_TEST)
#define PKS_TEST_VALUE PKR_KEY_INIT_AD(PKS_KEY_TEST)
#define PKS_TEST_MASK  PKR_KEY_MASK(PKS_KEY_TEST)
#else
/* Just define another default value to fool the CPP */
#define PKS_TEST_VALUE PKR_KEY_INIT_RW(0)
#define PKS_TEST_MASK  PKR_KEY_MASK(0)
#endif

#if IS_ENABLED(CONFIG_DEVMAP_ACCESS_PROTECTION)
#define PKS_PGMAP_VALUE PKR_KEY_INIT_AD(PKS_KEY_PGMAP_PROTECTION)
#define PKS_PGMAP_MASK  PKR_KEY_MASK(PKS_KEY_PGMAP_PROTECTION)
#else
/* Just define another default value to fool the CPP */
#define PKS_PGMAP_VALUE PKR_KEY_INIT_RW(0)
#define PKS_PGMAP_MASK  PKR_KEY_MASK(0)
#endif

#define PKS_INIT_VALUE ((0xFFFFFFFF & \
                        (PKS_DEFAULT_MASK & \
                                PKS_TEST_MASK & \
                                PKS_PGMAP_MASK \
                        )) | \
                        (PKS_DEFAULT_VALUE | \
                        PKS_TEST_VALUE | \
                        PKS_PGMAP_VALUE \
                        ) \
                        )


I find the above much harder to parse and of little value.  I'm pretty sure
that someone adding a key is much more likely to get the macro maze wrong.
Reviewing a patch to add a key would be much more difficult as well, IMHO.

I'm a bit tired of this back and forth trying to implement this for features
which may never exist.  In all my discussions I don't think we have reached
more than 10 use cases in our wildest dreams and only 4 have even been
attempted with real code including the PKS test.

So I'm just a bit frustrated with the effort we have put in to try and do
dynamic or even compile time dynamic keys.

Anyway I'll think on it more.  But I'm inclined to leave it alone right now.
What I have is easy to review for correctness and only takes a bit of effort to
actually use.

Ira

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ