lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 22 Feb 2022 21:21:38 -0800
From:   Junaid Shahid <junaids@...gle.com>
To:     linux-kernel@...r.kernel.org
Cc:     kvm@...r.kernel.org, pbonzini@...hat.com, jmattson@...gle.com,
        pjt@...gle.com, oweisse@...gle.com, alexandre.chartre@...cle.com,
        rppt@...ux.ibm.com, dave.hansen@...ux.intel.com,
        peterz@...radead.org, tglx@...utronix.de, luto@...nel.org,
        linux-mm@...ck.org
Subject: [RFC PATCH 02/47] mm: asi: Add command-line parameter to
 enable/disable ASI

A parameter named "asi" is added, disabled by default. A feature flag
X86_FEATURE_ASI is set if ASI is enabled.

Signed-off-by: Junaid Shahid <junaids@...gle.com>


---
 arch/x86/include/asm/asi.h               | 17 ++++++++++----
 arch/x86/include/asm/cpufeatures.h       |  1 +
 arch/x86/include/asm/disabled-features.h |  8 ++++++-
 arch/x86/mm/asi.c                        | 29 ++++++++++++++++++++++++
 arch/x86/mm/init.c                       |  2 +-
 include/asm-generic/asi.h                |  2 ++
 6 files changed, 53 insertions(+), 6 deletions(-)

diff --git a/arch/x86/include/asm/asi.h b/arch/x86/include/asm/asi.h
index f9fc928a555d..0a4af23ed0eb 100644
--- a/arch/x86/include/asm/asi.h
+++ b/arch/x86/include/asm/asi.h
@@ -6,6 +6,7 @@
 
 #include <asm/pgtable_types.h>
 #include <asm/percpu.h>
+#include <asm/cpufeature.h>
 
 #ifdef CONFIG_ADDRESS_SPACE_ISOLATION
 
@@ -52,18 +53,24 @@ void asi_exit(void);
 
 static inline void asi_set_target_unrestricted(void)
 {
-	barrier();
-	this_cpu_write(asi_cpu_state.target_asi, NULL);
+	if (static_cpu_has(X86_FEATURE_ASI)) {
+		barrier();
+		this_cpu_write(asi_cpu_state.target_asi, NULL);
+	}
 }
 
 static inline struct asi *asi_get_current(void)
 {
-	return this_cpu_read(asi_cpu_state.curr_asi);
+	return static_cpu_has(X86_FEATURE_ASI)
+	       ? this_cpu_read(asi_cpu_state.curr_asi)
+	       : NULL;
 }
 
 static inline struct asi *asi_get_target(void)
 {
-	return this_cpu_read(asi_cpu_state.target_asi);
+	return static_cpu_has(X86_FEATURE_ASI)
+	       ? this_cpu_read(asi_cpu_state.target_asi)
+	       : NULL;
 }
 
 static inline bool is_asi_active(void)
@@ -76,6 +83,8 @@ static inline bool asi_is_target_unrestricted(void)
 	return !asi_get_target();
 }
 
+#define static_asi_enabled() cpu_feature_enabled(X86_FEATURE_ASI)
+
 #endif	/* CONFIG_ADDRESS_SPACE_ISOLATION */
 
 #endif
diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index d5b5f2ab87a0..0b0ead3cdd48 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -295,6 +295,7 @@
 #define X86_FEATURE_PER_THREAD_MBA	(11*32+ 7) /* "" Per-thread Memory Bandwidth Allocation */
 #define X86_FEATURE_SGX1		(11*32+ 8) /* "" Basic SGX */
 #define X86_FEATURE_SGX2		(11*32+ 9) /* "" SGX Enclave Dynamic Memory Management (EDMM) */
+#define X86_FEATURE_ASI			(11*32+10) /* Kernel Address Space Isolation */
 
 /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */
 #define X86_FEATURE_AVX_VNNI		(12*32+ 4) /* AVX VNNI instructions */
diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h
index 8f28fafa98b3..9659cd9f867d 100644
--- a/arch/x86/include/asm/disabled-features.h
+++ b/arch/x86/include/asm/disabled-features.h
@@ -56,6 +56,12 @@
 # define DISABLE_PTI		(1 << (X86_FEATURE_PTI & 31))
 #endif
 
+#ifdef CONFIG_ADDRESS_SPACE_ISOLATION
+# define DISABLE_ASI		0
+#else
+# define DISABLE_ASI		(1 << (X86_FEATURE_ASI & 31))
+#endif
+
 /* Force disable because it's broken beyond repair */
 #define DISABLE_ENQCMD		(1 << (X86_FEATURE_ENQCMD & 31))
 
@@ -79,7 +85,7 @@
 #define DISABLED_MASK8	0
 #define DISABLED_MASK9	(DISABLE_SMAP|DISABLE_SGX)
 #define DISABLED_MASK10	0
-#define DISABLED_MASK11	0
+#define DISABLED_MASK11	(DISABLE_ASI)
 #define DISABLED_MASK12	0
 #define DISABLED_MASK13	0
 #define DISABLED_MASK14	0
diff --git a/arch/x86/mm/asi.c b/arch/x86/mm/asi.c
index 9928325f3787..d274c86f89b7 100644
--- a/arch/x86/mm/asi.c
+++ b/arch/x86/mm/asi.c
@@ -1,5 +1,7 @@
 // SPDX-License-Identifier: GPL-2.0
 
+#include <linux/init.h>
+
 #include <asm/asi.h>
 #include <asm/pgalloc.h>
 #include <asm/mmu_context.h>
@@ -18,6 +20,9 @@ int asi_register_class(const char *name, uint flags,
 {
 	int i;
 
+	if (!boot_cpu_has(X86_FEATURE_ASI))
+		return 0;
+
 	VM_BUG_ON(name == NULL);
 
 	spin_lock(&asi_class_lock);
@@ -43,6 +48,9 @@ EXPORT_SYMBOL_GPL(asi_register_class);
 
 void asi_unregister_class(int index)
 {
+	if (!boot_cpu_has(X86_FEATURE_ASI))
+		return;
+
 	spin_lock(&asi_class_lock);
 
 	WARN_ON(asi_class[index].name == NULL);
@@ -52,10 +60,22 @@ void asi_unregister_class(int index)
 }
 EXPORT_SYMBOL_GPL(asi_unregister_class);
 
+static int __init set_asi_param(char *str)
+{
+	if (strcmp(str, "on") == 0)
+		setup_force_cpu_cap(X86_FEATURE_ASI);
+
+	return 0;
+}
+early_param("asi", set_asi_param);
+
 int asi_init(struct mm_struct *mm, int asi_index)
 {
 	struct asi *asi = &mm->asi[asi_index];
 
+	if (!boot_cpu_has(X86_FEATURE_ASI))
+		return 0;
+
 	/* Index 0 is reserved for special purposes. */
 	WARN_ON(asi_index == 0 || asi_index >= ASI_MAX_NUM);
 	WARN_ON(asi->pgd != NULL);
@@ -79,6 +99,9 @@ EXPORT_SYMBOL_GPL(asi_init);
 
 void asi_destroy(struct asi *asi)
 {
+	if (!boot_cpu_has(X86_FEATURE_ASI))
+		return;
+
 	free_pages((ulong)asi->pgd, PGD_ALLOCATION_ORDER);
 	memset(asi, 0, sizeof(struct asi));
 }
@@ -109,6 +132,9 @@ static void __asi_enter(void)
 
 void asi_enter(struct asi *asi)
 {
+	if (!static_cpu_has(X86_FEATURE_ASI))
+		return;
+
 	VM_WARN_ON_ONCE(!asi);
 
 	this_cpu_write(asi_cpu_state.target_asi, asi);
@@ -123,6 +149,9 @@ void asi_exit(void)
 	u64 unrestricted_cr3;
 	struct asi *asi;
 
+	if (!static_cpu_has(X86_FEATURE_ASI))
+		return;
+
 	preempt_disable();
 
 	VM_BUG_ON(this_cpu_read(cpu_tlbstate.loaded_mm) ==
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 000cbe5315f5..dfff17363365 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -240,7 +240,7 @@ static void __init probe_page_size_mask(void)
 	__default_kernel_pte_mask = __supported_pte_mask;
 	/* Except when with PTI or ASI where the kernel is mostly non-Global: */
 	if (cpu_feature_enabled(X86_FEATURE_PTI) ||
-	    IS_ENABLED(CONFIG_ADDRESS_SPACE_ISOLATION))
+	    cpu_feature_enabled(X86_FEATURE_ASI))
 		__default_kernel_pte_mask &= ~_PAGE_GLOBAL;
 
 	/* Enable 1 GB linear kernel mappings if available: */
diff --git a/include/asm-generic/asi.h b/include/asm-generic/asi.h
index e5ba51d30b90..dae1403ee1d0 100644
--- a/include/asm-generic/asi.h
+++ b/include/asm-generic/asi.h
@@ -44,6 +44,8 @@ static inline struct asi *asi_get_target(void) { return NULL; }
 
 static inline struct asi *asi_get_current(void) { return NULL; }
 
+#define static_asi_enabled() false
+
 #endif  /* !_ASSEMBLY_ */
 
 #endif /* !CONFIG_ADDRESS_SPACE_ISOLATION */
-- 
2.35.1.473.g83b2b277ed-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ