[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220419170649.1022246-26-ira.weiny@intel.com>
Date: Tue, 19 Apr 2022 10:06:30 -0700
From: ira.weiny@...el.com
To: Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Dan Williams <dan.j.williams@...el.com>
Cc: Ira Weiny <ira.weiny@...el.com>, Fenghua Yu <fenghua.yu@...el.com>,
Rick Edgecombe <rick.p.edgecombe@...el.com>,
"Shankar, Ravi V" <ravi.v.shankar@...el.com>,
linux-kernel@...r.kernel.org
Subject: [PATCH V10 25/44] memremap_pages: Add Kconfig for DEVMAP_ACCESS_PROTECTION
From: Ira Weiny <ira.weiny@...el.com>
The persistent memory (PMEM) driver uses the memremap_pages facility to
provide 'struct page' metadata (vmemmap) for PMEM. Given that PMEM
capacity may be orders of magnitude higher capacity than System RAM it
presents a large vulnerability surface to stray writes. Unlike stray
writes to System RAM, which may result in a crash or other undesirable
behavior, stray writes to PMEM additionally are more likely to result in
permanent data loss. Reboot is not a remediation for PMEM corruption
like it is for System RAM.
Given that PMEM access from the kernel is limited to a constrained set
of locations (PMEM driver, Filesystem-DAX, and direct-I/O to a DAX
page), it is amenable to supervisor pkey protection.
Add a Kconfig option to configure additional devmap protections using
PKS.
Only PMEM which is advertised to the memory subsystem needs this
protection. Therefore, the feature depends on NVDIMM_PFN.
Signed-off-by: Ira Weiny <ira.weiny@...el.com>
---
Changes for V10
Rebased to latest
Changes for V9
Change this to enable arch pks consumer for mutual exclusion
with testing all pkeys
From Dan Williams
Default to no
Clean up commit message
Changes for V8
Split this out from
[PATCH V7 13/18] memremap_pages: Add access protection via supervisor Protection Keys (PKS)
---
mm/Kconfig | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/mm/Kconfig b/mm/Kconfig
index 29c272974aa9..fe1752e6e76c 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -797,6 +797,24 @@ config ZONE_DEVICE
If FS_DAX is enabled, then say Y.
+config DEVMAP_ACCESS_PROTECTION
+ bool "Access protection for memremap_pages()"
+ depends on NVDIMM_PFN
+ depends on ARCH_HAS_SUPERVISOR_PKEYS
+ select ARCH_ENABLE_PKS_CONSUMER
+ default n
+
+ help
+ Enable extra protections on device memory. This protects against
+ unintended access to devices such as a stray writes. This feature is
+ particularly useful to protect against corruption of persistent
+ memory.
+
+ This depends on architecture support of supervisor PKeys and has no
+ overhead if the architecture does not support them.
+
+ If you have persistent memory say 'Y'.
+
#
# Helpers to mirror range of the CPU page tables of a process into device page
# tables.
--
2.35.1
Powered by blists - more mailing lists