lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 19 Apr 2022 10:06:38 -0700
From:   ira.weiny@...el.com
To:     Dave Hansen <dave.hansen@...ux.intel.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Dan Williams <dan.j.williams@...el.com>
Cc:     Ira Weiny <ira.weiny@...el.com>, Fenghua Yu <fenghua.yu@...el.com>,
        Rick Edgecombe <rick.p.edgecombe@...el.com>,
        "Shankar, Ravi V" <ravi.v.shankar@...el.com>,
        linux-kernel@...r.kernel.org
Subject: [PATCH V10 33/44] kmap: Make kmap work for devmap protected pages

From: Ira Weiny <ira.weiny@...el.com>

Today, kmap_{local_page,atomic}() handle granting access to HIGHMEM
pages without the caller needing to know if the page is HIGHMEM, or not.
Use that existing infrastructure to grant access to PGMAP (PKS)
protected pages.

kmap_{local_page,atomic}() are both thread local mappings so they work
well with the thread specific protections available within PKS.

On the other hand, the kmap() call is not changed.  kmap() allows for a
mapping to be shared with other threads, while PKS protections operate
on a thread local basis.  For this reason, and the desire to move away
from mappings like this, kmap() is left unsupported.

This behavior is safe because neither of the 2 current DAX-capable
filesystems (ext4 and xfs) perform such global mappings.  And known
device drivers that would handle devmap pages are not using kmap().  Any
future filesystems that gain DAX support, or device drivers wanting to
support devmap protected pages will need to use kmap_local_page().

Note: HIGHMEM support is mutually exclusive with PGMAP protection.  The
rationale is mainly to reduce complexity, but also because direct-map
exposure is already mitigated by default on HIGHMEM systems because
by definition HIGHMEM systems do not have large capacities of memory
in the direct map.

Cc: Dan Williams <dan.j.williams@...el.com>
Cc: Dave Hansen <dave.hansen@...el.com>
Signed-off-by: Ira Weiny <ira.weiny@...el.com>

---
Changes for V10
	Include memremap.h because of upstream rework

Changes for V9
	From Dan Williams
		Update commit message
			Clarify why kmap is not 'compatible' with PKS
			Explain the HIGHMEM system exclusion more
	Remove pgmap_protection_flag_invalid() from kmap
	s/pks_mk*/pks_set*/

Changes for V8
	Reword commit message
---
 include/linux/highmem-internal.h | 6 ++++++
 mm/Kconfig                       | 1 +
 2 files changed, 7 insertions(+)

diff --git a/include/linux/highmem-internal.h b/include/linux/highmem-internal.h
index a77be5630209..32ed07c2994b 100644
--- a/include/linux/highmem-internal.h
+++ b/include/linux/highmem-internal.h
@@ -151,6 +151,8 @@ static inline void totalhigh_pages_add(long count)
 
 #else /* CONFIG_HIGHMEM */
 
+#include <linux/memremap.h>
+
 static inline struct page *kmap_to_page(void *addr)
 {
 	return virt_to_page(addr);
@@ -174,6 +176,7 @@ static inline void kunmap(struct page *page)
 
 static inline void *kmap_local_page(struct page *page)
 {
+	pgmap_set_readwrite(page);
 	return page_address(page);
 }
 
@@ -197,6 +200,7 @@ static inline void __kunmap_local(void *addr)
 #ifdef ARCH_HAS_FLUSH_ON_KUNMAP
 	kunmap_flush_on_unmap(addr);
 #endif
+	pgmap_set_noaccess(kmap_to_page(addr));
 }
 
 static inline void *kmap_atomic(struct page *page)
@@ -206,6 +210,7 @@ static inline void *kmap_atomic(struct page *page)
 	else
 		preempt_disable();
 	pagefault_disable();
+	pgmap_set_readwrite(page);
 	return page_address(page);
 }
 
@@ -224,6 +229,7 @@ static inline void __kunmap_atomic(void *addr)
 #ifdef ARCH_HAS_FLUSH_ON_KUNMAP
 	kunmap_flush_on_unmap(addr);
 #endif
+	pgmap_set_noaccess(kmap_to_page(addr));
 	pagefault_enable();
 	if (IS_ENABLED(CONFIG_PREEMPT_RT))
 		migrate_enable();
diff --git a/mm/Kconfig b/mm/Kconfig
index fe1752e6e76c..616baee3f62d 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -800,6 +800,7 @@ config ZONE_DEVICE
 config DEVMAP_ACCESS_PROTECTION
 	bool "Access protection for memremap_pages()"
 	depends on NVDIMM_PFN
+	depends on !HIGHMEM
 	depends on ARCH_HAS_SUPERVISOR_PKEYS
 	select ARCH_ENABLE_PKS_CONSUMER
 	default n
-- 
2.35.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ