lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241028094014.2596619-1-aneesh.kumar@kernel.org>
Date: Mon, 28 Oct 2024 15:10:10 +0530
From: "Aneesh Kumar K.V (Arm)" <aneesh.kumar@...nel.org>
To: linux-kernel@...r.kernel.org,
	linux-arm-kernel@...ts.infradead.org,
	kvmarm@...ts.linux.dev
Cc: Suzuki K Poulose <Suzuki.Poulose@....com>,
	Steven Price <steven.price@....com>,
	Will Deacon <will@...nel.org>,
	Catalin Marinas <catalin.marinas@....com>,
	Marc Zyngier <maz@...nel.org>,
	Mark Rutland <mark.rutland@....com>,
	Oliver Upton <oliver.upton@...ux.dev>,
	Joey Gouly <joey.gouly@....com>,
	Zenghui Yu <yuzenghui@...wei.com>,
	"Aneesh Kumar K.V (Arm)" <aneesh.kumar@...nel.org>
Subject: [PATCH 0/4] Add support for NoTagAccess memory attribute

A VMM allows assigning different types of memory regions to the guest and not
all memory regions support storing allocation tags. Currently, the kernel
doesn't allow enabling the MTE feature in the guest if any of the assigned
memory regions don't allow MTE. This prevents the usage of MTE in the guest even
though the guest will never use these memory regions as allocation tagged
memory.

This patch series provides a way to enable MTE in such configs. Translations
from non-MTE-allowed memory regions are installed in stage-2 with NoTagAccess
memory attributes. Guest access of allocation tags with these memory regions
will result in a VM Exit.

Note: We could use the existing KVM_EXIT_MEMORY_FAULT for this. I chose to add a
new EXIT type because this is an arm64-specific exit type and I was not sure
whether KVM_EXIT_MEMORY_FAULT needs a NoTagAccess flag.


Aneesh Kumar K.V (Arm) (4):
  arm64: Update the values to binary from hex
  arm64: cpufeature: add Allocation Tag Access Permission (MTE_PERM)
    feature
  arm64: mte: update code comments
  arm64: mte: Use stage-2 NoTagAccess memory attribute if supported

 arch/arm64/include/asm/cpufeature.h  |  5 ++++
 arch/arm64/include/asm/kvm_emulate.h |  5 ++++
 arch/arm64/include/asm/kvm_pgtable.h |  1 +
 arch/arm64/include/asm/memory.h      | 14 +++++-----
 arch/arm64/kernel/cpufeature.c       |  9 +++++++
 arch/arm64/kvm/hyp/pgtable.c         | 16 ++++++++---
 arch/arm64/kvm/mmu.c                 | 40 +++++++++++++++++++---------
 arch/arm64/tools/cpucaps             |  1 +
 include/uapi/linux/kvm.h             |  7 +++++
 9 files changed, 77 insertions(+), 21 deletions(-)


base-commit: c964ced7726294d40913f2127c3f185a92cb4a41
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ