| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7e68b780-0591-4b05-98f0-154441f5dd14@arm.com>
Date: Tue, 15 Apr 2025 10:29:42 +0530
From: Anshuman Khandual <anshuman.khandual@....com>
To: Ryan Roberts <ryan.roberts@....com>, linux-arm-kernel@...ts.infradead.org
Cc: Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] arm64/mm: Implement pte_po_index() for permission overlay
index
On 4/14/25 18:58, Ryan Roberts wrote:
> On 10/04/2025 06:20, Anshuman Khandual wrote:
>> From: Ryan Roberts <ryan.roberts@....com>
>>
>> Previously pte_access_permitted() used FIELD_GET() directly to retrieve
>> the permission overlay index from the pte. However, FIELD_GET() doesn't
>> work for 128 bit quanitites. Since we are about to add support for D128
>> pgtables, let's create a specific helper, pte_po_index() which can do
>> the required mask and shift regardless of the data type width.
>>
>> Cc: Catalin Marinas <catalin.marinas@....com>
>> Cc: Will Deacon <will@...nel.org>
>> Cc: linux-arm-kernel@...ts.infradead.org
>> Cc: linux-kernel@...r.kernel.org
>> Signed-off-by: Ryan Roberts <ryan.roberts@....com>
>> Signed-off-by: Anshuman Khandual <anshuman.khandual@....com>
>> ---
>> This patch applies on v6.15-rc1
>>
>> arch/arm64/include/asm/pgtable-hwdef.h | 1 +
>> arch/arm64/include/asm/pgtable-prot.h | 2 ++
>> arch/arm64/include/asm/pgtable.h | 2 +-
>> 3 files changed, 4 insertions(+), 1 deletion(-)
>>
>> diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
>> index f3b77deedfa2..028a164924df 100644
>> --- a/arch/arm64/include/asm/pgtable-hwdef.h
>> +++ b/arch/arm64/include/asm/pgtable-hwdef.h
>> @@ -211,6 +211,7 @@
>> #define PTE_PO_IDX_2 (_AT(pteval_t, 1) << 62)
>>
>> #define PTE_PO_IDX_MASK GENMASK_ULL(62, 60)
>> +#define PTE_PO_IDX_SHIFT 60
>>
>>
>> /*
>> diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
>> index 7830d031742e..b53bc241e4e7 100644
>> --- a/arch/arm64/include/asm/pgtable-prot.h
>> +++ b/arch/arm64/include/asm/pgtable-prot.h
>> @@ -136,6 +136,8 @@ static inline bool __pure lpa2_is_enabled(void)
>> ((pte & BIT(PTE_PI_IDX_1)) >> (PTE_PI_IDX_1 - 1)) | \
>> ((pte & BIT(PTE_PI_IDX_0)) >> (PTE_PI_IDX_0 - 0)))
>>
>> +#define pte_po_index(pte) ((pte_val(pte) & PTE_PO_IDX_MASK) >> PTE_PO_IDX_SHIFT)
>> +
>> /*
>> * Page types used via Permission Indirection Extension (PIE). PIE uses
>> * the USER, DBM, PXN and UXN bits to to generate an index which is used
>> diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
>> index d3b538be1500..41979c0e6c21 100644
>> --- a/arch/arm64/include/asm/pgtable.h
>> +++ b/arch/arm64/include/asm/pgtable.h
>> @@ -182,7 +182,7 @@ static inline bool por_el0_allows_pkey(u8 pkey, bool write, bool execute)
>> (((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER)) && (!(write) || pte_write(pte)))
>> #define pte_access_permitted(pte, write) \
>> (pte_access_permitted_no_overlay(pte, write) && \
>> - por_el0_allows_pkey(FIELD_GET(PTE_PO_IDX_MASK, pte_val(pte)), write, false))
>> + por_el0_allows_pkey(pte_po_index(pte), write, false))
>> #define pmd_access_permitted(pmd, write) \
>> (pte_access_permitted(pmd_pte(pmd), (write)))
>> #define pud_access_permitted(pud, write) \
>
> kvm also uses PTE_PO_IDX_MASK in compute_s1_overlay_permissions(). Shouldn't we
> be converting that site too?
Just wanted to keep the KVM changes for later but sure, will fold these in.
>
> ----8<----
> diff --git a/arch/arm64/kvm/at.c b/arch/arm64/kvm/at.c
> index 3a96c96816e9..d9a8ee8e600f 100644
> --- a/arch/arm64/kvm/at.c
> +++ b/arch/arm64/kvm/at.c
> @@ -1073,7 +1073,7 @@ static void compute_s1_overlay_permissions(struct kvm_vcpu
> *vcpu,
> {
> u8 idx, pov_perms, uov_perms;
>
> - idx = FIELD_GET(PTE_PO_IDX_MASK, wr->desc);
> + idx = pte_po_index(__pte(wr->desc));
>
> switch (wi->regime) {
> case TR_EL10:
> ----8<----
Powered by blists - more mailing lists