From: Junaid Shahid <junaids@google.com>
To: linux-kernel@vger.kernel.org
Cc: Ofir Weisse <oweisse@google.com>,
kvm@vger.kernel.org, pbonzini@redhat.com, jmattson@google.com,
pjt@google.com, alexandre.chartre@oracle.com,
rppt@linux.ibm.com, dave.hansen@linux.intel.com,
peterz@infradead.org, tglx@linutronix.de, luto@kernel.org,
linux-mm@kvack.org
Subject: [RFC PATCH 38/47] mm: asi: ASI annotation support for dynamic modules.
Date: Tue, 22 Feb 2022 21:22:14 -0800 [thread overview]
Message-ID: <20220223052223.1202152-39-junaids@google.com> (raw)
In-Reply-To: <20220223052223.1202152-1-junaids@google.com>
From: Ofir Weisse <oweisse@google.com>
Adding support for use of ASI static variable annotations in dynamic
modules:
- __asi_not_sensitive and
- __asi_not_sensitive_readmostly
Per module, we now have the following offsets:
1. asi_section_offset/size - which should be mapped into asi global pool
2. asi_readmostly_section/size - same as above, for read mostly data;
3. once_section_offset/size - is considered asi non-sensitive
Signed-off-by: Ofir Weisse <oweisse@google.com>
---
arch/x86/include/asm/asi.h | 3 ++
arch/x86/mm/asi.c | 66 ++++++++++++++++++++++++++++++++++++++
include/asm-generic/asi.h | 3 ++
include/linux/module.h | 9 ++++++
kernel/module.c | 58 +++++++++++++++++++++++++++++++++
5 files changed, 139 insertions(+)
diff --git a/arch/x86/include/asm/asi.h b/arch/x86/include/asm/asi.h
index 6dd9c7c8a2b8..d43f6aadffee 100644
--- a/arch/x86/include/asm/asi.h
+++ b/arch/x86/include/asm/asi.h
@@ -98,6 +98,9 @@ static inline void asi_init_thread_state(struct thread_struct *thread)
thread->intr_nest_depth = 0;
}
+int asi_load_module(struct module* module);
+void asi_unload_module(struct module* module);
+
static inline void asi_set_target_unrestricted(void)
{
if (static_cpu_has(X86_FEATURE_ASI)) {
diff --git a/arch/x86/mm/asi.c b/arch/x86/mm/asi.c
index 9b1bd005f343..6c14aa1fc4aa 100644
--- a/arch/x86/mm/asi.c
+++ b/arch/x86/mm/asi.c
@@ -5,6 +5,7 @@
#include <linux/memcontrol.h>
#include <linux/moduleparam.h>
#include <linux/slab.h>
+#include <linux/module.h>
#include <asm/asi.h>
#include <asm/pgalloc.h>
@@ -308,6 +309,71 @@ static int __init set_asi_param(char *str)
}
early_param("asi", set_asi_param);
+/* asi_load_module() is called from layout_and_allocate() in kernel/module.c
+ * We map the module and its data in init_mm.asi_pgd[0].
+*/
+int asi_load_module(struct module* module)
+{
+ int err = 0;
+
+ /* Map the cod/text */
+ err = asi_map(ASI_GLOBAL_NONSENSITIVE,
+ module->core_layout.base,
+ module->core_layout.ro_after_init_size );
+ if (err)
+ return err;
+
+ /* Map global variables annotated as non-sensitive for ASI */
+ err = asi_map(ASI_GLOBAL_NONSENSITIVE,
+ module->core_layout.base +
+ module->core_layout.asi_section_offset,
+ module->core_layout.asi_section_size );
+ if (err)
+ return err;
+
+ /* Map global variables annotated as non-sensitive for ASI */
+ err = asi_map(ASI_GLOBAL_NONSENSITIVE,
+ module->core_layout.base +
+ module->core_layout.asi_readmostly_section_offset,
+ module->core_layout.asi_readmostly_section_size);
+ if (err)
+ return err;
+
+ /* Map .data.once section as well */
+ err = asi_map(ASI_GLOBAL_NONSENSITIVE,
+ module->core_layout.base +
+ module->core_layout.once_section_offset,
+ module->core_layout.once_section_size );
+ if (err)
+ return err;
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(asi_load_module);
+
+void asi_unload_module(struct module* module)
+{
+ asi_unmap(ASI_GLOBAL_NONSENSITIVE,
+ module->core_layout.base,
+ module->core_layout.ro_after_init_size, true);
+
+ asi_unmap(ASI_GLOBAL_NONSENSITIVE,
+ module->core_layout.base +
+ module->core_layout.asi_section_offset,
+ module->core_layout.asi_section_size, true);
+
+ asi_unmap(ASI_GLOBAL_NONSENSITIVE,
+ module->core_layout.base +
+ module->core_layout.asi_readmostly_section_offset,
+ module->core_layout.asi_readmostly_section_size, true);
+
+ asi_unmap(ASI_GLOBAL_NONSENSITIVE,
+ module->core_layout.base +
+ module->core_layout.once_section_offset,
+ module->core_layout.once_section_size, true);
+
+}
+
static int __init asi_global_init(void)
{
uint i, n;
diff --git a/include/asm-generic/asi.h b/include/asm-generic/asi.h
index d9082267a5dd..2763cb1a974c 100644
--- a/include/asm-generic/asi.h
+++ b/include/asm-generic/asi.h
@@ -120,6 +120,7 @@ void asi_flush_tlb_range(struct asi *asi, void *addr, size_t len) { }
#define static_asi_enabled() false
+static inline int asi_load_module(struct module* module) {return 0;}
/* IMPORTANT: Any modification to the name here should also be applied to
* include/asm-generic/vmlinux.lds.h */
@@ -127,6 +128,8 @@ void asi_flush_tlb_range(struct asi *asi, void *addr, size_t len) { }
#define __asi_not_sensitive
#define __asi_not_sensitive_readmostly
+static inline void asi_unload_module(struct module* module) { }
+
#endif /* !_ASSEMBLY_ */
#endif /* !CONFIG_ADDRESS_SPACE_ISOLATION */
diff --git a/include/linux/module.h b/include/linux/module.h
index c9f1200b2312..82267a95f936 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -336,6 +336,15 @@ struct module_layout {
#ifdef CONFIG_MODULES_TREE_LOOKUP
struct mod_tree_node mtn;
#endif
+
+#ifdef CONFIG_ADDRESS_SPACE_ISOLATION
+ unsigned int asi_section_offset;
+ unsigned int asi_section_size;
+ unsigned int asi_readmostly_section_offset;
+ unsigned int asi_readmostly_section_size;
+ unsigned int once_section_offset;
+ unsigned int once_section_size;
+#endif
};
#ifdef CONFIG_MODULES_TREE_LOOKUP
diff --git a/kernel/module.c b/kernel/module.c
index 84a9141a5e15..d363b8a0ee24 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -2159,6 +2159,8 @@ static void free_module(struct module *mod)
{
trace_module_free(mod);
+ asi_unload_module(mod);
+
mod_sysfs_teardown(mod);
/*
@@ -2416,6 +2418,31 @@ static bool module_init_layout_section(const char *sname)
return module_init_section(sname);
}
+#ifdef CONFIG_ADDRESS_SPACE_ISOLATION
+static void asi_record_sections_layout(struct module *mod,
+ const char *sname,
+ Elf_Shdr *s)
+{
+ if (strstarts(sname, ASI_NON_SENSITIVE_READ_MOSTLY_SECTION_NAME)) {
+ mod->core_layout.asi_readmostly_section_offset = s->sh_entsize;
+ mod->core_layout.asi_readmostly_section_size = s->sh_size;
+ }
+ else if (strstarts(sname, ASI_NON_SENSITIVE_SECTION_NAME)) {
+ mod->core_layout.asi_section_offset = s->sh_entsize;
+ mod->core_layout.asi_section_size = s->sh_size;
+ }
+ if (strstarts(sname, ".data.once")) {
+ mod->core_layout.once_section_offset = s->sh_entsize;
+ mod->core_layout.once_section_size = s->sh_size;
+ }
+}
+#else
+static void asi_record_sections_layout(struct module *mod,
+ const char *sname,
+ Elf_Shdr *s)
+{}
+#endif
+
/*
* Lay out the SHF_ALLOC sections in a way not dissimilar to how ld
* might -- code, read-only data, read-write data, small data. Tally
@@ -2453,6 +2480,7 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| module_init_layout_section(sname))
continue;
s->sh_entsize = get_offset(mod, &mod->core_layout.size, s, i);
+ asi_record_sections_layout(mod, sname, s);
pr_debug("\t%s\n", sname);
}
switch (m) {
@@ -3558,6 +3586,25 @@ static bool blacklisted(const char *module_name)
}
core_param(module_blacklist, module_blacklist, charp, 0400);
+#ifdef CONFIG_ADDRESS_SPACE_ISOLATION
+static void asi_fix_section_size_and_alignment(struct load_info *info,
+ char *section_to_fix)
+{
+ unsigned int ndx = find_sec(info, section_to_fix );
+ if (!ndx)
+ return;
+
+ info->sechdrs[ndx].sh_addralign = PAGE_SIZE;
+ info->sechdrs[ndx].sh_size =
+ ALIGN( info->sechdrs[ndx].sh_size, PAGE_SIZE );
+}
+#else
+static inline void asi_fix_section_size_and_alignment(struct load_info *info,
+ char *section_to_fix)
+{}
+#endif
+
+
static struct module *layout_and_allocate(struct load_info *info, int flags)
{
struct module *mod;
@@ -3600,6 +3647,15 @@ static struct module *layout_and_allocate(struct load_info *info, int flags)
if (ndx)
info->sechdrs[ndx].sh_flags |= SHF_RO_AFTER_INIT;
+#ifdef CONFIG_ADDRESS_SPACE_ISOLATION
+ /* These are sections we will want to map into an ASI page-table. We
+ * therefore need these sections to be aligned to a PAGE_SIZE */
+ asi_fix_section_size_and_alignment(info, ASI_NON_SENSITIVE_SECTION_NAME);
+ asi_fix_section_size_and_alignment(info,
+ ASI_NON_SENSITIVE_READ_MOSTLY_SECTION_NAME);
+ asi_fix_section_size_and_alignment(info, ".data.once");
+#endif
+
/*
* Determine total sizes, and put offsets in sh_entsize. For now
* this is done generically; there doesn't appear to be any
@@ -4127,6 +4183,8 @@ static int load_module(struct load_info *info, const char __user *uargs,
/* Get rid of temporary copy. */
free_copy(info);
+ asi_load_module(mod);
+
/* Done! */
trace_module_load(mod);
--
2.35.1.473.g83b2b277ed-goog
next prev parent reply other threads:[~2022-02-23 5:25 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-23 5:21 [RFC PATCH 00/47] Address Space Isolation for KVM Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 01/47] mm: asi: Introduce ASI core API Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 02/47] mm: asi: Add command-line parameter to enable/disable ASI Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 03/47] mm: asi: Switch to unrestricted address space when entering scheduler Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 04/47] mm: asi: ASI support in interrupts/exceptions Junaid Shahid
2022-03-14 15:50 ` Thomas Gleixner
2022-03-15 2:01 ` Junaid Shahid
2022-03-15 12:55 ` Thomas Gleixner
2022-03-15 22:41 ` Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 05/47] mm: asi: Make __get_current_cr3_fast() ASI-aware Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 06/47] mm: asi: ASI page table allocation and free functions Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 07/47] mm: asi: Functions to map/unmap a memory range into ASI page tables Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 08/47] mm: asi: Add basic infrastructure for global non-sensitive mappings Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 09/47] mm: Add __PAGEFLAG_FALSE Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 10/47] mm: asi: Support for global non-sensitive direct map allocations Junaid Shahid
2022-03-23 21:06 ` Matthew Wilcox
2022-03-23 23:48 ` Junaid Shahid
2022-03-24 1:54 ` Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 11/47] mm: asi: Global non-sensitive vmalloc/vmap support Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 12/47] mm: asi: Support for global non-sensitive slab caches Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 13/47] asi: Added ASI memory cgroup flag Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 14/47] mm: asi: Disable ASI API when ASI is not enabled for a process Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 15/47] kvm: asi: Restricted address space for VM execution Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 16/47] mm: asi: Support for mapping non-sensitive pcpu chunks Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 17/47] mm: asi: Aliased direct map for local non-sensitive allocations Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 18/47] mm: asi: Support for pre-ASI-init " Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 19/47] mm: asi: Support for locally nonsensitive page allocations Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 20/47] mm: asi: Support for locally non-sensitive vmalloc allocations Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 21/47] mm: asi: Add support for locally non-sensitive VM_USERMAP pages Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 22/47] mm: asi: Added refcounting when initilizing an asi Junaid Shahid
2022-02-23 5:21 ` [RFC PATCH 23/47] mm: asi: Add support for mapping all userspace memory into ASI Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 24/47] mm: asi: Support for local non-sensitive slab caches Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 25/47] mm: asi: Avoid warning from NMI userspace accesses in ASI context Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 26/47] mm: asi: Use separate PCIDs for restricted address spaces Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 27/47] mm: asi: Avoid TLB flushes during ASI CR3 switches when possible Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 28/47] mm: asi: Avoid TLB flush IPIs to CPUs not in ASI context Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 29/47] mm: asi: Reduce TLB flushes when freeing pages asynchronously Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 30/47] mm: asi: Add API for mapping userspace address ranges Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 31/47] mm: asi: Support for non-sensitive SLUB caches Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 32/47] x86: asi: Allocate FPU state separately when ASI is enabled Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 33/47] kvm: asi: Map guest memory into restricted ASI address space Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 34/47] kvm: asi: Unmap guest memory from ASI address space when using nested virt Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 35/47] mm: asi: asi_exit() on PF, skip handling if address is accessible Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 36/47] mm: asi: Adding support for dynamic percpu ASI allocations Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 37/47] mm: asi: ASI annotation support for static variables Junaid Shahid
2022-02-23 5:22 ` Junaid Shahid [this message]
2022-02-23 5:22 ` [RFC PATCH 39/47] mm: asi: Skip conventional L1TF/MDS mitigations Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 40/47] mm: asi: support for static percpu DEFINE_PER_CPU*_ASI Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 41/47] mm: asi: Annotation of static variables to be nonsensitive Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 42/47] mm: asi: Annotation of PERCPU " Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 43/47] mm: asi: Annotation of dynamic " Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 44/47] kvm: asi: Splitting kvm_vcpu_arch into non/sensitive parts Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 45/47] mm: asi: Mapping global nonsensitive areas in asi_global_init Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 46/47] kvm: asi: Do asi_exit() in vcpu_run loop before returning to userspace Junaid Shahid
2022-02-23 5:22 ` [RFC PATCH 47/47] mm: asi: Properly un/mapping task stack from ASI + tlb flush Junaid Shahid
2022-03-05 3:39 ` [RFC PATCH 00/47] Address Space Isolation for KVM Hyeonggon Yoo
2022-03-16 21:34 ` Alexandre Chartre
2022-03-17 23:25 ` Junaid Shahid
2022-03-22 9:46 ` Alexandre Chartre
2022-03-23 19:35 ` Junaid Shahid
2022-04-08 8:52 ` Alexandre Chartre
2022-04-11 3:26 ` junaid_shahid
2022-03-16 22:49 ` Thomas Gleixner
2022-03-17 21:24 ` Junaid Shahid
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220223052223.1202152-39-junaids@google.com \
--to=junaids@google.com \
--cc=alexandre.chartre@oracle.com \
--cc=dave.hansen@linux.intel.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=oweisse@google.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=pjt@google.com \
--cc=rppt@linux.ibm.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox