From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53DFCC3DA41 for ; Thu, 11 Jul 2024 09:50:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C1CFC6B008A; Thu, 11 Jul 2024 05:50:11 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id BCCB56B008C; Thu, 11 Jul 2024 05:50:11 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A94096B0095; Thu, 11 Jul 2024 05:50:11 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 8A4C16B008A for ; Thu, 11 Jul 2024 05:50:11 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 363C2A227C for ; Thu, 11 Jul 2024 09:50:11 +0000 (UTC) X-FDA: 82327001022.23.C464BAC Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by imf29.hostedemail.com (Postfix) with ESMTP id 26DCA12000A for ; Thu, 11 Jul 2024 09:50:08 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=none; spf=pass (imf29.hostedemail.com: domain of joey.gouly@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=joey.gouly@arm.com; dmarc=pass (policy=none) header.from=arm.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720691392; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TaFE8YHGJU3HgxbsKCj/60CClqcjgHPjA0F5kW36VJA=; b=O+ZdIQ/BZjY6yyA1PeZH9U5C05PnNYshGtqnP1tCXUzEDh1iFJ0HhnKeYxKqCMLzsHCPpO iNTcGJF7DGdFVTu3lef71VwFSIZa19IUbJSkPJVVNAQwWwK9uMbQmmqopHNrNXqLxfmQHO anDYtRQX7oou9J/BAREM0vRip0o6Syo= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=none; spf=pass (imf29.hostedemail.com: domain of joey.gouly@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=joey.gouly@arm.com; dmarc=pass (policy=none) header.from=arm.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720691392; a=rsa-sha256; cv=none; b=nElK67pmxLSn8a/HrpgFLfMgaYnob/T7QXUT3AxsxukW+cneSV3rQ6FcI9rB6jK5ahA4OP K7lP6pjWIKXH62CizUAdqMRMmSXZzNfQKGPEN5EKfjmf6Lb1DAMLLicj/tk3X0008rOynU 0Up94lXz4V87FxL1sUvMlwBTFuxmHEU= Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4621C1007; Thu, 11 Jul 2024 02:50:33 -0700 (PDT) Received: from e124191.cambridge.arm.com (e124191.cambridge.arm.com [10.1.197.45]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 1B87B3F766; Thu, 11 Jul 2024 02:50:05 -0700 (PDT) Date: Thu, 11 Jul 2024 10:50:00 +0100 From: Joey Gouly To: Catalin Marinas Cc: Szabolcs Nagy , Florian Weimer , dave.hansen@linux.intel.com, linux-arm-kernel@lists.infradead.org, akpm@linux-foundation.org, aneesh.kumar@kernel.org, aneesh.kumar@linux.ibm.com, bp@alien8.de, broonie@kernel.org, christophe.leroy@csgroup.eu, hpa@zytor.com, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org, maz@kernel.org, mingo@redhat.com, mpe@ellerman.id.au, naveen.n.rao@linux.ibm.com, npiggin@gmail.com, oliver.upton@linux.dev, shuah@kernel.org, tglx@linutronix.de, will@kernel.org, x86@kernel.org, kvmarm@lists.linux.dev Subject: Re: [PATCH v4 17/29] arm64: implement PKEYS support Message-ID: <20240711095000.GA488602@e124191.cambridge.arm.com> References: <20240503130147.1154804-1-joey.gouly@arm.com> <20240503130147.1154804-18-joey.gouly@arm.com> <20240531152138.GA1805682@e124191.cambridge.arm.com> <87a5jj4rhw.fsf@oldenburg.str.redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 26DCA12000A X-Stat-Signature: yeyjed5ad7rof7rdg5goxuh4biaey9x1 X-Rspam-User: X-HE-Tag: 1720691408-958186 X-HE-Meta: U2FsdGVkX1//P9fONj5RulFphi4iFeFLyQyMst9afCVp3KRBtpkoOa1KWiLwVtWGJRl+zEX7sneCkHsQ1k3YrveCkdZ1PwMCIwISaWfEqqzaCygjeO5iDtR1gZZ6Z9wL/PYYcAswcDyDVIoplHZkjZ8OC1Ffx1DjOamqZjXxFW/f8SSEeaPrtVk/OzGo+Pl4EVFwp05HBS1tU1Sgw+tsKuHYC7RKMFNpOKYxn5WFrJ5GaU5+goY4NPnWDIAgpFykT7nYsdjxH0/mF0aFCLiZvqKGhRkW/Qpk7dakJDfYf0G5NjL4Utj0oX94p419DEt3xlP72HFUS0h7uS/+Wp0a41YIsrowF3LFsN4dhjRgePbmFv6ZYDWRqAH+tcz1pXhaJx6pRhyN0UWUGXhHz3qVZHktpsEy7/c9xxd1QkkZPOQAcNFiuKBlxgiP/otrs0m822f0kiUcS0++mqn86e8x7/JnSgDaKvmoroxQ2MtqORgU+81WnK78L2XE8GULtjG+H4GC/F6QnaRRelYVAJSiFZO2wgAQ24TxTgW1TDTDXC/d1Bk5l3tV4MflPrdvsWRrhvSBZJdMe2z9Or5EHL6I7zCoceh7nU1ArKQhxTcgwLDjT3m4cZXK8apwJh0OpxSjjyreZr7UAplM/yikfB31n6/IpRFTBPsX0TyyV0uzCFVlTpnEhagnNmgTFHeEz5at6lX/aasozbtwrIG3y1l70fhBDWApq7N+frSPy+DJiemtURalD8wgJpd37wsoiX/9zEOrCvVzxozgww7M7CQeLt+Mm8hdmEZuJpvQmpdn8f23/qOCaqdPYinsOud2k0xam9YEPYUFnuci0oyqWCSxN+iM8DGQ6+iBndV3ayl14xateEog6dKS/uXOkmZWqAhxGtTBwZ66R2ycxLUZR4eMy0uymc2RcuEBKS6hkLNfjbH4tQVW/q3MSiKGSxszZLC34jphJyQiIoKHMl+lcwY piOFh1Wx b1g00QWjQUvemElokl987D4oE3LY1gD3lWcMMr6/19Iw4h+3bnKBlDbEGf15BTDN+GMPAO8NKDELQhzGaneso/pAcznlFuNDaXpmSUe+uecQ3n8B5BD3AuwjQOAoE8fgHqUYc+FpHkRrx+OEsmsGAvjhNa8H2TnZLGHZl/0hvdxWPtCIF1jkyodVPPQVc4szGFneYwmJcEq1s7uE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Jul 08, 2024 at 06:53:18PM +0100, Catalin Marinas wrote: > Hi Szabolcs, > > On Mon, Jun 17, 2024 at 03:51:35PM +0100, Szabolcs Nagy wrote: > > The 06/17/2024 15:40, Florian Weimer wrote: > > > >> A user can still set it by interacting with the register directly, but I guess > > > >> we want something for the glibc interface.. > > > >> > > > >> Dave, any thoughts here? > > > > > > > > adding Florian too, since i found an old thread of his that tried > > > > to add separate PKEY_DISABLE_READ and PKEY_DISABLE_EXECUTE, but > > > > it did not seem to end up upstream. (this makes more sense to me > > > > as libc api than the weird disable access semantics) > > > > > > I still think it makes sense to have a full complenent of PKEY_* flags > > > complementing the PROT_* flags, in a somewhat abstract fashion for > > > pkey_alloc only. The internal protection mask register encoding will > > > differ from architecture to architecture, but the abstract glibc > > > functions pkey_set and pkey_get could use them (if we are a bit > > > careful). > > > > to me it makes sense to have abstract > > > > PKEY_DISABLE_READ > > PKEY_DISABLE_WRITE > > PKEY_DISABLE_EXECUTE > > PKEY_DISABLE_ACCESS > > > > where access is handled like > > > > if (flags&PKEY_DISABLE_ACCESS) > > flags |= PKEY_DISABLE_READ|PKEY_DISABLE_WRITE; > > disable_read = flags&PKEY_DISABLE_READ; > > disable_write = flags&PKEY_DISABLE_WRITE; > > disable_exec = flags&PKEY_DISABLE_EXECUTE; > > > > if there are unsupported combinations like > > disable_read&&!disable_write then those are rejected > > by pkey_alloc and pkey_set. > > > > this allows portable use of pkey apis. > > (the flags could be target specific, but don't have to be) > > On powerpc, PKEY_DISABLE_ACCESS also disables execution. AFAICT, the > kernel doesn't define a PKEY_DISABLE_READ, only PKEY_DISABLE_ACCESS so > for powerpc there's no way to to set an execute-only permission via this > interface. I wouldn't like to diverge from powerpc. I think this is wrong, look at this code from powerpc: arch/powerpc/mm/book3s64/pkeys.c: __arch_set_user_pkey_access if (init_val & PKEY_DISABLE_EXECUTE) { if (!pkey_execute_disable_supported) return -EINVAL; new_iamr_bits |= IAMR_EX_BIT; } init_iamr(pkey, new_iamr_bits); /* Set the bits we need in AMR: */ if (init_val & PKEY_DISABLE_ACCESS) new_amr_bits |= AMR_RD_BIT | AMR_WR_BIT; else if (init_val & PKEY_DISABLE_WRITE) new_amr_bits |= AMR_WR_BIT; init_amr(pkey, new_amr_bits); Seems to me that PKEY_DISABLE_ACCESS leaves exec permissions as-is. Here is the patch I am planning to include in the next version of the series. This should support all PKEY_DISABLE_* combinations. Any comments? commit ba51371a544f6b0a4a0f03df62ad894d53f5039b Author: Joey Gouly Date: Thu Jul 4 11:29:20 2024 +0100 arm64: add PKEY_DISABLE_READ and PKEY_DISABLE_EXEC TODO Signed-off-by: Joey Gouly diff --git arch/arm64/include/uapi/asm/mman.h arch/arm64/include/uapi/asm/mman.h index 1e6482a838e1..e7e0c8216243 100644 --- arch/arm64/include/uapi/asm/mman.h +++ arch/arm64/include/uapi/asm/mman.h @@ -7,4 +7,13 @@ #define PROT_BTI 0x10 /* BTI guarded page */ #define PROT_MTE 0x20 /* Normal Tagged mapping */ +/* Override any generic PKEY permission defines */ +#define PKEY_DISABLE_EXECUTE 0x4 +#define PKEY_DISABLE_READ 0x8 +#undef PKEY_ACCESS_MASK +#define PKEY_ACCESS_MASK (PKEY_DISABLE_ACCESS |\ + PKEY_DISABLE_WRITE |\ + PKEY_DISABLE_READ |\ + PKEY_DISABLE_EXECUTE) + #endif /* ! _UAPI__ASM_MMAN_H */ diff --git arch/arm64/mm/mmu.c arch/arm64/mm/mmu.c index 68afe5fc3071..ce4cc6bdee4e 100644 --- arch/arm64/mm/mmu.c +++ arch/arm64/mm/mmu.c @@ -1570,10 +1570,15 @@ int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, unsigned long i return -EINVAL; /* Set the bits we need in POR: */ + new_por = POE_RXW; + if (init_val & PKEY_DISABLE_WRITE) + new_por &= ~POE_W; if (init_val & PKEY_DISABLE_ACCESS) - new_por = POE_X; - else if (init_val & PKEY_DISABLE_WRITE) - new_por = POE_RX; + new_por &= ~POE_RW; + if (init_val & PKEY_DISABLE_READ) + new_por &= ~POE_R; + if (init_val & PKEY_DISABLE_EXECUTE) + new_por &= ~POE_X; /* Shift the bits in to the correct place in POR for pkey: */ pkey_shift = pkey * POR_BITS_PER_PKEY; Thanks, Joey