From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E556CF11FE for ; Thu, 10 Oct 2024 15:52:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 53E9F6B0082; Thu, 10 Oct 2024 11:52:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4C73D6B0083; Thu, 10 Oct 2024 11:52:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 340966B0085; Thu, 10 Oct 2024 11:52:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 11B5A6B0082 for ; Thu, 10 Oct 2024 11:52:46 -0400 (EDT) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id A66A880614 for ; Thu, 10 Oct 2024 15:52:42 +0000 (UTC) X-FDA: 82658135490.18.FA3BF38 Received: from smtp-fw-52004.amazon.com (smtp-fw-52004.amazon.com [52.119.213.154]) by imf09.hostedemail.com (Postfix) with ESMTP id 3D117140026 for ; Thu, 10 Oct 2024 15:52:42 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=amazon.de header.s=amazon201209 header.b=XwnHlW6X; spf=pass (imf09.hostedemail.com: domain of "prvs=0061a2085=faresx@amazon.de" designates 52.119.213.154 as permitted sender) smtp.mailfrom="prvs=0061a2085=faresx@amazon.de"; dmarc=pass (policy=quarantine) header.from=amazon.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728575519; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Kkum1blv47enqgyq2aUGev7ra3ELmRp0dUTOAbl+I58=; b=ZCzE+N+nhZE6gEmFoW/YOy/kC01k6boTSBqrVlsiiiCKrLmi9kCQunTbJ68YwvGIjCJni7 RSSrovDuTYosjrXb0RG0C6C4r9+oeeG3TOUXpN8GcBOu2H7EEoiOIpNsh8chvxUZWlQE68 hyARQLtbkRll9gK3k0vnYx+6zn+IfO4= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=amazon.de header.s=amazon201209 header.b=XwnHlW6X; spf=pass (imf09.hostedemail.com: domain of "prvs=0061a2085=faresx@amazon.de" designates 52.119.213.154 as permitted sender) smtp.mailfrom="prvs=0061a2085=faresx@amazon.de"; dmarc=pass (policy=quarantine) header.from=amazon.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728575519; a=rsa-sha256; cv=none; b=kVgLxCoav3CEYC9w/NgT3DhqqHlGFx7svi9zVZcKyNoIt/n473Z6lK4aO8vl2ilKfm9oy5 buzI3YLuoL0FgTTu3Rk/6L7mY3ZwCAV7Sftk4+pRGCzgjplWHY8MzF4tav+58gEFerKEXR E9K3NFtP/pddggQC2xMzFLLrPOxtcw0= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.de; i=@amazon.de; q=dns/txt; s=amazon201209; t=1728575564; x=1760111564; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Kkum1blv47enqgyq2aUGev7ra3ELmRp0dUTOAbl+I58=; b=XwnHlW6XYoJPa/bv9C261CUd1VGONwodjKce/FrKZxkkdr/HqFFXS8h3 GVXkI+wtuH9Cao+FaP5X/HHHsM5ngppua8lu5Bjy2vVkE1lzTUlisk0ED KROfQaXHoKF5VKpDhytdbcHIf4DGNfCeFBqS5FnmEaDaTRiryObr47z8F 4=; X-IronPort-AV: E=Sophos;i="6.11,193,1725321600"; d="scan'208";a="238327105" Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.43.8.2]) by smtp-border-fw-52004.iad7.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Oct 2024 15:52:39 +0000 Received: from EX19MTAEUC001.ant.amazon.com [10.0.43.254:23851] by smtpin.naws.eu-west-1.prod.farcaster.email.amazon.dev [10.0.18.228:2525] with esmtp (Farcaster) id 646efd08-675e-4746-8ba7-c38ece7edc16; Thu, 10 Oct 2024 15:52:37 +0000 (UTC) X-Farcaster-Flow-ID: 646efd08-675e-4746-8ba7-c38ece7edc16 Received: from EX19D033EUB001.ant.amazon.com (10.252.61.11) by EX19MTAEUC001.ant.amazon.com (10.252.51.155) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1258.34; Thu, 10 Oct 2024 15:52:28 +0000 Received: from EX19MTAUEB001.ant.amazon.com (10.252.135.35) by EX19D033EUB001.ant.amazon.com (10.252.61.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1258.34; Thu, 10 Oct 2024 15:52:27 +0000 Received: from email-imr-corp-prod-iad-1box-1a-9bbde7a3.us-east-1.amazon.com (10.43.8.2) by mail-relay.amazon.com (10.252.135.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1258.34 via Frontend Transport; Thu, 10 Oct 2024 15:52:27 +0000 Received: from dev-dsk-faresx-1b-27755bf1.eu-west-1.amazon.com (dev-dsk-faresx-1b-27755bf1.eu-west-1.amazon.com [10.253.79.181]) by email-imr-corp-prod-iad-1box-1a-9bbde7a3.us-east-1.amazon.com (Postfix) with ESMTPS id 229F342252; Thu, 10 Oct 2024 15:52:25 +0000 (UTC) From: Fares Mehanna To: CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , Subject: Re: [RFC PATCH 0/7] support for mm-local memory allocations and use it Date: Thu, 10 Oct 2024 15:52:10 +0000 Message-ID: <20241010155210.13321-1-faresx@amazon.de> X-Mailer: git-send-email 2.40.1 In-Reply-To: <813b9bcb-afde-40b6-a604-cdb71b4b6d7a@redhat.com> References: <813b9bcb-afde-40b6-a604-cdb71b4b6d7a@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Rspam-User: X-Stat-Signature: k9o1qemqsm78nqwgu6gxmw87cdysxncc X-Rspamd-Queue-Id: 3D117140026 X-Rspamd-Server: rspam11 X-HE-Tag: 1728575562-844353 X-HE-Meta: U2FsdGVkX1/+glj2W4c72n82e38guJtCi9oXa5NO17LE6ty1aEBWcXMp/F1khJz8fZ9TsMq+ZQbtLd1bGVopMqhBt1HoB9ERXjo+EQbhaAsqn8KwkF8xhthVuW9HYWKyhE8x+gdQugKsqodPNptiGKAP3Fr5JNBpeTqForK4Ox60qtSUHmBzCqJ9PGrmuB+L4zq5qPc2y6yG10maAKsehut72qCbe/IF1+vVL+2Sxn2/Z/3IVLrD1I0GLRwqMCKuNDUFlay/Rs0XKCgpnr+j9WuyY16s36LodYIChm7Ow6PwJMzcqTOJwmt2BkgTljSqY3rkS2SQN+NG8CepjraTvw9N3XLvf1yEBZLQxHwo2/fBpLvo1i1zH704xhHwNciKOO0NOVp1orQ29Ue2HHMtis+xXcq3TIBOzX3LT4PvI1mOSJGzcs97/912XaePe5uJT2Rmoypx2kCV/nSnEdjds4ak4TU2emrFqysf10JVwek3KPjbVKshwXt7IcYofKt+BUT81W/cCBDKuQBiCGrriWHF6wmp5O05bXTOKG76iIFTpfRGr6yvIFOVWEwtjJwJqcNGXraWo8kpkjFzEQp3CZpMbpJSGedIsRbtzE2e4RxyURQYp3nI6lXtlWxmkgo8n67shotI2x35ENzcTr2EFuNJgtqByNHefUL7wMcadkDGeCL1lISiHVifxXLITpeVwP0K2lEfqLzWfQ5uAp8EEZKk9rbB/aN/41tZIYYQQVhS6XsRe2Jaet2a68U/jG0tDnm1jqfOScBcraJ6mTcxpcTXNk10hq8zHqNhT/qN0u7hqF6czcuVXn2sJuzKYhUdni6Ki6oeLsHwv4J7jd2Fg94cstOEBJUiq7tk/lJQS/+1v841WJKU3s08uKY30jGJymo887/qXEzHZwJ3IH4Anugw67eiOk8HZrYKbKI/EboFVXVlma98FcUWG5YTLlMokgIPjwsYeEE803drTZh mI6KYCur 7EiugWry2dDu47L+t+to00bzc4fSVHFDpA2bt5YL7xx8G5GNlgWYteqkAiTmLbPApeakPIHQ3kChS0zZEyJtZFzu+tm4sG2clFxioyhnoL9cwD6FyiM/ADpf3CF+gbgNZtul9/Z3tWJz1g+L2guvgexwEso73YaQaBTiFz7Ga3PBI2KwnnQESVM3078jUVTQ2XnfpMp3QyEZIX+kj7B4jbuZvkplYzrRsuxFZ5F6pWjNkVzSdIYIcA87Uj4eeCm9WKEiReiWGOSmz8uWp/6IDayU6wR3kZaWtjoQfQJiSROup0tRTqXcw9dAFI8ZuSGWIWxI7RVueZiruGyd/M+JEA1rs7TkX5dczGjKJKp7mWNBqocYJROlw16QpVrQSuaOiFL5iFfyFb5i0T2fX6JfQD94UaA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: > > In a series posted a few years ago [1], a proposal was put forward to allow the > > kernel to allocate memory local to a mm and thus push it out of reach for > > current and future speculation-based cross-process attacks. We still believe > > this is a nice thing to have. > > > > However, in the time passed since that post Linux mm has grown quite a few new > > goodies, so we'd like to explore possibilities to implement this functionality > > with less effort and churn leveraging the now available facilities. > > > > An RFC was posted few months back [2] to show the proof of concept and a simple > > test driver. > > > > In this RFC, we're using the same approach of implementing mm-local allocations > > piggy-backing on memfd_secret(), using regular user addresses but pinning the > > pages and flipping the user/supervisor flag on the respective PTEs to make them > > directly accessible from kernel. > > In addition to that we are submitting 5 patches to use the secret memory to hide > > the vCPU gp-regs and fp-regs on arm64 VHE systems. > > I'm a bit lost on what exactly we want to achieve. The point where we > start flipping user/supervisor flags confuses me :) > > With secretmem, you'd get memory allocated that > (a) Is accessible by user space -- mapped into user space. > (b) Is inaccessible by kernel space -- not mapped into the direct map > (c) GUP will fail, but copy_from / copy_to user will work. > > > Another way, without secretmem, would be to consider these "secrets" > kernel allocations that can be mapped into user space using mmap() of a > special fd. That is, they wouldn't have their origin in secretmem, but > in KVM as a kernel allocation. It could be achieved by using VM_MIXEDMAP > with vm_insert_pages(), manually removing them from the directmap. > > But, I am not sure who is supposed to access what. Let's explore the > requirements. I assume we want: > > (a) Pages accessible by user space -- mapped into user space. > (b) Pages inaccessible by kernel space -- not mapped into the direct map > (c) GUP to fail (no direct map). > (d) copy_from / copy_to user to fail? > > And on top of that, some way to access these pages on demand from kernel > space? (temporary CPU-local mapping?) > > Or how would the kernel make use of these allocations? > > -- > Cheers, > > David / dhildenb Hi David, Thanks for taking a look at the patches! We're trying to allocate a kernel memory that is accessible to the kernel but only when the context of the process is loaded. So this is a kernel memory that is not needed to operate the kernel itself, it is to store & process data on behalf of a process. The requirement for this memory is that it would never be touched unless the process is scheduled on this core. otherwise any other access will crash the kernel. So this memory should only be directly readable and writable by the kernel, but only when the process context is loaded. The memory shouldn't be readable or writable by the owner process at all. This is basically done by removing those pages from kernel linear address and attaching them only in the process mm_struct. So during context switching the kernel loses access to the secret memory scheduled out and gain access to the new process secret memory. This generally protects against speculation attacks, and if other process managed to trick the kernel to leak data from memory. In this case the kernel will crash if it tries to access other processes secret memory. Since this memory is special in the sense that it is kernel memory but only make sense in the term of the owner process, I tried in this patch series to explore the possibility of reusing memfd_secret() to allocate this memory in user virtual address space, manage it in a VMA, flipping the permissions while keeping the control of the mapping exclusively with the kernel. Right now it is: (a) Pages not accessible by user space -- even though they are mapped into user space, the PTEs are marked for kernel usage. (b) Pages accessible by kernel space -- even though they are not mapped into the direct map, the PTEs in uvaddr are marked for kernel usage. (c) copy_from / copy_to user won't fail -- because it is in the user range, but this can be fixed by allocating specific range in user vaddr to this feature and check against this range there. (d) The secret memory vaddr is guessable by the owner process -- that can also be fixed by allocating bigger chunk of user vaddr for this feature and randomly placing the secret memory there. (e) Mapping is off-limits to the owner process by marking the VMA as locked, sealed and special. Other alternative (that was implemented in the first submission) is to track those allocations in a non-shared kernel PGD per process, then handle creating, forking and context-switching this PGD. What I like about the memfd_secret() approach is the simplicity and being arch agnostic, what I don't like is the increased attack surface by using VMAs to track those allocations. I'm thinking of working on a PoC to implement the first approach of using a non-shared kernel PGD for secret memory allocations on arm64. This includes adding kernel page table per process where all PGDs are shared but one which will be used for secret allocations mapping. And handle the fork & context switching (TTBR1 switching(?)) correctly for the secret memory PGD. What do you think? I'd really appreciate opinions and possible ways forward. Thanks! Fares. Amazon Web Services Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597