From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EB7BEC02193
	for <linux-mm@archiver.kernel.org>; Mon,  3 Feb 2025 10:29:09 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 86B15280013; Mon,  3 Feb 2025 05:29:09 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 81BBD28000E; Mon,  3 Feb 2025 05:29:09 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6E300280013; Mon,  3 Feb 2025 05:29:09 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id 4DAB828000E
	for <linux-mm@kvack.org>; Mon,  3 Feb 2025 05:29:09 -0500 (EST)
Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 84E0882654
	for <linux-mm@kvack.org>; Mon,  3 Feb 2025 10:28:37 +0000 (UTC)
X-FDA: 83078259474.21.3A82BE6
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
	by imf15.hostedemail.com (Postfix) with ESMTP id F1B82A000E
	for <linux-mm@kvack.org>; Mon,  3 Feb 2025 10:28:35 +0000 (UTC)
Authentication-Results: imf15.hostedemail.com;
	dkim=none;
	spf=pass (imf15.hostedemail.com: domain of kevin.brodsky@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=kevin.brodsky@arm.com;
	dmarc=pass (policy=none) header.from=arm.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1738578516;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=oHzh0GIvxYZInKVNXjFtmOiyhq3s9+3Bn3ETwjH4vJU=;
	b=x5G1Maxe7MCWwxjVKfyMlXUYNwxIBGQUHAaP1KyHLZZX0RTxVN1b1+GNqysie4brHiAHzi
	/ifp9f3n7pRY4quJG6iE74rxG6g9BqAtkTFhkfSSDRQNvxrR+vlOgpXG5t6T4e0Gwl3BDi
	6YMeUoV+S6yETot4cciZb8b3l4B7ZAo=
ARC-Authentication-Results: i=1;
	imf15.hostedemail.com;
	dkim=none;
	spf=pass (imf15.hostedemail.com: domain of kevin.brodsky@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=kevin.brodsky@arm.com;
	dmarc=pass (policy=none) header.from=arm.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738578516; a=rsa-sha256;
	cv=none;
	b=NDKc7VNL6thKWNHnqsYV7+HIkVWJQb5buXUNwN04eGmTfXlA8O1dYJrjeXqhfhourkGeQr
	3+Og4Rp+m8ReHbEC4qBy3t1Zz35im9ZnUvK8PeXta1aGZAMhk1Px9TN62PMZlvCOdD47CK
	cqOQzOINd5yNvPBcfYwKBQVaeL2E6Jk=
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BBF761682;
	Mon,  3 Feb 2025 02:28:59 -0800 (PST)
Received: from e123572-lin.arm.com (e123572-lin.cambridge.arm.com [10.1.194.54])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8CF223F63F;
	Mon,  3 Feb 2025 02:28:31 -0800 (PST)
From: Kevin Brodsky <kevin.brodsky@arm.com>
To: linux-hardening@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
	Kevin Brodsky <kevin.brodsky@arm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Mark Brown <broonie@kernel.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	David Howells <dhowells@redhat.com>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Jann Horn <jannh@google.com>,
	Jeff Xu <jeffxu@chromium.org>,
	Joey Gouly <joey.gouly@arm.com>,
	Kees Cook <kees@kernel.org>,
	Linus Walleij <linus.walleij@linaro.org>,
	Andy Lutomirski <luto@kernel.org>,
	Marc Zyngier <maz@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Pierre Langlois <pierre.langlois@arm.com>,
	Quentin Perret <qperret@google.com>,
	"Mike Rapoport (IBM)" <rppt@kernel.org>,
	Ryan Roberts <ryan.roberts@arm.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Will Deacon <will@kernel.org>,
	Matthew Wilcox <willy@infradead.org>,
	Qi Zheng <zhengqi.arch@bytedance.com>,
	linux-arm-kernel@lists.infradead.org,
	linux-mm@kvack.org,
	x86@kernel.org
Subject: [RFC PATCH 2/8] mm: kpkeys: Introduce unrestricted level
Date: Mon,  3 Feb 2025 10:28:03 +0000
Message-ID: <20250203102809.1223255-3-kevin.brodsky@arm.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20250203102809.1223255-1-kevin.brodsky@arm.com>
References: <20250203102809.1223255-1-kevin.brodsky@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: rspam07
X-Rspamd-Queue-Id: F1B82A000E
X-Stat-Signature: 8aif7baynfj353kwddowkiroinj6bmbx
X-Rspam-User: 
X-HE-Tag: 1738578515-798696
X-HE-Meta: U2FsdGVkX19CEVRiKOqr5Mcel6Oyc4IWUljiK+K/FlEnOVnzHuw6u7sVuofsepTIC8ovosS5AJhxfLbZIL33k4di3BcFu0rMZZnDTKiw1S5QxRKGmFbhwstUphZMLzWY2i09s/m9An9FQ87PFxvm106FmfHcStXmMZUcrPay1fGXCKBjzOXbyThRfhAY6F7TmPwYud58gD8e4QzWre+vgewXFKi5kQhWxqOcrG6Z49OgqEUoyn5LnRUC545PW7d3BcoWOFOT46CjSwIXNhIDsOBqFMoKj4n0Im0LL7O6y7bI8hk+VGRry613i7z8qW35qofQ7cqQEsUxCNly1EQ8STRK2TFqszWJzstfcH57EleVLZYQAxm3s/DEhPlORXrz/OedctZ7/JXHAk8UmusqcbBA2Sr5i8q1NBENtZCi4o1kIKzsvwO0vvnDjKcq9+fbOzXalgogvKgV/Uup47Ijo7yha1opN84hcG34smIOUO/pMDO11H+ZE8u188nFe3R/Xhh1lTCZfTKeBC56By2KD9qrXmRCAk7HUSnhZbZMD5W0DsPnvOXp15l3l7Ytvc65TLQz8WKryH4MmbRw1mCgLsMnRHd/TklK1UzWxzK1AVpLsj50UuZMNJ4tTuHCPt7IfbMAGOx1e7FgjeJcv3u57mGFhiQoeLyw3FUiwlQHN5n42vnL8YglCGSNj569dKdry/Bu5EVIfLnsIMbeTiTIK+48woxT0E/3hZHbyO3/2HRlMZPMmXyCxmekDF2+uMbLvNt8kXIIEiVh1g7ibOLf8D9DtoKBI4bkM9/4+Qf4RoZwX7LpfkcjJnVL/A0Cyku4WWNfcIBUduaE/3e3Tgi5iGpSEUfVMgt7+3TphVZYUujlH/Pyqdo/lo+gyia/j3QBJ6XxW9q0G2ICwH8fYDo9MZrZQlOTZSPXJwhpwyhHq47m/Z8b2W2L+bgO5ZP1HnlvvTtzIlV32HwMAHb8qzB
 KCIXAkqw
 GVvonKDyizFDyGyRT/CHgMlR1Dc5S7rqVxBBhYojaOb7SV8cakgfNG6lqHGDnteRAWAZ946kFhvTjJtJxLbymvQYN6OxbqFLbXamPzw1nwmkarc8MRG69SNYStWycJls8OPYhIt+nyUsPZyozB+vgDmpCiQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Highly privileged components, such as allocators, may require write
access to arbitrary data. To that end, introduce a kpkeys level that
grants write access to all kpkeys.

Signed-off-by: Kevin Brodsky <kevin.brodsky@arm.com>
---
 arch/arm64/include/asm/kpkeys.h | 4 +++-
 include/linux/kpkeys.h          | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/include/asm/kpkeys.h b/arch/arm64/include/asm/kpkeys.h
index 3f16584d495a..ab2305ca24b7 100644
--- a/arch/arm64/include/asm/kpkeys.h
+++ b/arch/arm64/include/asm/kpkeys.h
@@ -19,7 +19,9 @@ static inline u64 por_set_kpkeys_level(u64 por, int level)
 {
 	por = por_set_pkey_perms(por, KPKEYS_PKEY_DEFAULT, POE_RXW);
 	por = por_set_pkey_perms(por, KPKEYS_PKEY_PGTABLES,
-				 level == KPKEYS_LVL_PGTABLES ? POE_RW : POE_R);
+				 level == KPKEYS_LVL_PGTABLES ||
+				 level == KPKEYS_LVL_UNRESTRICTED
+				 ? POE_RW : POE_R);
 
 	return por;
 }
diff --git a/include/linux/kpkeys.h b/include/linux/kpkeys.h
index 645eaf00096c..9d9feec83ccf 100644
--- a/include/linux/kpkeys.h
+++ b/include/linux/kpkeys.h
@@ -10,9 +10,10 @@ struct folio;
 
 #define KPKEYS_LVL_DEFAULT	0
 #define KPKEYS_LVL_PGTABLES	1
+#define KPKEYS_LVL_UNRESTRICTED	2
 
 #define KPKEYS_LVL_MIN		KPKEYS_LVL_DEFAULT
-#define KPKEYS_LVL_MAX		KPKEYS_LVL_PGTABLES
+#define KPKEYS_LVL_MAX		KPKEYS_LVL_UNRESTRICTED
 
 #define __KPKEYS_GUARD(name, set_level, restore_pkey_reg, set_arg, ...)	\
 	__DEFINE_CLASS_IS_CONDITIONAL(name, false);			\
-- 
2.47.0