From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57C1AC5B552 for ; Fri, 30 May 2025 09:34:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E1F4B6B00C6; Fri, 30 May 2025 05:34:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DCF9D6B00C7; Fri, 30 May 2025 05:34:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C70B76B00C8; Fri, 30 May 2025 05:34:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 97BE36B00C6 for ; Fri, 30 May 2025 05:34:54 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 5F5E81CB885 for ; Fri, 30 May 2025 09:34:54 +0000 (UTC) X-FDA: 83499064908.05.7B85400 Received: from mail-pj1-f48.google.com (mail-pj1-f48.google.com [209.85.216.48]) by imf13.hostedemail.com (Postfix) with ESMTP id 6CB0120003 for ; Fri, 30 May 2025 09:34:52 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b=T7GU7hsg; dmarc=pass (policy=quarantine) header.from=bytedance.com; spf=pass (imf13.hostedemail.com: domain of libo.gcs85@bytedance.com designates 209.85.216.48 as permitted sender) smtp.mailfrom=libo.gcs85@bytedance.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1748597692; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4r9koD1NPFSh7WkJOunYhnXV7czMJGlSW2YfbvvIqZo=; b=7SZ0iehDsNNH60cPfXxJ6w6EibpZEP15dhahvsjN/z2JI+54/Kmw34jO/fdEnYmijcURjx hr0yqz22SvLiHvv2B0UJEI8e44eZAm/acGOiXupsG53eHviW/yxzBPqpBt5NKrnND5cyeE M3Q6V52QPkZOD5fkW7XyRuIJX5mNC9A= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=bytedance.com header.s=google header.b=T7GU7hsg; dmarc=pass (policy=quarantine) header.from=bytedance.com; spf=pass (imf13.hostedemail.com: domain of libo.gcs85@bytedance.com designates 209.85.216.48 as permitted sender) smtp.mailfrom=libo.gcs85@bytedance.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1748597692; a=rsa-sha256; cv=none; b=er8F/TcLhy7nOjoA1iU5rrreP79gXYn8YQrP5psuZZBVyqf//87iuf8QLIjm3xgVlbiKZ0 x3N+O9Wz6acupsRQYvNt84+OY/gLvji2lAY3BVwc74fIxaEdnNeux/bjfT5huhtAukFPIR lR5foiCBaIIot5N1oJA1o7nzc20O3us= Received: by mail-pj1-f48.google.com with SMTP id 98e67ed59e1d1-3114560d74aso1822829a91.0 for ; Fri, 30 May 2025 02:34:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bytedance.com; s=google; t=1748597691; x=1749202491; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4r9koD1NPFSh7WkJOunYhnXV7czMJGlSW2YfbvvIqZo=; b=T7GU7hsgly4gV1fF6Aw9CPkyiuI21iYP6OqBtLNZN5/iBWaVVTB0CzEifm3Ir7ZB3j g/6Qh2hppGowQvq9/PwawaMQDD69dWosEZR7TzMRws52GPk2Zav1Lld+oPyF2j0odP3T 9MTcI4TbKCeFSulqiHkgTs3zSWWoxdHy9WRbFdi1EmtYlODMTJ0r5ByGUUF2WRhWbIFd K4QVmQCnAHDfWTjVWxTIJBBLWsryPA7jEGWgLpWQU0WxoDjFyJJ6nzCU6Ubw41hQwglp QZwNcs/I4+Gl7qLpzuFoQfCPLM3c/6vbOJ37dgAeepTHhZoVY18zQdw5bBqMzzIlCOoU aB0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748597691; x=1749202491; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4r9koD1NPFSh7WkJOunYhnXV7czMJGlSW2YfbvvIqZo=; b=o/vcIjRQJmczANNOBfDsKFxHG1uFrEfE2bBL6/4Bo3sWCCozmIHcwyLbM67+ZtVpFU jEWI4idlYwyE4DNBi5B188rhXxdDR92Iv1P59/gN0sdV81Rmj8LuIaDSFMfStrK0mJwv croozjbadC4zwUUoZMzhAN0Q1g8hOFE4ZJvf5Zasa3/uGMAsyN5frgpla1m016tH/PHx f+uH6AEEtnA34L2NeVtpolHXnDBvMuJiGl+RvMc6aaidtzdv3h+ph/nj0Vrqldzx8Ogp JvwuWrd0ZzE3D/dSIfpZXrfowO3t9+pDPqpJ7KUIKuJOJ1lthL1xvW8JUKqyQNbldU4l 2kyg== X-Forwarded-Encrypted: i=1; AJvYcCXhiUAbjIenPvQbjh7PJ1wpsgc6c7i2DqeFyxKck47+Mu+JrezZUr0SOFkHoAs7tcQ/IBNmR9TLNw==@kvack.org X-Gm-Message-State: AOJu0YxjzPp6d8mt33O6r5ObWGqLSlETxzY3LvWMYN9fbyqQQljMGugI Ob4fbiaAW2c+BzM0uDcAU4zGTV2NvmEc6uMOmutpI85oJy1x+gdDyOgvGC+ReMIe3zs= X-Gm-Gg: ASbGncsEP963Xaf5SiiY33iBk4sWnaD2eGKiB8IwQnuqMjFJd1gGd/hrpeowvHQnh8+ jcvkFBqC5Fzhqcm4qe+MkAAhtjSPdo5Df6znXNrDDmnDbA/JSxwUPAr+wNo/inMS3mf/wZ6CoHp TWsmCIshBSgYhBJzBnnyKdToGtCpTUFP9WT45+2CdeQNKP5zasqoLoTppL/5Xs9cP3aZl2Nut8N 6kKqiaHbjk9zHm+6w5yjDAqFy8YPMSuv/RoG3aznusYO+IfirsJBZsUMNUKAY7PFM+gVMpiwpwv yEwUf3mU95zMUGeRaLOcoN8hH8s9pMhPeUVwYOjS+1eFGgQ351emlpQM9bxnZEt2Vu0kcptFS5t 5wy3TKq+5NQ== X-Google-Smtp-Source: AGHT+IEYFSuwVcZ5gMKEd63K0LSZFm1at7KJSWQADYXZzWbymIXeS5JhogJZ9S4360x8945TmkY35w== X-Received: by 2002:a17:90b:2e8b:b0:311:e637:287b with SMTP id 98e67ed59e1d1-3124198a8e2mr3896259a91.29.1748597690878; Fri, 30 May 2025 02:34:50 -0700 (PDT) Received: from FQ627FTG20.bytedance.net ([63.216.146.178]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-3124e29f7b8sm838724a91.2.2025.05.30.02.34.35 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256); Fri, 30 May 2025 02:34:50 -0700 (PDT) From: Bo Li To: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, x86@kernel.org, luto@kernel.org, kees@kernel.org, akpm@linux-foundation.org, david@redhat.com, juri.lelli@redhat.com, vincent.guittot@linaro.org, peterz@infradead.org Cc: dietmar.eggemann@arm.com, hpa@zytor.com, acme@kernel.org, namhyung@kernel.org, mark.rutland@arm.com, alexander.shishkin@linux.intel.com, jolsa@kernel.org, irogers@google.com, adrian.hunter@intel.com, kan.liang@linux.intel.com, viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com, vbabka@suse.cz, rppt@kernel.org, surenb@google.com, mhocko@suse.com, rostedt@goodmis.org, bsegall@google.com, mgorman@suse.de, vschneid@redhat.com, jannh@google.com, pfalcato@suse.de, riel@surriel.com, harry.yoo@oracle.com, linux-kernel@vger.kernel.org, linux-perf-users@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, duanxiongchun@bytedance.com, yinhongbo@bytedance.com, dengliang.1214@bytedance.com, xieyongji@bytedance.com, chaiwen.cc@bytedance.com, songmuchun@bytedance.com, yuanzhu@bytedance.com, chengguozhu@bytedance.com, sunjiadong.lff@bytedance.com, Bo Li Subject: [RFC v2 25/35] RPAL: add MPK initialization and interface Date: Fri, 30 May 2025 17:27:53 +0800 Message-Id: <569387db40571a03a71506cbec12813c1e5dde62.1748594841.git.libo.gcs85@bytedance.com> X-Mailer: git-send-email 2.39.5 (Apple Git-154) In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 6CB0120003 X-Stat-Signature: xt1suaf8hb6pf575pt594fsxw63awo3i X-Rspam-User: X-HE-Tag: 1748597692-856437 X-HE-Meta: U2FsdGVkX18UMZtV2/IvRFbNUjMmYTDy6dBL/waWuvPMVqqvuY4jmPia+vwOO+hNpGUo6DGAJdKucckjm9lIZKzaX0y0JidGTM/77kxpfZcpOftahcGXekPvg5wTn3leiUHsHw7Nss7fG7o62cUca7Lk0XnUXiJ0z4X2/ZzRQFxUSdg4vnRpGAQAiELEChj+YC4jOQHQ3V4HrJWgY6jLReu8hDYwhdk2+sZjEWUggYFjpsLV1tMzHWVgNLXeXVL5f1FyvIe9qrLqLF1A29zRrcKHk7TlrufdJuFmy96zrkwZgy6m0kN/c8oOywQZG5f12t35xzCOv98l3AYRv/Ji1mPwa5f7nu3X551EVYoGGoOBH9bBHIf4h/6v7fKCfTt2o9DxgQVd1NUAAYz0YdoC78ZNQuxtzYUyWkXHSnz8YC45iLlFuMN8wZ/+WOwx73T+wNCzsE7Nx/FBk6pR01vMDoX7t1exuPQHfjp78Tg7AYUJ8WOLvjtFv8vZl+Vmn2aoc/hXnI8gEWaj5eSbpdcJTGEMbJlzqwH6NbVlFhJxoLo9xaE68gOlBtbNpSX17iZW+Gi0uU9ir9sR/+u7/2QdSkyR5datewCai7447jKMLlH8memSKXKYcFHVnX/Z+pql/lXAhSDqofiHn6UJcQkE+nTtCFUkP0JBClzEnSee6Eq9x9RXhWCL6gtwFzzvMcB3BdHhL3tBFHFc9ZtevHf0Gt8f7xACuyCPtQ+N4uR12DIpsL9JmLXOD43e3ru9WhdZNJ5rgvTlWNwi8pv/PQSCRQ6oKf9gptescn+Jzwg/QIjKGUeGZeSufw5vLiovFyWG/gp4Z3IEV5m35Rqgt8U3suYNvFou46o8t63U5s2oq+qejp1V9Uqrj4M9SGpRbBIWMwL1TrIqL7V9iz4cEUr0DHLUFygPO8uV/qYakKIi25NC347qxtRxNUgfgOKLtOlKtK+WtcE1suSo+vJAnM1 vEZ4JGWv O8f603ITq+xBSrH95TMbfzSSLDZhaCSnJdckjq1ojPaWESA0qObxuA3DpcWRQJZG44JlScrpCRPL8RZDAoe35trsWBY1qk7Z02VcXNamrxrRI0vMTsnIPyA7P4CKMKGWsnlUBXjjtlFOI66FOTGemC1egNttM8qaI0z1pNUW4RhDknh7ModPgrWr04g0VHCGH2aJ4MPH2vNeRLd11Lbe9vFUx0lf7KfartkQm4yR9TZtdUDlkcsquKZbb5+IOyuV4wlx2zQ/V5QqewO5gyVCWW7XVBuRrpncoCT7mO1+Pwvpy3Zln+arAxo1a4HaVJlh3AO1IPFjK/cBY8Ol2gVEIstAjGQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: RPAL uses MPK (Memory Protection Keys) to protect memory. Therefore, RPAL needs to perform MPK initialization, allocation, and other related tasks, while providing corresponding user-mode interfaces. This patch executes MPK initialization operations, including feature detection, implementation of user mode interfaces for setting and retrieving pkeys, and development of utility functions. For pkey allocation, RPAL prioritizes using pkeys provided by user mode, with user mode responsible for preventing pkey collisions between different services. If user mode does not provide a valid pkey, RPAL generates a pkey via id % arch_max_pkey() to maximize the avoidance of pkey collisions. Additionally, RPAL does not permit services to manipulate pkeys independently; thus, all pkeys are marked as allocated, and services are prohibited from releasing pkeys. Signed-off-by: Bo Li --- arch/x86/rpal/Kconfig | 12 +++++++- arch/x86/rpal/Makefile | 1 + arch/x86/rpal/core.c | 13 ++++++++ arch/x86/rpal/internal.h | 5 +++ arch/x86/rpal/pku.c | 47 ++++++++++++++++++++++++++++ arch/x86/rpal/proc.c | 5 +++ arch/x86/rpal/service.c | 24 +++++++++++++++ include/linux/rpal.h | 66 ++++++++++++++++++++++++++++++++++++++++ mm/mprotect.c | 9 ++++++ 9 files changed, 181 insertions(+), 1 deletion(-) create mode 100644 arch/x86/rpal/pku.c diff --git a/arch/x86/rpal/Kconfig b/arch/x86/rpal/Kconfig index e5e6996553ea..5434fdb2940d 100644 --- a/arch/x86/rpal/Kconfig +++ b/arch/x86/rpal/Kconfig @@ -8,4 +8,14 @@ config RPAL depends on X86_64 help This option enables system support for Run Process As - library (RPAL). \ No newline at end of file + library (RPAL). + +config RPAL_PKU + bool "mpk protection for RPAL" + default y + depends on RPAL + help + Memory protection key (MPK) can achieve intra-process + memory separation which is broken by RPAL, Always keep + it on when use RPAL. CPU feature will be detected at + boot time as some CPUs do not support it. \ No newline at end of file diff --git a/arch/x86/rpal/Makefile b/arch/x86/rpal/Makefile index 89f745382c51..42a42b0393be 100644 --- a/arch/x86/rpal/Makefile +++ b/arch/x86/rpal/Makefile @@ -3,3 +3,4 @@ obj-$(CONFIG_RPAL) += rpal.o rpal-y := service.o core.o mm.o proc.o thread.o +rpal-$(CONFIG_RPAL_PKU) += pku.o \ No newline at end of file diff --git a/arch/x86/rpal/core.c b/arch/x86/rpal/core.c index 406d54788bac..41111d693994 100644 --- a/arch/x86/rpal/core.c +++ b/arch/x86/rpal/core.c @@ -8,6 +8,7 @@ #include #include +#include #include #include "internal.h" @@ -374,6 +375,14 @@ static bool check_hardware_features(void) rpal_err("no fsgsbase feature\n"); return false; } + +#ifdef CONFIG_RPAL_PKU + if (!arch_pkeys_enabled()) { + rpal_err("MPK is not enabled\n"); + return false; + } +#endif + return true; } @@ -390,6 +399,10 @@ int __init rpal_init(void) if (ret) goto fail; +#ifdef CONFIG_RPAL_PKU + rpal_set_cap(RPAL_CAP_PKU); +#endif + rpal_inited = true; return 0; diff --git a/arch/x86/rpal/internal.h b/arch/x86/rpal/internal.h index 6256172bb79e..71afa8225450 100644 --- a/arch/x86/rpal/internal.h +++ b/arch/x86/rpal/internal.h @@ -54,3 +54,8 @@ rpal_build_call_state(const struct rpal_sender_data *rsd) return ((rsd->rcd.service_id << RPAL_SID_SHIFT) | (rsd->scc->sender_id << RPAL_ID_SHIFT) | RPAL_RECEIVER_STATE_CALL); } + +/* pkey.c */ +int rpal_alloc_pkey(struct rpal_service *rs, int pkey); +int rpal_pkey_setup(struct rpal_service *rs, int pkey); +void rpal_service_pku_init(void); diff --git a/arch/x86/rpal/pku.c b/arch/x86/rpal/pku.c new file mode 100644 index 000000000000..4c5151ca5b8b --- /dev/null +++ b/arch/x86/rpal/pku.c @@ -0,0 +1,47 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * RPAL service level operations + * Copyright (c) 2025, ByteDance. All rights reserved. + * + * Author: Jiadong Sun + */ + +#include +#include + +#include "internal.h" + +void rpal_service_pku_init(void) +{ + u16 all_pkeys_mask = ((1U << arch_max_pkey()) - 1); + struct mm_struct *mm = current->mm; + + /* We consume all pkeys so that no pkeys will be allocated by others */ + mmap_write_lock(mm); + if (mm->context.pkey_allocation_map != 0x1) + rpal_err("pkey has been allocated: %u\n", + mm->context.pkey_allocation_map); + mm->context.pkey_allocation_map = all_pkeys_mask; + mmap_write_unlock(mm); +} + +int rpal_pkey_setup(struct rpal_service *rs, int pkey) +{ + int val; + + val = rpal_pkey_to_pkru(pkey); + rs->pkey = pkey; + return 0; +} + +int rpal_alloc_pkey(struct rpal_service *rs, int pkey) +{ + int ret; + + if (pkey >= 0 && pkey < arch_max_pkey()) + return pkey; + + ret = rs->id % arch_max_pkey(); + + return ret; +} diff --git a/arch/x86/rpal/proc.c b/arch/x86/rpal/proc.c index 16ac9612bfc5..2f9cceec4992 100644 --- a/arch/x86/rpal/proc.c +++ b/arch/x86/rpal/proc.c @@ -76,6 +76,11 @@ static long rpal_ioctl(struct file *file, unsigned int cmd, unsigned long arg) case RPAL_IOCTL_RELEASE_SERVICE: ret = rpal_release_service(arg); break; +#ifdef CONFIG_RPAL_PKU + case RPAL_IOCTL_GET_SERVICE_PKEY: + ret = put_user(cur->pkey, (int __user *)arg); + break; +#endif default: return -EINVAL; } diff --git a/arch/x86/rpal/service.c b/arch/x86/rpal/service.c index 16e94d710445..ca795dacc90d 100644 --- a/arch/x86/rpal/service.c +++ b/arch/x86/rpal/service.c @@ -208,6 +208,10 @@ struct rpal_service *rpal_register_service(void) spin_lock_init(&rs->rpd.poll_lock); bitmap_zero(rs->rpd.dead_key_bitmap, RPAL_NR_ID); init_waitqueue_head(&rs->rpd.rpal_waitqueue); +#ifdef CONFIG_RPAL_PKU + rs->pkey = -1; + rpal_service_pku_init(); +#endif rs->bad_service = false; rs->base = calculate_base_address(rs->id); @@ -288,6 +292,9 @@ static int add_mapped_service(struct rpal_service *rs, struct rpal_service *tgt, if (node->rs == NULL) { node->rs = rpal_get_service(tgt); set_bit(type_bit, &node->type); +#ifdef CONFIG_RPAL_PKU + node->pkey = tgt->pkey; +#endif } else { if (node->rs != tgt) { ret = -EINVAL; @@ -397,6 +404,19 @@ int rpal_request_service(unsigned long arg) goto put_service; } +#ifdef CONFIG_RPAL_PKU + if (cur->pkey == tgt->pkey) { + ret = -EINVAL; + goto put_service; + } + + ret = put_user(tgt->pkey, rra.pkey); + if (ret) { + ret = -EFAULT; + goto put_service; + } +#endif + ret = put_user((unsigned long)(tgt->rsm.user_meta), rra.user_metap); if (ret) { ret = -EFAULT; @@ -577,6 +597,10 @@ int rpal_enable_service(unsigned long arg) mutex_lock(&cur->mutex); if (!cur->enabled) { cur->rsm = rsm; +#ifdef CONFIG_RPAL_PKU + rsm.pkey = rpal_alloc_pkey(cur, rsm.pkey); + rpal_pkey_setup(cur, rsm.pkey); +#endif cur->enabled = true; } mutex_unlock(&cur->mutex); diff --git a/include/linux/rpal.h b/include/linux/rpal.h index 4f1d92053818..2f2982d281cc 100644 --- a/include/linux/rpal.h +++ b/include/linux/rpal.h @@ -97,6 +97,12 @@ enum { #define RPAL_ID_MASK (~(0 | RPAL_RECEIVER_STATE_MASK | RPAL_SID_MASK)) #define RPAL_MAX_ID ((1 << (RPAL_SID_SHIFT - RPAL_ID_SHIFT)) - 1) +#define RPAL_PKRU_BASE_CODE_READ 0xAAAAAAAA +#define RPAL_PKRU_BASE_CODE 0xFFFFFFFF +#define RPAL_PKRU_SET 0 +#define RPAL_PKRU_UNION 1 +#define RPAL_PKRU_INTERSECT 2 + extern unsigned long rpal_cap; enum rpal_task_flag_bits { @@ -122,6 +128,10 @@ enum rpal_sender_state { RPAL_SENDER_STATE_KERNEL_RET, }; +enum rpal_capability { + RPAL_CAP_PKU +}; + struct rpal_critical_section { unsigned long ret_begin; unsigned long ret_end; @@ -134,6 +144,7 @@ struct rpal_service_metadata { unsigned long version; void __user *user_meta; struct rpal_critical_section rcs; + int pkey; }; struct rpal_request_arg { @@ -141,11 +152,17 @@ struct rpal_request_arg { u64 key; unsigned long __user *user_metap; int __user *id; +#ifdef CONFIG_RPAL_PKU + int __user *pkey; +#endif }; struct rpal_mapped_service { unsigned long type; struct rpal_service *rs; +#ifdef CONFIG_RPAL_PKU + int pkey; +#endif }; struct rpal_poll_data { @@ -220,6 +237,11 @@ struct rpal_service { /* fsbase / pid map */ struct rpal_fsbase_tsk_map fs_tsk_map[RPAL_MAX_RECEIVER_NUM]; +#ifdef CONFIG_RPAL_PKU + /* pkey */ + int pkey; +#endif + /* delayed service put work */ struct delayed_work delayed_put_work; @@ -323,6 +345,7 @@ enum rpal_command_type { RPAL_CMD_DISABLE_SERVICE, RPAL_CMD_REQUEST_SERVICE, RPAL_CMD_RELEASE_SERVICE, + RPAL_CMD_GET_SERVICE_PKEY, RPAL_NR_CMD, }; @@ -351,6 +374,8 @@ enum rpal_command_type { _IOWR(RPAL_IOCTL_MAGIC, RPAL_CMD_REQUEST_SERVICE, unsigned long) #define RPAL_IOCTL_RELEASE_SERVICE \ _IOWR(RPAL_IOCTL_MAGIC, RPAL_CMD_RELEASE_SERVICE, unsigned long) +#define RPAL_IOCTL_GET_SERVICE_PKEY \ + _IOWR(RPAL_IOCTL_MAGIC, RPAL_CMD_GET_SERVICE_PKEY, int *) #define rpal_for_each_requested_service(rs, idx) \ for (idx = find_first_bit(rs->requested_service_bitmap, RPAL_NR_ID); \ @@ -420,6 +445,47 @@ static inline bool rpal_is_correct_address(struct rpal_service *rs, unsigned lon return true; } +static inline void rpal_set_cap(unsigned long cap) +{ + set_bit(cap, &rpal_cap); +} + +static inline void rpal_clear_cap(unsigned long cap) +{ + clear_bit(cap, &rpal_cap); +} + +static inline bool rpal_has_cap(unsigned long cap) +{ + return test_bit(cap, &rpal_cap); +} + +static inline u32 rpal_pkey_to_pkru(int pkey) +{ + int offset = pkey * 2; + u32 mask = 0x3 << offset; + + return RPAL_PKRU_BASE_CODE & ~mask; +} + +static inline u32 rpal_pkey_to_pkru_read(int pkey) +{ + int offset = pkey * 2; + u32 mask = 0x3 << offset; + + return RPAL_PKRU_BASE_CODE_READ & ~mask; +} + +static inline u32 rpal_pkru_union(u32 pkru0, u32 pkru1) +{ + return pkru0 & pkru1; +} + +static inline u32 rpal_pkru_intersect(u32 pkru0, u32 pkru1) +{ + return pkru0 | pkru1; +} + #ifdef CONFIG_RPAL static inline struct rpal_service *rpal_current_service(void) { diff --git a/mm/mprotect.c b/mm/mprotect.c index 62c1f7945741..982f911ffaba 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include #include @@ -895,6 +896,14 @@ SYSCALL_DEFINE1(pkey_free, int, pkey) { int ret; +#ifdef CONFIG_RPAL_PKU + if (rpal_current_service()) { + rpal_err("try_to_free pkey: %d %s\n", current->pid, + current->comm); + return -EINVAL; + } +#endif + mmap_write_lock(current->mm); ret = mm_pkey_free(current->mm, pkey); mmap_write_unlock(current->mm); -- 2.20.1