From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 29810C54E58
	for <linux-mm@archiver.kernel.org>; Sat, 16 Mar 2024 03:14:24 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 72A4880157; Fri, 15 Mar 2024 23:14:23 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 6DA0E800B4; Fri, 15 Mar 2024 23:14:23 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 57ADE80157; Fri, 15 Mar 2024 23:14:23 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 4590C800B4
	for <linux-mm@kvack.org>; Fri, 15 Mar 2024 23:14:23 -0400 (EDT)
Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id F042B40263
	for <linux-mm@kvack.org>; Sat, 16 Mar 2024 03:14:22 +0000 (UTC)
X-FDA: 81901433964.09.F852935
Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180])
	by imf03.hostedemail.com (Postfix) with ESMTP id 28B9A20004
	for <linux-mm@kvack.org>; Sat, 16 Mar 2024 03:14:21 +0000 (UTC)
Authentication-Results: imf03.hostedemail.com;
	dkim=pass header.d=sempervictus-com.20230601.gappssmtp.com header.s=20230601 header.b=cW5marUI;
	dmarc=none;
	spf=pass (imf03.hostedemail.com: domain of blukashev@sempervictus.com designates 209.85.219.180 as permitted sender) smtp.mailfrom=blukashev@sempervictus.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1710558861;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=GE8ReMJXOBRMOJPX+O2xrNy0SwcxcCJ3CQ8iZfhs2B0=;
	b=TMALjMBTaTpitpZfTIIYM9lPYGGCm/lRBr4kxLzwIMsam5wGuSkDabnZUi/6o5CwPZJnWO
	+2JuauCyXz7ufh4p/iBiy1kuYfMowNhw9RY3HGfV3UXB3hTlvJjN5GuGRG5Sr775s1ztu3
	bLv5f7+A8WespackMhgHT+26bmqB4ZQ=
ARC-Authentication-Results: i=1;
	imf03.hostedemail.com;
	dkim=pass header.d=sempervictus-com.20230601.gappssmtp.com header.s=20230601 header.b=cW5marUI;
	dmarc=none;
	spf=pass (imf03.hostedemail.com: domain of blukashev@sempervictus.com designates 209.85.219.180 as permitted sender) smtp.mailfrom=blukashev@sempervictus.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710558861; a=rsa-sha256;
	cv=none;
	b=xuKKf/9NyX1880lD6sppZvhWrm4pO7oGeF2Xa4vLIS+zEvwdSFt5JsI0h3WXFOmWXAKoih
	/J3NlxZM/+/38hJZdNtPqYq15fqiynEOMMPHJqdDTHj3kgYHpcD280dyEUW6FqHrw+KZQ9
	NdHQ4i3att749KLpPLxpSgpqJbUY6JQ=
Received: by mail-yb1-f180.google.com with SMTP id 3f1490d57ef6-dd045349d42so2589734276.2
        for <linux-mm@kvack.org>; Fri, 15 Mar 2024 20:14:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sempervictus-com.20230601.gappssmtp.com; s=20230601; t=1710558860; x=1711163660; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=GE8ReMJXOBRMOJPX+O2xrNy0SwcxcCJ3CQ8iZfhs2B0=;
        b=cW5marUIqsJlPfyxNZkOHv9isy7VXQcmUAFRVDzezKA2Sg15znitXEGiiG83xYKv5u
         aNlSd68rqLzDI0QJNPAdm7VXuRCIc9RsQuQXbTXEgIj2mO3laThyP5p3aM30jGiqG8PI
         yOCHD3rtoS/1znIP8jlyyaD28pKWw3IlPIUK24/W2kddB+k3q/hRG8z/tUq2fYEqyrBi
         cFHFCnJWtVrS0WYAb/OGOxZmtAg8IMWnmtWpCXvvLDi1HlxkdLnqyhzu76/NH3EPjcOd
         UlG3CF6KifEZU6rkvmzLMZy8171uf+OwTQK4tHYETrR+/aeR27TuSGlM3Evvt/uz96qo
         QvXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710558860; x=1711163660;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=GE8ReMJXOBRMOJPX+O2xrNy0SwcxcCJ3CQ8iZfhs2B0=;
        b=vRD+UHNRrP+9otr6lZ2RIjIrattr24AMoH5Vus8YOI/L1aglGYZT68mkYjnvYieJM4
         b+UfCDFf030Z0xdF+USnbwa7ujDy80x8CiBVG7yh74OEwG9eCXFhMaTmKazc69+th7+e
         LcvTtJsqq8YxkqA4CEtoLX6d7h/kOrGBHhCyg3Ohd1Ckbld/f+cSgeH8KWS+P5evpi/c
         /VPRVuOQufGyvc86aSQn7XPmPDjiaMQULaPyEcd80ha+w/mKHvfH77rgzMkG2WL6rED/
         7aumTCMTDE06YWjtfc3ii29xjnkm7TSO67ZAPYQiD4MBFAOkRcqIAX3/EH2oXXpXXQtx
         qd+g==
X-Forwarded-Encrypted: i=1; AJvYcCUxnZr2gqVwnz/g/NptblzbZ4HXW0PuKhPONXDk1Ps2gBVJoE5pAKH5U2ym+Thwf33vvJjzCbmHRHijtyQwbZNJ+i4=
X-Gm-Message-State: AOJu0Yyvx11+jaZvpv2Uhui2EP/rWA8NSV4eAmS/ZGibLKruYL8rFtTo
	lS0cT/0L6Cb2Wb7v+va7v8XtqPNjBxEx+2iB1wubayXCYyoswoTVE7UjJ0aRlwdLNxz3QaWqo+H
	h+qWRX3eNvQ5gvPl3YLPjg8LJgdE2zmZkVVbF7A==
X-Google-Smtp-Source: AGHT+IFyhoPSc7JGdV+oe6psqd2uVvvZN4Som/ELZ4Ld8+Wk1xchMqIF+Bg6WUGCWLR3cdz5i24uA4aJxYVCqEJ29MI=
X-Received: by 2002:a5b:a90:0:b0:dcc:84ae:9469 with SMTP id
 h16-20020a5b0a90000000b00dcc84ae9469mr5780484ybq.64.1710558860175; Fri, 15
 Mar 2024 20:14:20 -0700 (PDT)
MIME-Version: 1.0
References: <20210830235927.6443-1-rick.p.edgecombe@intel.com>
In-Reply-To: <20210830235927.6443-1-rick.p.edgecombe@intel.com>
From: Boris Lukashev <blukashev@sempervictus.com>
Date: Fri, 15 Mar 2024 23:14:09 -0400
Message-ID: <CAFUG7Cfy6nmWk9xmTD4rp80i4_RA12V7SA6851BvD=JaWRZeyA@mail.gmail.com>
Subject: Re: [RFC PATCH v2 00/19] PKS write protected page tables
To: Rick Edgecombe <rick.p.edgecombe@intel.com>
Cc: dave.hansen@intel.com, luto@kernel.org, peterz@infradead.org, 
	x86@kernel.org, akpm@linux-foundation.org, keescook@chromium.org, 
	shakeelb@google.com, vbabka@suse.cz, rppt@kernel.org, linux-mm@kvack.org, 
	linux-hardening@vger.kernel.org, kernel-hardening@lists.openwall.com, 
	ira.weiny@intel.com, dan.j.williams@intel.com, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspam-User: 
X-Stat-Signature: 844ypgrz9fok8ogpdmnkc7art6qf9mfd
X-Rspamd-Server: rspam07
X-Rspamd-Queue-Id: 28B9A20004
X-HE-Tag: 1710558861-24643
X-HE-Meta: U2FsdGVkX180ttvw72l1z9VZCcu1wos8arXESxHqrT0f0E7K73vmOmIWK5nXfja6fWMZ3odEOLaO2s2susMETrrqW4G4B52bgD0nIe1vbOm1RvGYfQ+tj78o5n087umkskJTDbhlO3+20LGuMCPjj++pGJeYjcbA9+tyD+1X7heM+AECAOkCx3Ds8CEzDVYoH+FAna0DWfrxLjN6FRYZjrOrs/My0vcerso/VHTMI9DkG0+jqdgIGV+pWu+dsiVsJp8fQdDc2y1y9EqtFuWLgdayjddL0Fv4S1zQ5QVIPJklUGoWUHJyG1VWZ68LDRbfkJ1js0jPIfIULfPldwQFX/ajnG31xGCRFl8AEGx1u7eRk9Egmk0zmkEBiIljRgazhvIxwdxcvgay3R5VaCScUS4qe7PAsRNM1GspKQurOhnP1uG8VMnTggEG4TkfFVctkYBIm+psJyfL8YKaOCVBvcHO2CffwQcUHlq9cSLCEGCfz4hPI+6NZbX07GQz50OyD27p/VFfLTxR/1joGu9SpibRl7eEmX/STU6MR+IjEMw2lnMNRp/us8CZN6oFxLb5XyvSQ6J/RHBNa58wEmLKYqNuOdnpd9YnKjqquSVcyv+jfo3VNwtS3gZheB4NiGopuQTccz5Pm8ETqq1pCbelttl9TQtpA8jmVRZB6SgCxFDSa8Di+KCSaWoafbKRBHrmgohIfHupfaJnZvtzgJLtb9XzkS+AllQnor2ERNVrisvoseJi8VLfFF3soPO25EjRKfIdyp3u5Fr8Qh8tzBfIb3BbDtmlabjIo8v1ZxmdY00evKP0OXfpedKCMmMIgpkwzvC6M0js6TnxyJBURN2H3fuvUqJrtGhziuIfKhJNWjZmP+V32k4GDbHVM4829qvs4YvtZu0g48yOb8gyfIn6yJKJq5mISyQdAOdbAZZrvAKl4nG9gmQGUAeR1VbViv1gkdYGZCrsr/gDdkjYTKN
 psa6X5l1
 CQgd0sxXliSdv4zbTKNUxEw3zTOr8/Nsm6QjuQpFAnxIFRaRAhgsd9/sorGHeAjkAuZ0H2qt6Q7ZHNF2L5zzFh9rI6s+ekUZx/EC0VhnIw7tC3NHm9mrvDQEchkqZeRUml41Ei/6Afg2K/QdMS7cduADtN7xLjWYnqWs61uanckO/6HyusT2TXRFhCW+9BMequYGGTk47t+4MQ39gaCuAgVflw5wVhKZ5ByxYab5MOtDOLy2jXlVbeTXzhu4b9WSTkWiEFqppHO34sS215uLHXS3/0GVP9sHD67Pamb3QKt6jH0cA+IOjI110M+CGP5M99QT3z9xsutX3zWhcltuthDGbBGzxiytu4v+WFAlh1rmeV4f0dRLriuAWTrKdkE+wSgdsKOp2Y/O+coDH7JAhHhT6aPkovBT7R9qbUyhFw7XYMggjZ5t18V6OhlYTbyvcsnkTmzoTSq1wEYRzD80T7TpJLKyY9StSv1xz
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

IIRC shoot-downs are one of the reasons for using per-cpu PGDs, which
can in-turn enable/underpin other hardening functions... presuming the
churn of recent years has softened attitudes toward such core MM
changes.
https://forum.osdev.org/viewtopic.php?f=3D15&t=3D29661

-Boris


On Mon, Aug 30, 2021 at 8:02=E2=80=AFPM Rick Edgecombe
<rick.p.edgecombe@intel.com> wrote:
>
> Hi,
>
> This is a second RFC for the PKS write protected tables concept. I'm shar=
ing to
> show the progress to interested people. I'd also appreciate any comments,
> especially on the direct map page table protection solution (patch 17).
>
> Since v1[1], the improvements are:
>  - Fully handle direct map page tables, and handle hotplug/unplug path.
>  - Create a debug time checker that scans page tables and verifies
>    their protection.
>  - Fix odds-and-ends kernel page tables that showed up with debug
>    checker. At this point all of the typical normal page tables should be
>    protected.
>  - Fix toggling of writablility for odds-and-ends page table modification=
s found
>    that don't use the normal helpers.
>  - Create atomic context grouped page allocator, after finding some page =
table
>    allocations that are passing GFP_ATOMIC.
>  - Create "soft" mode that warns and disables protection on violation ins=
tead
>    of oopsing.
>  - Boot parameters for disabling pks tables
>  - Change PageTable set clear to ctor/dtor (peterz)
>  - Remove VM_BUG_ON_PAGE in alloc_table() (Shakeel Butt)
>  - PeterZ/Vlastimil had suggested to also build a non-PKS mode for use in
>    debugging. I skipped it for now because the series was too big.
>  - Rebased to latest PKS core v7 [2]
>
> Also, Mike Rapoport has been experimenting[3] with this usage to work on =
how to
> share caches of permissioned/broken pages between use cases. This RFCv2 s=
till
> uses the "grouped pages" concept, where each usage would maintain its own
> cache, but should be able to integrate with a central solution if somethi=
ng is
> developed.
>
> Next I was planning to look into characterizing/tuning the performance, a=
lthough
> what page allocation scheme is ultimately used will probably impact that.
>
> This applies on top of the PKS core v7 series[2] and this patch[4]. Testi=
ng is
> still pretty light.
>
> This RFC has been acked by Dave Hansen.
>
> [1] https://lore.kernel.org/lkml/20210505003032.489164-1-rick.p.edgecombe=
@intel.com/
> [2] https://lore.kernel.org/lkml/20210804043231.2655537-1-ira.weiny@intel=
.com/
> [3] https://lore.kernel.org/lkml/20210823132513.15836-1-rppt@kernel.org/
> [4] https://lore.kernel.org/lkml/20210818221026.10794-1-rick.p.edgecombe@=
intel.com/
>
> Rick Edgecombe (19):
>   list: Support getting most recent element in list_lru
>   list: Support list head not in object for list_lru
>   x86/mm/cpa: Add grouped page allocations
>   mm: Explicitly zero page table lock ptr
>   x86, mm: Use cache of page tables
>   x86/mm/cpa: Add perm callbacks to grouped pages
>   x86/cpufeatures: Add feature for pks tables
>   x86/mm/cpa: Add get_grouped_page_atomic()
>   x86/mm: Support GFP_ATOMIC in alloc_table_node()
>   x86/mm: Use alloc_table() for fill_pte(), etc
>   mm/sparsemem: Use alloc_table() for table allocations
>   x86/mm: Use free_table in unmap path
>   mm/debug_vm_page_table: Use setters instead of WRITE_ONCE
>   x86/efi: Toggle table protections when copying
>   x86/mm/cpa: Add set_memory_pks()
>   x86/mm: Protect page tables with PKS
>   x86/mm/cpa: PKS protect direct map page tables
>   x86/mm: Add PKS table soft mode
>   x86/mm: Add PKS table debug checking
>
>  .../admin-guide/kernel-parameters.txt         |   4 +
>  arch/x86/boot/compressed/ident_map_64.c       |   5 +
>  arch/x86/include/asm/cpufeatures.h            |   2 +-
>  arch/x86/include/asm/pgalloc.h                |   6 +-
>  arch/x86/include/asm/pgtable.h                |  31 +-
>  arch/x86/include/asm/pgtable_64.h             |  33 +-
>  arch/x86/include/asm/pkeys_common.h           |   1 -
>  arch/x86/include/asm/set_memory.h             |  24 +
>  arch/x86/mm/init.c                            |  90 +++
>  arch/x86/mm/init_64.c                         |  29 +-
>  arch/x86/mm/pat/set_memory.c                  | 527 +++++++++++++++++-
>  arch/x86/mm/pgtable.c                         | 183 +++++-
>  arch/x86/mm/pkeys.c                           |   4 +
>  arch/x86/platform/efi/efi_64.c                |   8 +
>  include/asm-generic/pgalloc.h                 |  46 +-
>  include/linux/list_lru.h                      |  26 +
>  include/linux/mm.h                            |  16 +-
>  include/linux/pkeys.h                         |   1 +
>  mm/Kconfig                                    |  23 +
>  mm/debug_vm_pgtable.c                         |  36 +-
>  mm/list_lru.c                                 |  38 +-
>  mm/memory.c                                   |   1 +
>  mm/sparse-vmemmap.c                           |  22 +-
>  mm/swap.c                                     |   6 +
>  mm/swap_state.c                               |   5 +
>  .../arch/x86/include/asm/disabled-features.h  |   8 +-
>  26 files changed, 1123 insertions(+), 52 deletions(-)
>
> --
> 2.17.1
>


--=20
Boris Lukashev
Systems Architect
Semper Victus