From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7ADB7C0219D
	for <linux-mm@archiver.kernel.org>; Thu, 13 Feb 2025 14:54:52 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 0FB23280001; Thu, 13 Feb 2025 09:54:52 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 083D86B008A; Thu, 13 Feb 2025 09:54:52 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E8DC2280001; Thu, 13 Feb 2025 09:54:51 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id BE9A86B0089
	for <linux-mm@kvack.org>; Thu, 13 Feb 2025 09:54:51 -0500 (EST)
Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 6B597121121
	for <linux-mm@kvack.org>; Thu, 13 Feb 2025 14:54:51 +0000 (UTC)
X-FDA: 83115218382.29.50BFC46
Received: from foss.arm.com (foss.arm.com [217.140.110.172])
	by imf10.hostedemail.com (Postfix) with ESMTP id 3944CC000D
	for <linux-mm@kvack.org>; Thu, 13 Feb 2025 14:54:48 +0000 (UTC)
Authentication-Results: imf10.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=arm.com;
	spf=pass (imf10.hostedemail.com: domain of kevin.brodsky@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=kevin.brodsky@arm.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739458489; a=rsa-sha256;
	cv=none;
	b=uF4bpTqFM4ovkrl1gx0SpJQWQ2fRP2qP1LvRwFCgMwQLNqpcoy/dpALlGvh/Pcfswl9EFi
	pBqyEUoguvpXJ2qcaz5mUlh3CoQEB7czZCtEJW/7+PMwksKPrmZdYwgtQteg7CudzD5ZMT
	Ajb4aylzVaGECVsg1oAtPKDAnawcTh4=
ARC-Authentication-Results: i=1;
	imf10.hostedemail.com;
	dkim=none;
	dmarc=pass (policy=none) header.from=arm.com;
	spf=pass (imf10.hostedemail.com: domain of kevin.brodsky@arm.com designates 217.140.110.172 as permitted sender) smtp.mailfrom=kevin.brodsky@arm.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1739458489;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=IfuxON9f1+mt0J5dXUHTZ8LLFpSbXwaRfsyQDzivT8Y=;
	b=pcyXQJy60FSrtN5ychdh8GHJFgy8qEpXh1J8Uc27+OUQJRAwEopJQsRBn/3cOOPe+P74FS
	wDg7pX+hTgn6LNit2MFTxPGlie0NlvSkQRBEIxqPTkllENbYKmCmCV7nf52qy+Kvb/mUlj
	JLrI9bZlH+HJU3Lrkd1mCH2xdKMUscQ=
Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14])
	by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2C074106F;
	Thu, 13 Feb 2025 06:55:08 -0800 (PST)
Received: from [10.44.160.94] (e126510-lin.lund.arm.com [10.44.160.94])
	by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 677FC3F58B;
	Thu, 13 Feb 2025 06:54:42 -0800 (PST)
Message-ID: <c16a24b9-1258-4976-827d-db3335bf6e83@arm.com>
Date: Thu, 13 Feb 2025 15:54:40 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [RFC PATCH v3 00/15] pkeys-based page table hardening
From: Kevin Brodsky <kevin.brodsky@arm.com>
To: Kees Cook <kees@kernel.org>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org,
 Andrew Morton <akpm@linux-foundation.org>, Mark Brown <broonie@kernel.org>,
 Catalin Marinas <catalin.marinas@arm.com>,
 Dave Hansen <dave.hansen@linux.intel.com>, Jann Horn <jannh@google.com>,
 Jeff Xu <jeffxu@chromium.org>, Joey Gouly <joey.gouly@arm.com>,
 Linus Walleij <linus.walleij@linaro.org>, Andy Lutomirski <luto@kernel.org>,
 Marc Zyngier <maz@kernel.org>, Peter Zijlstra <peterz@infradead.org>,
 Pierre Langlois <pierre.langlois@arm.com>,
 Quentin Perret <qperret@google.com>, "Mike Rapoport (IBM)"
 <rppt@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>,
 Thomas Gleixner <tglx@linutronix.de>, Will Deacon <will@kernel.org>,
 Matthew Wilcox <willy@infradead.org>, Qi Zheng <zhengqi.arch@bytedance.com>,
 linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, x86@kernel.org
References: <20250203101839.1223008-1-kevin.brodsky@arm.com>
 <202502061422.517A57F8@keescook>
 <fd101c51-d3fc-4a4f-afcc-364b8d3c4a0b@arm.com>
Content-Language: en-GB
In-Reply-To: <fd101c51-d3fc-4a4f-afcc-364b8d3c4a0b@arm.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: 3944CC000D
X-Stat-Signature: k1nms4ag3syczrh7pjjpeb4u6fdk1qut
X-Rspam-User: 
X-HE-Tag: 1739458488-208177
X-HE-Meta: U2FsdGVkX1/1HynEeSZjSk3K7B0soZ+700yj/fBaRetEBGjCvS6LpVT96VI/Ne5ER3sW+i6a5wKolOmx5uwn1cxSJtg0OQ019nAwPIViZczX94RoSN+rsSb8lMBnTGp/dlXrGnPtDHYEyCYKsVgKZ25gd7l+9vXw1ZHkefaoWSg9DwsPmmMSJqatUSHLb6nJOZAThlzC5fgVQj2rsrPC6qDr9gUGnmoHkkT9DZyg5RuhWY+8qY4IheYH2EfqdvHJAPJpAJs76EzMPNfs1mWJgWIgAqv28oO2ksyTNuhbqQBVwotDD53uwqRkX8puu4dM3TZ6VfQ3awNAgJod559BQTEiTgXuxDfkey0e/1zrkylD3gFq5fMfda9CfvLoesSJztNYix59nx1PGMzAXAyjmAaNiE3OWsTXBEjITYJ7gsSBKfk4K3MtHV3xfELf9vIT+Q8cVxZ066tp0+znRvUM/WTiJ5nHpR794lJQAEa7e9lV3btY+jQhXR83Mhu6TV801o3WNZ4PCwOUKILInzmBT3w00DeZpQZlwTLMUKi1CinmXRLH637w5Z+Mn5fupZSxIhnckLB6wzeN1a5CTcXatGEWu0NXhDrEwlCQXmpe7LMHk0i3psBjQ5MT23/eeOhYBgXVtGTfEuDD/FwUmmNPVJuDE8WX4grxRnO/N+MzZ1lpdiieFaXqtFg3yhs3KLN1k15ECneKO+l4g0JXksg7i43DOKpOVK2oEJgeAzKIkPEeCXMpF9bB9dFjGa4qicF/YzrRUtWgBhdsAxoAttX5rvNPUzF+r3NY7mmje3W2+1bVlbCY/CVqj2KojlktCJliRCRAzLxJnQKjIEYuUAUd+aikKtzOUAQCrrmBlN2Ss7ewZj7LPj5z7ubKw7llBQ68Gbp6kN1wOArWT8wTpTVrYHklBU3am+zPkDEc1S9qjJYA301D21/xWpb/5V4bgysqttWOHDpE+XhVAFy4FSP
 b1Ep6D8y
 qmbZ3P6RrBtAh97aFv8N2FECh8RUVQXZaXovAKEQApzri6g/DYK3qLHM3d7VGQDwhPYtXqk2J8WFZhHfGZ8SlicvOkeDsSp8XvFIELLmg+r5QRDye5Q0OAhGxzaCI/me31eOEew7lW9CdP8/i/6a55Z99MIk1nb5frOde4IMNZeN21tQ=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On 10/02/2025 15:23, Kevin Brodsky wrote:
> [...]
>
>>> Any comment or feedback will be highly appreciated, be it on the
>>> high-level approach or implementation choices!
>> As hinted earlier with my QEMU question... what's the best way I can I
>> test this myself? :)
> As mentioned above I tested this series on Arm FVP. By far the easiest
> way to run some custom kernel/rootfs on FVP is to use the Shrinkwrap
> tool [3]. First install it following the quick start guide [4] (I would
> recommend using the Docker backend if possible). Then build the firmware
> stack using:
>
> $ shrinkwrap build -o arch/v9.0.yaml ns-edk2.yaml
>
> To make things easy, the runtime configuration can be stored in a file.
> Create ~/.shrinkwrap/config/poe.yaml with the following contents:
>
> ----8<----
>
> %YAML 1.2
> ---
> layers:
>   - arch/v9.0.yaml

Apologies, this is incorrect - it will not work with the most recent FVP
builds. POE is a v9.4 feature so this line should be replaced with:

> - arch/v9.4.yaml

(No need to change the shrinkwrap build line, it only matters for the
FVP runtime parameters.)

- Kevin

> run:
>   rtvars:
>     CMDLINE:
>       type: string
>       # nr_cpus=1 can be added to speed up the boot
>       value: console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda rw
>   params:
>     -C cluster0.has_permission_overlay_s1: 1
>     -C cluster1.has_permission_overlay_s1: 1
>
> ----8<----
>
> Finally start FVP using:
>
> $ shrinkwrap run -o poe.yaml ns-edk2.yaml -r
> KERNEL=<out>/arch/arm64/boot/Image -r ROOTFS=<rootfs.img>
>
> (Use Ctrl-] to terminate the model if needed.)
>
> <rootfs.img> is a file containing the root filesystem (in raw format,
> e.g. ext4). The kernel itself is built as usual (defconfig works just
> fine), just make sure to select CONFIG_KPKEYS_HARDENED_PGTABLES to
> enable the feature. You can also select
> CONFIG_KPKEYS_HARDENED_PGTABLES_TEST to run the tests in patch 15.