[v1,00/18] Permission Indirection Extension

Message ID	20230309145246.22787-1-joey.gouly@arm.com (mailing list archive)
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C From: Joey Gouly <joey.gouly@arm.com> To: <linux-arm-kernel@lists.infradead.org> CC: <nd@arm.com>, <broonie@kernel.org>, <catalin.marinas@arm.com>, <james.morse@arm.com>, <joey.gouly@arm.com>, <mark.rutland@arm.com>, <maz@kernel.org>, <oliver.upton@linux.dev>, <suzuki.poulose@arm.com>, <will@kernel.org>, <yuzenghui@huawei.com> Subject: [PATCH v1 00/18] Permission Indirection Extension Date: Thu, 9 Mar 2023 14:52:28 +0000 Message-ID: <20230309145246.22787-1-joey.gouly@arm.com> MIME-Version: 1.0 NoDisclaimer: true Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	Permission Indirection Extension \| expand [v1,00/18] Permission Indirection Extension [v1,01/18] arm64/sysreg: Add ID register ID_AA64MMFR3 [v1,02/18] arm64/sysreg: add system registers TCR2_ELx [v1,03/18] arm64/sysreg: add TCR2En to HCRX_EL2 [v1,04/18] arm64/sysreg: add HFGxTR_EL2 bits for Permission Indirection Extension [v1,05/18] arm64/sysreg: add PIR_ELx registers [v1,06/18] arm64: cpufeature: add system register ID_AA64MMFR3 [v1,07/18] arm64: cpufeature: add TCR2 cpucap [v1,08/18] arm64: cpufeature: add Permission Indirection Extension cpucap [v1,09/18] KVM: arm64: Save/restore TCR2_EL1 [v1,10/18] KVM: arm64: Save/restore PIE registers [v1,11/18] KVM: arm64: expose ID_AA64MMFR3_EL1 to guests [v1,12/18] arm64: add PTE_UXN/PTE_WRITE to SWAPPER__FLAGS [v1,13/18] arm64: add PTE_WRITE to PROT_SECT_NORMAL [v1,14/18] arm64: reorganise PAGE_/PROT_ macros [v1,15/18] arm64: disable EL2 traps for PIE [v1,16/18] arm64: add encodings of PIRx_ELx registers [v1,17/18] arm64: enable Permission Indirection Extension (PIE) [v1,18/18] arm64: transfer permission indirection settings to EL2

Message ID

20230309145246.22787-1-joey.gouly@arm.com (mailing list archive)

Headers

Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
 pr=C
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 40.67.248.234 as permitted sender) receiver=protection.outlook.com;
 client-ip=40.67.248.234; helo=nebula.arm.com; pr=C
From: Joey Gouly <joey.gouly@arm.com>
To: <linux-arm-kernel@lists.infradead.org>
CC: <nd@arm.com>, <broonie@kernel.org>, <catalin.marinas@arm.com>,
	<james.morse@arm.com>, <joey.gouly@arm.com>, <mark.rutland@arm.com>,
	<maz@kernel.org>, <oliver.upton@linux.dev>, <suzuki.poulose@arm.com>,
	<will@kernel.org>, <yuzenghui@huawei.com>
Subject: [PATCH v1 00/18] Permission Indirection Extension
Date: Thu, 9 Mar 2023 14:52:28 +0000
Message-ID: <20230309145246.22787-1-joey.gouly@arm.com>
MIME-Version: 1.0
NoDisclaimer: true
X-Microsoft-Antispam-Message-Info-Original: 
 /5x2421/jZ0nVFJTiVCCho3qbj/bRVsRIvhGVhrlCH+fG1wbGqZUj7xG0apdimsvuhvTUidHHvqHnQvJAoFRJbxnmSjnymxBa0RoLe7ldrtsTcTlZQfwNmYdmBNy6Oam/5oCRwr2SZyUVRQn47wM5i3sI1vthC7h1wt6NPEV4F0ju/b5ALjP9KuA6U/58vt2dxipybNDKStQdunqtyHt7itci2uv74bZZIL4huYze25TNuAG4+9QhqdnCqlWbQCZt2Yx6YqH267b0z0h4gRtS4BNm0QllRKinfAICRvpcut2//ImDT4XxkSgCsdNMP3bwqw8YLiWVrl8n6eiNE/igJCVaulnK6lxyMxLjxf8wtKnIYvl3OLIL18ieH9cPyfOXMnkafUnt/N967iKkF0q46LnjX39aZSCf9MxWnexQy/BCLuLMGuUKlcG5RfKg7/ZbGtm0xl6u/jbA7oNrofY7c2h5pEpUrffMb7MqqOUes8Z+z4Btl6AblG21B3nudXFSxYXtJR9F8TcKR3AJj+QNl9a09ErtNSkY/VGHvm7K5HVYpEkFxvk6IlUCVNr1CeMSuVS/K2b222seZlxX26cFwBrAM6KPBzpQMmRihzjbTqSjV6xrPeYmFYVjFitZcuMhZ7EwCX4SVzgAFW8cfJg9f+18bIUitp+cHgQS8PG4bpBRe6z8HGcJVo87QRXEvWGMw9awkWqfmAoxd0MP8P1GrP1mC2gII3COLZ6/n5Eg4s=
X-Forefront-Antispam-Report-Untrusted: 
 CIP:40.67.248.234;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230025)(4636009)(39860400002)(376002)(396003)(346002)(136003)(451199018)(46966006)(36840700001)(26005)(36756003)(8936002)(5660300002)(82740400003)(36860700001)(6666004)(426003)(82310400005)(83380400001)(47076005)(81166007)(336012)(2616005)(186003)(8676002)(316002)(54906003)(86362001)(40480700001)(4326008)(70206006)(41300700001)(1076003)(6916009)(70586007)(356005)(966005)(478600001)(7696005)(2906002)(44832011)(36900700001);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR08MB9256
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 DBAEUR03FT015.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
 fb6cc750-be3c-4c43-8490-08db20adf589
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 QA2ChpWDxa4i0pBkcn/hKb6lmJnoyDLk55Fid4OgXe8ofw7lSvrLTLvqjNWwTgbJDUQf0ReIj/MDcVef6KA5NfD/yOGiP6g89y5gvkLNBK9AEXJ08pqlAYdOLIFRIoFzFjClaU/g4UBml3WMJ+xTO9psU3FQDm+036SO1CF/C4QTaCXuaXF3ivvsRh5QRIF8mVDmjxSK1kDsw7aFiHRR/8h8WSNroEcv54hZN+Q5lEfuiTt9eb6TrxhbPMuQh04M7x2/TDdtTTQMT6ugcF4+YIPY0fZyUu4WJoA/oanMtZzQwBsQDeuIm5i+EyUg3yhtU0QnH9GiTknReiUOZ50f6PhCMQlx4saJEstQm3Nf3h45qgoT7cEdYLgP/+dVt+JmlG4o8J/c5x3NLRdzutcBzlUFP9eEOQUrHSXEQFf7GFMYW/fq6iT61Vlf6bq1hGqUzy6LSMx0pvnhQFcHWDQspgtdIqdHDzHu1SMO6QfD2L0H0MrKykXGNZTxNM3zgd97VVwxsKyAMzFfBI+IH0m8CRBgkHFd3PVvQ6X2kLR6oEvmjdDkGfZDFyDAu0ixF0lNm+EZ94thWiye0b4QkHJnbqEhsEMX0Il2He55oeLvp7yX5AllUxj+mNCxD91CqUQHlI5YRaNJoSt3VgAUnjyxa85Vu9VI9gP0L9Z+83lZ2rEjrno2zCEI5tPSI9dPKh8Y8ZdW4S8Bw8wWHjU/j13JC9N0e7J10thnPc5rkvYBWIE=
X-Forefront-Antispam-Report: 
 CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230025)(4636009)(346002)(136003)(39860400002)(396003)(376002)(451199018)(46966006)(40470700004)(36840700001)(44832011)(2906002)(5660300002)(1076003)(70586007)(8936002)(36756003)(26005)(4326008)(54906003)(41300700001)(70206006)(316002)(6916009)(40460700003)(40480700001)(8676002)(86362001)(7696005)(478600001)(966005)(82740400003)(107886003)(6666004)(81166007)(36860700001)(186003)(2616005)(47076005)(336012)(82310400005)(426003)(83380400001);DIR:OUT;SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Mar 2023 14:53:13.1034
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 6370dcb7-7395-4ea1-3d41-08db20ae01e4
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DBAEUR03FT015.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB3PR08MB8940
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230309_065321_775606_EAE97A3A 
X-CRM114-Status: GOOD (  16.12  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

Permission Indirection Extension | expand

Message

Joey Gouly March 9, 2023, 2:52 p.m. UTC

Hi all,

This series implements the Permission Indirection Extension introduced in 2022
VMSA enhancements [1].

The Permission Indirection Extension is a new way to set memory permissions.
Instead of directly encoding the permission in the Page Table Entry (PTE),
fields in the PTEs are used to index into an array of permissions specified in
a register. This indirection provides greater flexibility, greater encoding
density and enables the representation of new permissions.

The PTEs bit that are repurposed for use with permission indirection are:
	54 PTE_UXN
	53 PTE_PXN
	51 PTE_DBM
	6 PTE_USER

The way that PIE is implemented in this patchset is that the encodings are
picked such that they match how Linux currently sets the bits in the PTEs, so
none of the page table handling has changed. This means this patchset keeps the
same functionality as currently implemented, but allows for future expansion.

Enabling PIE is also a prerequisite for implementing the Guarded Control Stack
Extension (GCS).

Another related extension is the Permission Overlay Extension, which is not
covered by this patch set, but is mentioned in patch 5 as half of PIE encoding
values apply an overlay. However, since overlays are not currently enabled, they
act as all the other permissions do.

This first few patches are adding the new system registers, and cpufeature
capabilities. Then KVM support for save/restore of the new registers is added.
Finally the new Permission Indirection registers are set and the new feature is
enabled.

There's two series on the ML that conflict-ish, but I don't think either will
tough to rework against:
  Kristina's series which changes how HCRX_EL2 works [2]
  Mark's commit to switch HFGxTR to automatic generation [3]

Thanks,
Joey

[1] https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/arm-a-profile-architecture-2022
[2] https://lore.kernel.org/linux-arm-kernel/20230216160012.272345-1-kristina.martsenko@arm.com/
[3] https://lore.kernel.org/linux-arm-kernel/20230306-arm64-fgt-reg-gen-v1-1-95bc0c97cfed@kernel.org/

Joey Gouly (18):
  arm64/sysreg: Add ID register ID_AA64MMFR3
  arm64/sysreg: add system registers TCR2_ELx
  arm64/sysreg: add TCR2En to HCRX_EL2
  arm64/sysreg: add HFGxTR_EL2 bits for Permission Indirection Extension
  arm64/sysreg: add PIR*_ELx registers
  arm64: cpufeature: add system register ID_AA64MMFR3
  arm64: cpufeature: add TCR2 cpucap
  arm64: cpufeature: add Permission Indirection Extension cpucap
  KVM: arm64: Save/restore TCR2_EL1
  KVM: arm64: Save/restore PIE registers
  KVM: arm64: expose ID_AA64MMFR3_EL1 to guests
  arm64: add PTE_UXN/PTE_WRITE to SWAPPER_*_FLAGS
  arm64: add PTE_WRITE to PROT_SECT_NORMAL
  arm64: reorganise PAGE_/PROT_ macros
  arm64: disable EL2 traps for PIE
  arm64: add encodings of PIRx_ELx registers
  arm64: enable Permission Indirection Extension (PIE)
  arm64: transfer permission indirection settings to EL2

 arch/arm64/include/asm/cpu.h               |   1 +
 arch/arm64/include/asm/el2_setup.h         |  27 ++++-
 arch/arm64/include/asm/kernel-pgtable.h    |   4 +-
 arch/arm64/include/asm/kvm_host.h          |   5 +
 arch/arm64/include/asm/pgtable-hwdef.h     |   8 ++
 arch/arm64/include/asm/pgtable-prot.h      |  90 ++++++++++-----
 arch/arm64/include/asm/pgtable.h           |   6 +
 arch/arm64/include/asm/sysreg.h            |  23 ++++
 arch/arm64/kernel/cpufeature.c             |  32 ++++++
 arch/arm64/kernel/cpuinfo.c                |   1 +
 arch/arm64/kernel/head.S                   |   8 +-
 arch/arm64/kernel/hyp-stub.S               |  18 +++
 arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h |  12 ++
 arch/arm64/kvm/sys_regs.c                  |   2 +-
 arch/arm64/mm/proc.S                       |  17 ++-
 arch/arm64/tools/cpucaps                   |   2 +
 arch/arm64/tools/sysreg                    | 127 ++++++++++++++++++++-
 17 files changed, 345 insertions(+), 38 deletions(-)

Comments

Mark Brown March 9, 2023, 3:06 p.m. UTC | #1

On Thu, Mar 09, 2023 at 02:52:29PM +0000, Joey Gouly wrote:

> Add the new ID register ID_AA64MMFR3.

Checking against DDI0601 2022-12.

> +Enum	59:56	ADERR
> +	0b0000	NI
> +	0b0001	IMP
> +EndEnum

There is also a 0b0010 which implements FEAT_ADERR.  This probably
suggests that 0b0001 is misnamed - perhaps DEV_ASYNC or something?

> +Enum	55:52	SDERR
> +	0b0000	NI
> +	0b0001	IMP
> +EndEnum

Similar comments here.

> +Enum	47:44	ANERR
> +	0b0000	NI
> +	0b0001	IMP
> +EndEnum
> +Enum	43:40	SNERR
> +	0b0000	NI
> +	0b0001	IMP
> +EndEnum

and for these two.

Mark Brown March 17, 2023, 4:49 p.m. UTC | #2

On Thu, Mar 09, 2023 at 02:52:28PM +0000, Joey Gouly wrote:

> The PTEs bit that are repurposed for use with permission indirection are:
> 	54 PTE_UXN
> 	53 PTE_PXN
> 	51 PTE_DBM
> 	6 PTE_USER

> The way that PIE is implemented in this patchset is that the encodings are
> picked such that they match how Linux currently sets the bits in the PTEs, so
> none of the page table handling has changed. This means this patchset keeps the
> same functionality as currently implemented, but allows for future expansion.

While it's not strictly needed as a result of this patch set since it
aims to implement the same encodings as currently used as soon as we
use any of the new functionality that the extension makes available
we'll need updates to the page table dumping in ptdump.c and task_mmu.c
to decode the indirect encodings natively rather than just relying on
the overlap with the direct encodings.