[v2,00/19] Permission Indirection Extension

Message ID	20230413110513.243326-1-joey.gouly@arm.com (mailing list archive)
Headers	show Return-Path: <linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org> Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C From: Joey Gouly <joey.gouly@arm.com> To: <linux-arm-kernel@lists.infradead.org> CC: <nd@arm.com>, <broonie@kernel.org>, <catalin.marinas@arm.com>, <james.morse@arm.com>, <joey.gouly@arm.com>, <mark.rutland@arm.com>, <maz@kernel.org>, <oliver.upton@linux.dev>, <suzuki.poulose@arm.com>, <will@kernel.org>, <yuzenghui@huawei.com> Subject: [PATCH v2 00/19] Permission Indirection Extension Date: Thu, 13 Apr 2023 12:04:54 +0100 Message-ID: <20230413110513.243326-1-joey.gouly@arm.com> MIME-Version: 1.0 NoDisclaimer: true Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org> Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
Series	Permission Indirection Extension \| expand [v2,00/19] Permission Indirection Extension [v2,01/19] arm64/sysreg: Add ID register ID_AA64MMFR3 [v2,02/19] arm64/sysreg: add system registers TCR2_ELx [v2,03/19] arm64/sysreg: update HCRX_EL2 register [v2,04/19] arm64/sysreg: add PIR_ELx registers [v2,05/19] arm64: cpufeature: add system register ID_AA64MMFR3 [v2,06/19] arm64: cpufeature: add TCR2 cpucap [v2,07/19] arm64: cpufeature: add Permission Indirection Extension cpucap [v2,08/19] KVM: arm64: Save/restore TCR2_EL1 [v2,09/19] KVM: arm64: Save/restore PIE registers [v2,10/19] KVM: arm64: expose ID_AA64MMFR3_EL1 to guests [v2,11/19] arm64: add PTE_UXN/PTE_WRITE to SWAPPER__FLAGS [v2,12/19] arm64: add PTE_WRITE to PROT_SECT_NORMAL [v2,13/19] arm64: reorganise PAGE_/PROT_ macros [v2,14/19] arm64: disable EL2 traps for PIE [v2,15/19] arm64: add encodings of PIRx_ELx registers [v2,16/19] arm64: enable Permission Indirection Extension (PIE) [v2,17/19] arm64: transfer permission indirection settings to EL2 [v2,18/19] arm64: Document boot requirements for PIE [v2,19/19] KVM: selftests: get-reg-list: add Permission Indirection registers

Message ID

20230413110513.243326-1-joey.gouly@arm.com (mailing list archive)

Headers

Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
 pr=C
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 40.67.248.234 as permitted sender) receiver=protection.outlook.com;
 client-ip=40.67.248.234; helo=nebula.arm.com; pr=C
From: Joey Gouly <joey.gouly@arm.com>
To: <linux-arm-kernel@lists.infradead.org>
CC: <nd@arm.com>, <broonie@kernel.org>, <catalin.marinas@arm.com>,
	<james.morse@arm.com>, <joey.gouly@arm.com>, <mark.rutland@arm.com>,
	<maz@kernel.org>, <oliver.upton@linux.dev>, <suzuki.poulose@arm.com>,
	<will@kernel.org>, <yuzenghui@huawei.com>
Subject: [PATCH v2 00/19] Permission Indirection Extension
Date: Thu, 13 Apr 2023 12:04:54 +0100
Message-ID: <20230413110513.243326-1-joey.gouly@arm.com>
MIME-Version: 1.0
NoDisclaimer: true
X-Microsoft-Antispam-Message-Info-Original: 
 qArXl11nl4d23JlXVhegQFf53njl/i3dYTGkftCcLFwhFckNg8gUY3yDAGtifLC5N0CnJd3uZQ2eLLrj8mkZ5eebJF+oFWLdhwCbosvE40RC8YHUBCciAv7D/hR9w1PPIjpiM/TH4t7ya3QUYi/V8kJpf6yKD34qhjRyG7pmiUxHI0iWkikvNMH7cb/sVpThKn1t+2e5VNb2ndZDpmdSjgl1ZdLza530mRyFzNKXdFbvOki66PH046jw2ybostOlKqIwBcZrBsPN1Fd3MAqJnPjQsn4YlUGwE3OWcXb7sj0rr1TCGHut9resldp4X4nqSHXTxNe9CaJ8viKPwxNLjkuSv3DxFc2yg/i++8A1emdlt5wq4Zw0E14HAlQD5GWjw8Fuu+w8ABGeFylMh6NmIpqf+Nbeb6+nlj0M+gG/D8MWgm82jdmHzY66TM5vZgFKnUFBUJh5urmYvDgauQk88lL344OmX2NsgbhI+SsLicrSYrm2h67+NVAOftyjVyOclemaE0h7CX7GtGz2ZgVGY+7hQazp5ZrC5oesJJM4J/LSZ+XreT6sJ/5kAOU1BioKLR7KGKFj/g214gmMrolWp3Xn6ZsACF7y6tJ7vKMtC8yHrBKSrddwy8UDkgFmoMYAKEjt9ACoCIX8cmHa+YTUqrFmGAfjwYiveaTZYQIRXLCEqNjTjHZc7vD2Ggs8VPE9mQNJeU/Xp9850kZcjgqRzezxCKibQCxzR41G/lrDqOU=
X-Forefront-Antispam-Report-Untrusted: 
 CIP:40.67.248.234;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(346002)(376002)(39860400002)(396003)(136003)(451199021)(46966006)(36840700001)(40470700004)(8676002)(8936002)(41300700001)(5660300002)(44832011)(6916009)(4326008)(81166007)(316002)(356005)(2906002)(70206006)(70586007)(426003)(478600001)(54906003)(86362001)(82740400003)(7696005)(6666004)(186003)(1076003)(40460700003)(82310400005)(83380400001)(336012)(26005)(40480700001)(36860700001)(2616005)(36756003)(47076005)(36900700001);DIR:OUT;SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR08MB9584
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 DBAEUR03FT016.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
 28fab09b-c5ba-4f1f-0783-08db3c0ef639
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 hfONa1800MN4HSJ0/gtABy5Xw8ushOX6dKbSZ8Do94gQcYYFAzeFMMLQzBbBI19nu4lh16dkgzP+VukwpoI6HHF1x1JQ+ifOmMXrBX8fwXIHBKJVgiDB4V2YShZqk0MezqsRNSza7OjkjrlXuVCvB2LwSeHiQ5YG121TWLEnGUASZs0tw4cYOETsKHt8mebAa2kQ8EwOTQIrz47SsU2FRkGm+k5gM0PJ1RU0/mqmT1Un3Aktz8riiYKAd7aq8lQdLotXPzly7RwP5Z6GwbRjlwIf/tC4RDUzoVMsc3ZHh5c7J86JxAnCIuRbdpFv0j1vJcI9VmfxgfYNz14AYnovkbgJKDknYNb3ideQrhTIYIkIlYEFNgOa0DWLUxOHw+u8sjvTyhCoYeY/a9MgPrZcL46LWN9J1ftFqc+zQsqU5yyLzobtWA+m4ETqw/ml9hrUJCdCPqCgjcEWZBGpMn61+zN4DPauF7MHGtZqdUVh5dvoCUgXmFnJSE5ziqbNZgJdoDuPnTyXZUyOPIUashrj9kmxV5aXom+hvuf9MM1sUAOsVEahgAP2DEfWqE//frnf+JoJ1jQJF1t/OL5BzvCWS46mAOYoxnc3JRKgjszxZ9/TLZv1BJX57EZt/Ajqf6lc7Aj7BoF1BjWDPA8eDI2gcmP2NuG/aKP1pLOvxSYqlQb7q8EEaaXWfO0GxYQpPjh1kMYkyNY4a9TbC2oh6e4xjg==
X-Forefront-Antispam-Report: 
 CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(346002)(396003)(136003)(376002)(39860400002)(451199021)(36840700001)(46966006)(40470700004)(86362001)(4326008)(70206006)(26005)(6916009)(316002)(1076003)(70586007)(186003)(40460700003)(36756003)(6666004)(7696005)(54906003)(40480700001)(107886003)(478600001)(8676002)(8936002)(36860700001)(2616005)(41300700001)(81166007)(5660300002)(83380400001)(44832011)(2906002)(426003)(82310400005)(336012)(47076005)(82740400003);DIR:OUT;SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Apr 2023 11:05:30.6124
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 d850806d-5e87-48d0-2fd4-08db3c0efee1
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DBAEUR03FT016.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR08MB10166
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230413_040536_991857_AD4CFF60 
X-CRM114-Status: GOOD (  15.34  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: 
 <http://lists.infradead.org/mailman/options/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: 
 <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>,
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: 
 linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Series

Permission Indirection Extension | expand

Message

Joey Gouly April 13, 2023, 11:04 a.m. UTC

Hi all,

This series implements the Permission Indirection Extension introduced in 2022
VMSA enhancements [1].

Changes since v1 [2]:
	- Renamed PIRx_ELx_PERMIDX and reversed the arguments
	- Added new registers to get-reg-list selftest
	- Added booting requirements
	- Add TCR2_EL2 and PIR_EL2 registers
	- Collected review tags
	- Rebased onto arm64/for-next/core (b2ad9d4e249), to get Mark Brown's
	  HFG* register commit.

The Permission Indirection Extension is a new way to set memory permissions.
Instead of directly encoding the permission in the Page Table Entry (PTE),
fields in the PTEs are used to index into an array of permissions specified in
a register. This indirection provides greater flexibility, greater encoding
density and enables the representation of new permissions.

The PTEs bit that are repurposed for use with permission indirection are:
	54 PTE_UXN
	53 PTE_PXN
	51 PTE_DBM
	6 PTE_USER

The way that PIE is implemented in this patchset is that the encodings are
picked such that they match how Linux currently sets the bits in the PTEs, so
none of the page table handling has changed. This means this patchset keeps the
same functionality as currently implemented, but allows for future expansion.

Enabling PIE is also a prerequisite for implementing the Guarded Control Stack
Extension (GCS).

Another related extension is the Permission Overlay Extension, which is not
covered by this patch set, but is mentioned in patch 5 as half of PIE encoding
values apply an overlay. However, since overlays are not currently enabled, they
act as all the other permissions do.

This first few patches are adding the new system registers, and cpufeature
capabilities. Then KVM support for save/restore of the new registers is added.
Finally the new Permission Indirection registers are set and the new feature is
enabled.

Kristina's series [3] changes how HCRX_EL2 is handled, so there will be need to be
some minor changes, depending on which series goes in first.

Thanks,
Joey

Joey Gouly (19):
  arm64/sysreg: Add ID register ID_AA64MMFR3
  arm64/sysreg: add system registers TCR2_ELx
  arm64/sysreg: update HCRX_EL2 register
  arm64/sysreg: add PIR*_ELx registers
  arm64: cpufeature: add system register ID_AA64MMFR3
  arm64: cpufeature: add TCR2 cpucap
  arm64: cpufeature: add Permission Indirection Extension cpucap
  KVM: arm64: Save/restore TCR2_EL1
  KVM: arm64: Save/restore PIE registers
  KVM: arm64: expose ID_AA64MMFR3_EL1 to guests
  arm64: add PTE_UXN/PTE_WRITE to SWAPPER_*_FLAGS
  arm64: add PTE_WRITE to PROT_SECT_NORMAL
  arm64: reorganise PAGE_/PROT_ macros
  arm64: disable EL2 traps for PIE
  arm64: add encodings of PIRx_ELx registers
  arm64: enable Permission Indirection Extension (PIE)
  arm64: transfer permission indirection settings to EL2
  arm64: Document boot requirements for PIE
  KVM: selftests: get-reg-list: add Permission Indirection registers

 Documentation/arm64/booting.rst               |  26 +++
 arch/arm64/include/asm/cpu.h                  |   1 +
 arch/arm64/include/asm/el2_setup.h            |  23 ++-
 arch/arm64/include/asm/kernel-pgtable.h       |   4 +-
 arch/arm64/include/asm/kvm_host.h             |   5 +
 arch/arm64/include/asm/pgtable-hwdef.h        |   8 +
 arch/arm64/include/asm/pgtable-prot.h         |  96 ++++++++---
 arch/arm64/include/asm/sysreg.h               |  19 +++
 arch/arm64/kernel/cpufeature.c                |  32 ++++
 arch/arm64/kernel/cpuinfo.c                   |   1 +
 arch/arm64/kernel/head.S                      |   8 +-
 arch/arm64/kernel/hyp-stub.S                  |  18 ++
 arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h    |  12 ++
 arch/arm64/kvm/sys_regs.c                     |   5 +-
 arch/arm64/mm/proc.S                          |  17 +-
 arch/arm64/tools/cpucaps                      |   2 +
 arch/arm64/tools/sysreg                       | 159 +++++++++++++++++-
 .../selftests/kvm/aarch64/get-reg-list.c      |   5 +-
 18 files changed, 402 insertions(+), 39 deletions(-)

Comments

Mark Brown April 13, 2023, 11:14 a.m. UTC | #1

On Thu, Apr 13, 2023 at 12:04:55PM +0100, Joey Gouly wrote:
> Add the new ID register ID_AA64MMFR3.

DDI0601 2023-03 has a few more values which this misses, it looks like
this might have been done against DDO0601 2022-12?  Ideally we'd update
to the new version but it's not urgent so:

Reviewed-by: Mark Brown <broonie@kernel.org>

It's good to note what version of the architecture you're syncing with.

> +Enum	59:56	ADERR
> +	0b0000	NI
> +	0b0001	DEV_ASYNC
> +	0b0010	FEAT_ADERR
> +EndEnum

There's also 0b0011 which on a quick scan I'm not sure what a clear name
for is.

> +Enum	55:52	SDERR
> +	0b0000	NI
> +	0b0001	DEV_SYNC
> +	0b0001	FEAT_SDERR
> +EndEnum

Similar pattern to ADERR here.

> +Res0	51:48
> +Enum	47:44	ANERR
> +	0b0000	ASYNC
> +	0b0001	FEAT_ANERR
> +EndEnum

There's also 0b0010 and 0b0011 for this.

> +Enum	43:40	SNERR
> +	0b0000	SYNC
> +	0b0001	FEAT_SNERR
> +EndEnum

Similar pattern to ANERR here.

Joey Gouly April 13, 2023, 11:25 a.m. UTC | #2

On Thu, Apr 13, 2023 at 12:14:59PM +0100, Mark Brown wrote:
> On Thu, Apr 13, 2023 at 12:04:55PM +0100, Joey Gouly wrote:
> > Add the new ID register ID_AA64MMFR3.
> 
> DDI0601 2023-03 has a few more values which this misses, it looks like
> this might have been done against DDO0601 2022-12?  Ideally we'd update
> to the new version but it's not urgent so:
> 
> Reviewed-by: Mark Brown <broonie@kernel.org>
> 
> It's good to note what version of the architecture you're syncing with.
> 
> > +Enum	59:56	ADERR
> > +	0b0000	NI
> > +	0b0001	DEV_ASYNC
> > +	0b0010	FEAT_ADERR
> > +EndEnum
> 
> There's also 0b0011 which on a quick scan I'm not sure what a clear name
> for is.
> 
> > +Enum	55:52	SDERR
> > +	0b0000	NI
> > +	0b0001	DEV_SYNC
> > +	0b0001	FEAT_SDERR
> > +EndEnum
> 
> Similar pattern to ADERR here.
> 
> > +Res0	51:48
> > +Enum	47:44	ANERR
> > +	0b0000	ASYNC
> > +	0b0001	FEAT_ANERR
> > +EndEnum
> 
> There's also 0b0010 and 0b0011 for this.
> 
> > +Enum	43:40	SNERR
> > +	0b0000	SYNC
> > +	0b0001	FEAT_SNERR
> > +EndEnum
> 
> Similar pattern to ANERR here.

Yes I was doing this against a 2022-12 version.

I completely messed up this section though, looks like I accidentaly got rid of
all the `0b0000 NI` values. Will redo this part.

Thanks,
Joey