From patchwork Thu May 27 23:51:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dave Hansen X-Patchwork-Id: 12285781 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFFEFC4708B for ; Thu, 27 May 2021 23:57:41 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 3C33F60233 for ; Thu, 27 May 2021 23:57:41 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3C33F60233 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 9B3416B0071; Thu, 27 May 2021 19:57:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9395A6B0072; Thu, 27 May 2021 19:57:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7B2D06B0073; Thu, 27 May 2021 19:57:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0223.hostedemail.com [216.40.44.223]) by kanga.kvack.org (Postfix) with ESMTP id 4A4D76B0071 for ; Thu, 27 May 2021 19:57:39 -0400 (EDT) Received: from smtpin37.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id CE692181AF5CA for ; Thu, 27 May 2021 23:57:38 +0000 (UTC) X-FDA: 78188675796.37.2004B72 Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by imf01.hostedemail.com (Postfix) with ESMTP id DC9E2503BD15 for ; Thu, 27 May 2021 23:57:29 +0000 (UTC) IronPort-SDR: vd/6+zIEI+Sy09gfIzJ3Sz/gwWPsK8Z+Ix+foc6/sIBWyRlqJWE7EwonFn9Ip8kBVt/M6CJfrT 5mMKPqXoGGOw== X-IronPort-AV: E=McAfee;i="6200,9189,9997"; a="190229896" X-IronPort-AV: E=Sophos;i="5.83,228,1616482800"; d="scan'208";a="190229896" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 May 2021 16:57:37 -0700 IronPort-SDR: 9ZFlg3sGbjSQxnOyaaTDmNRe3esrK6QKVLZjgaZeDojwcFOC1gLIryltHoXaSBDLcmDkBnsP99 M1Wcq2ajCfsA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.83,228,1616482800"; d="scan'208";a="615568004" Received: from viggo.jf.intel.com (HELO localhost.localdomain) ([10.54.77.144]) by orsmga005.jf.intel.com with ESMTP; 27 May 2021 16:57:37 -0700 Subject: [PATCH 3/5] x86/pkeys: skip 'init_pkru' debugfs file creation when pkeys not supported To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org,Dave Hansen ,tglx@linutronix.de,mingo@redhat.com,bp@alien8.de,x86@kernel.org,luto@kernel.org,shuah@kernel.org,babu.moger@amd.com,dave.kleikamp@oracle.com,linuxram@us.ibm.com,bauerman@linux.ibm.com,bigeasy@linutronix.de From: Dave Hansen Date: Thu, 27 May 2021 16:51:16 -0700 References: <20210527235109.B2A9F45F@viggo.jf.intel.com> In-Reply-To: <20210527235109.B2A9F45F@viggo.jf.intel.com> Message-Id: <20210527235116.E5A35872@viggo.jf.intel.com> Authentication-Results: imf01.hostedemail.com; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=intel.com (policy=none); spf=none (imf01.hostedemail.com: domain of dave.hansen@linux.intel.com has no SPF policy when checking 134.134.136.126) smtp.mailfrom=dave.hansen@linux.intel.com X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: DC9E2503BD15 X-Stat-Signature: 7assdg4numutudir9ee69g5ky8e9wzkt X-HE-Tag: 1622159849-802249 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Dave Hansen The PKRU hardware is permissive by default: all reads and writes are allowed. The in-kernel policy is restrictive by default: deny all unnecessary access until explicitly requested. That policy can be modified with a debugfs file: "x86/init_pkru". This file is created unconditionally, regardless of PKRU support in the hardware, which is a little silly. Avoid creating the file when pkeys are not available. This also removes the need to check for pkey support at runtime, which would be required once the new pkey modification infrastructure is put in place later in this series. Signed-off-by: Dave Hansen Cc: Thomas Gleixner Cc: Ingo Molnar Cc: Borislav Petkov Cc: x86@kernel.org Cc: Andy Lutomirski Cc: Shuah Khan Cc: Babu Moger Cc: Dave Kleikamp Cc: Ram Pai Cc: Thiago Jung Bauermann Cc: Sebastian Andrzej Siewior --- b/arch/x86/mm/pkeys.c | 4 ++++ 1 file changed, 4 insertions(+) diff -puN arch/x86/mm/pkeys.c~x86-pkeys-skip-debugfs-file arch/x86/mm/pkeys.c --- a/arch/x86/mm/pkeys.c~x86-pkeys-skip-debugfs-file 2021-05-27 16:40:25.847705465 -0700 +++ b/arch/x86/mm/pkeys.c 2021-05-27 16:40:25.852705465 -0700 @@ -193,6 +193,10 @@ static const struct file_operations fops static int __init create_init_pkru_value(void) { + /* Do not expose the file if pkeys are not supported. */ + if (!cpu_feature_enabled(X86_FEATURE_OSPKE)) + return 0; + debugfs_create_file("init_pkru", S_IRUSR | S_IWUSR, arch_debugfs_dir, NULL, &fops_init_pkru); return 0;