[23/26] mm: asi: Stabilize CR3 in switch_mm_irqs_off()

Message ID	20240712-asi-rfc-24-v1-23-144b319a40d8@google.com (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> Date: Fri, 12 Jul 2024 17:00:41 +0000 In-Reply-To: <20240712-asi-rfc-24-v1-0-144b319a40d8@google.com> Mime-Version: 1.0 References: <20240712-asi-rfc-24-v1-0-144b319a40d8@google.com> Message-ID: <20240712-asi-rfc-24-v1-23-144b319a40d8@google.com> Subject: [PATCH 23/26] mm: asi: Stabilize CR3 in switch_mm_irqs_off() From: Brendan Jackman <jackmanb@google.com> To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>, "H. Peter Anvin" <hpa@zytor.com>, Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Sean Christopherson <seanjc@google.com>, Paolo Bonzini <pbonzini@redhat.com>, Alexandre Chartre <alexandre.chartre@oracle.com>, Liran Alon <liran.alon@oracle.com>, Jan Setje-Eilers <jan.setjeeilers@oracle.com>, Catalin Marinas <catalin.marinas@arm.com>, Will Deacon <will@kernel.org>, Mark Rutland <mark.rutland@arm.com>, Andrew Morton <akpm@linux-foundation.org>, Mel Gorman <mgorman@suse.de>, Lorenzo Stoakes <lstoakes@gmail.com>, David Hildenbrand <david@redhat.com>, Vlastimil Babka <vbabka@suse.cz>, Michal Hocko <mhocko@kernel.org>, Khalid Aziz <khalid.aziz@oracle.com>, Juri Lelli <juri.lelli@redhat.com>, Vincent Guittot <vincent.guittot@linaro.org>, Dietmar Eggemann <dietmar.eggemann@arm.com>, Steven Rostedt <rostedt@goodmis.org>, Valentin Schneider <vschneid@redhat.com>, Paul Turner <pjt@google.com>, Reiji Watanabe <reijiw@google.com>, Junaid Shahid <junaids@google.com>, Ofir Weisse <oweisse@google.com>, Yosry Ahmed <yosryahmed@google.com>, Patrick Bellasi <derkling@google.com>, KP Singh <kpsingh@google.com>, Alexandra Sandulescu <aesa@google.com>, Matteo Rizzo <matteorizzo@google.com>, Jann Horn <jannh@google.com> Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, kvm@vger.kernel.org, Brendan Jackman <jackmanb@google.com> Content-Type: text/plain; charset="utf-8" Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	Address Space Isolation (ASI) 2024 \| expand [00/26] Address Space Isolation (ASI) 2024 [01/26] mm: asi: Make some utility functions noinstr compatible [02/26] x86: Create CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION [03/26] mm: asi: Introduce ASI core API [04/26] objtool: let some noinstr functions make indirect calls [05/26] mm: asi: Add infrastructure for boot-time enablement [06/26] mm: asi: ASI support in interrupts/exceptions [07/26] mm: asi: Switch to unrestricted address space before a context switch [08/26] mm: asi: Use separate PCIDs for restricted address spaces [09/26] mm: asi: Make __get_current_cr3_fast() ASI-aware [10/26] mm: asi: Avoid warning from NMI userspace accesses in ASI context [11/26] mm: asi: ASI page table allocation functions [12/26] mm: asi: asi_exit() on PF, skip handling if address is accessible [13/26] mm: asi: Functions to map/unmap a memory range into ASI page tables [14/26] mm: asi: Add basic infrastructure for global non-sensitive mappings [15/26] mm: Add __PAGEFLAG_FALSE [16/26] mm: asi: Map non-user buddy allocations as nonsensitive [17/26] mm: asi: Map kernel text and static data as nonsensitive [18/26] mm: asi: Map vmalloc/vmap data as nonsesnitive [19/26] percpu: clean up all mappings when pcpu_map_pages() fails [20/26] mm: asi: Map dynamic percpu memory as nonsensitive [21/26] KVM: x86: asi: Restricted address space for VM execution [22/26] KVM: x86: asi: Stabilize CR3 when potentially accessing with ASI [23/26] mm: asi: Stabilize CR3 in switch_mm_irqs_off() [24/26] mm: asi: Make TLB flushing correct under ASI [25/26] mm: asi: Stop ignoring asi=on cmdline flag [26/26] KVM: x86: asi: Add some mitigations on address space transitions

Message ID

20240712-asi-rfc-24-v1-23-144b319a40d8@google.com (mailing list archive)

State

New

Headers

Date: Fri, 12 Jul 2024 17:00:41 +0000
In-Reply-To: <20240712-asi-rfc-24-v1-0-144b319a40d8@google.com>
Mime-Version: 1.0
References: <20240712-asi-rfc-24-v1-0-144b319a40d8@google.com>
Message-ID: <20240712-asi-rfc-24-v1-23-144b319a40d8@google.com>
Subject: [PATCH 23/26] mm: asi: Stabilize CR3 in switch_mm_irqs_off()
From: Brendan Jackman <jackmanb@google.com>
To: Thomas Gleixner <tglx@linutronix.de>, Ingo Molnar <mingo@redhat.com>,
 Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>, "H. Peter Anvin" <hpa@zytor.com>,
	Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>,
	Sean Christopherson <seanjc@google.com>, Paolo Bonzini <pbonzini@redhat.com>,
	Alexandre Chartre <alexandre.chartre@oracle.com>,
 Liran Alon <liran.alon@oracle.com>,
	Jan Setje-Eilers <jan.setjeeilers@oracle.com>,
 Catalin Marinas <catalin.marinas@arm.com>,
	Will Deacon <will@kernel.org>, Mark Rutland <mark.rutland@arm.com>,
	Andrew Morton <akpm@linux-foundation.org>, Mel Gorman <mgorman@suse.de>,
	Lorenzo Stoakes <lstoakes@gmail.com>, David Hildenbrand <david@redhat.com>,
 Vlastimil Babka <vbabka@suse.cz>,
	Michal Hocko <mhocko@kernel.org>, Khalid Aziz <khalid.aziz@oracle.com>,
	Juri Lelli <juri.lelli@redhat.com>,
 Vincent Guittot <vincent.guittot@linaro.org>,
	Dietmar Eggemann <dietmar.eggemann@arm.com>,
 Steven Rostedt <rostedt@goodmis.org>,
	Valentin Schneider <vschneid@redhat.com>, Paul Turner <pjt@google.com>,
 Reiji Watanabe <reijiw@google.com>,
	Junaid Shahid <junaids@google.com>, Ofir Weisse <oweisse@google.com>,
	Yosry Ahmed <yosryahmed@google.com>, Patrick Bellasi <derkling@google.com>,
	KP Singh <kpsingh@google.com>, Alexandra Sandulescu <aesa@google.com>,
	Matteo Rizzo <matteorizzo@google.com>, Jann Horn <jannh@google.com>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	kvm@vger.kernel.org, Brendan Jackman <jackmanb@google.com>
Content-Type: text/plain; charset="utf-8"
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

Address Space Isolation (ASI) 2024 | expand

Commit Message

Brendan Jackman July 12, 2024, 5 p.m. UTC

An ASI-restricted CR3 is unstable as interrupts can cause ASI-exits.
Although we already unconditionally ASI-exit during context-switch, and
before returning from the VM-run path, it's still possible to reach
switch_mm_irqs_off() in a restricted context, because KVM code updates
static keys, which requires using a temporary mm.

Signed-off-by: Brendan Jackman <jackmanb@google.com>
---
 arch/x86/mm/tlb.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c
index 36087d6238e6..a9804274049e 100644
--- a/arch/x86/mm/tlb.c
+++ b/arch/x86/mm/tlb.c
@@ -534,6 +534,9 @@  void switch_mm_irqs_off(struct mm_struct *unused, struct mm_struct *next,
 	bool need_flush;
 	u16 new_asid;
 
+	/* Stabilize CR3, before reading or writing CR3 */
+	asi_exit();
+
 	/* We don't want flush_tlb_func() to run concurrently with us. */
 	if (IS_ENABLED(CONFIG_PROVE_LOCKING))
 		WARN_ON_ONCE(!irqs_disabled());

[23/26] mm: asi: Stabilize CR3 in switch_mm_irqs_off()

Commit Message

Patch