[RFC,v4,05/18] arm64: Implement asm/kpkeys.h using POE

Message ID	20250411091631.954228-6-kevin.brodsky@arm.com (mailing list archive)
State	New
Headers	show Return-Path: <owner-linux-mm@kvack.org> From: Kevin Brodsky <kevin.brodsky@arm.com> To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, Kevin Brodsky <kevin.brodsky@arm.com>, Andrew Morton <akpm@linux-foundation.org>, Mark Brown <broonie@kernel.org>, Catalin Marinas <catalin.marinas@arm.com>, Dave Hansen <dave.hansen@linux.intel.com>, David Hildenbrand <david@redhat.com>, Ira Weiny <ira.weiny@intel.com>, Jann Horn <jannh@google.com>, Jeff Xu <jeffxu@chromium.org>, Joey Gouly <joey.gouly@arm.com>, Kees Cook <kees@kernel.org>, Linus Walleij <linus.walleij@linaro.org>, Andy Lutomirski <luto@kernel.org>, Marc Zyngier <maz@kernel.org>, Peter Zijlstra <peterz@infradead.org>, Pierre Langlois <pierre.langlois@arm.com>, Quentin Perret <qperret@google.com>, Rick Edgecombe <rick.p.edgecombe@intel.com>, "Mike Rapoport (IBM)" <rppt@kernel.org>, Ryan Roberts <ryan.roberts@arm.com>, Thomas Gleixner <tglx@linutronix.de>, Will Deacon <will@kernel.org>, Matthew Wilcox <willy@infradead.org>, Qi Zheng <zhengqi.arch@bytedance.com>, linux-arm-kernel@lists.infradead.org, x86@kernel.org Subject: [RFC PATCH v4 05/18] arm64: Implement asm/kpkeys.h using POE Date: Fri, 11 Apr 2025 10:16:18 +0100 Message-ID: <20250411091631.954228-6-kevin.brodsky@arm.com> In-Reply-To: <20250411091631.954228-1-kevin.brodsky@arm.com> References: <20250411091631.954228-1-kevin.brodsky@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	pkeys-based page table hardening \| expand [RFC,v4,00/18] pkeys-based page table hardening [RFC,v4,01/18] mm: Introduce kpkeys [RFC,v4,02/18] set_memory: Introduce set_memory_pkey() stub [RFC,v4,03/18] arm64: mm: Enable overlays for all EL1 indirect permissions [RFC,v4,04/18] arm64: Introduce por_elx_set_pkey_perms() helper [RFC,v4,05/18] arm64: Implement asm/kpkeys.h using POE [RFC,v4,06/18] arm64: set_memory: Implement set_memory_pkey() [RFC,v4,07/18] arm64: Reset POR_EL1 on exception entry [RFC,v4,08/18] arm64: Context-switch POR_EL1 [RFC,v4,09/18] arm64: Enable kpkeys [RFC,v4,10/18] mm: Introduce kernel_pgtables_set_pkey() [RFC,v4,11/18] mm: Introduce kpkeys_hardened_pgtables [RFC,v4,12/18] mm: Allow __pagetable_ctor() to fail [RFC,v4,13/18] mm: Map page tables with privileged pkey [RFC,v4,14/18] arm64: kpkeys: Support KPKEYS_LVL_PGTABLES [RFC,v4,15/18] arm64: mm: Guard page table writes with kpkeys [RFC,v4,16/18] arm64: Enable kpkeys_hardened_pgtables support [RFC,v4,17/18] mm: Add basic tests for kpkeys_hardened_pgtables [RFC,v4,18/18] arm64: mm: Batch kpkeys level switches

Message ID

20250411091631.954228-6-kevin.brodsky@arm.com (mailing list archive)

State

New

Headers

From: Kevin Brodsky <kevin.brodsky@arm.com>
To: linux-mm@kvack.org
Cc: linux-kernel@vger.kernel.org,
	Kevin Brodsky <kevin.brodsky@arm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Mark Brown <broonie@kernel.org>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	David Hildenbrand <david@redhat.com>,
	Ira Weiny <ira.weiny@intel.com>,
	Jann Horn <jannh@google.com>,
	Jeff Xu <jeffxu@chromium.org>,
	Joey Gouly <joey.gouly@arm.com>,
	Kees Cook <kees@kernel.org>,
	Linus Walleij <linus.walleij@linaro.org>,
	Andy Lutomirski <luto@kernel.org>,
	Marc Zyngier <maz@kernel.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Pierre Langlois <pierre.langlois@arm.com>,
	Quentin Perret <qperret@google.com>,
	Rick Edgecombe <rick.p.edgecombe@intel.com>,
	"Mike Rapoport (IBM)" <rppt@kernel.org>,
	Ryan Roberts <ryan.roberts@arm.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Will Deacon <will@kernel.org>,
	Matthew Wilcox <willy@infradead.org>,
	Qi Zheng <zhengqi.arch@bytedance.com>,
	linux-arm-kernel@lists.infradead.org,
	x86@kernel.org
Subject: [RFC PATCH v4 05/18] arm64: Implement asm/kpkeys.h using POE
Date: Fri, 11 Apr 2025 10:16:18 +0100
Message-ID: <20250411091631.954228-6-kevin.brodsky@arm.com>
In-Reply-To: <20250411091631.954228-1-kevin.brodsky@arm.com>
References: <20250411091631.954228-1-kevin.brodsky@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-linux-mm@kvack.org
Precedence: bulk

Series

pkeys-based page table hardening | expand

Commit Message

Kevin Brodsky April 11, 2025, 9:16 a.m. UTC

Implement the kpkeys interface if CONFIG_ARM64_POE is enabled.
The permissions for KPKEYS_PKEY_DEFAULT (pkey 0) are set to RWX as
this pkey is also used for code mappings.

Signed-off-by: Kevin Brodsky <kevin.brodsky@arm.com>
---
 arch/arm64/include/asm/kpkeys.h | 49 +++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 arch/arm64/include/asm/kpkeys.h

diff --git a/arch/arm64/include/asm/kpkeys.h b/arch/arm64/include/asm/kpkeys.h
new file mode 100644
index 000000000000..3b0ab5e7dd22
--- /dev/null
+++ b/arch/arm64/include/asm/kpkeys.h
@@ -0,0 +1,49 @@ 
+/* SPDX-License-Identifier: GPL-2.0-only */
+#ifndef __ASM_KPKEYS_H
+#define __ASM_KPKEYS_H
+
+#include <asm/barrier.h>
+#include <asm/cpufeature.h>
+#include <asm/por.h>
+
+#include <asm-generic/kpkeys.h>
+
+static inline bool arch_kpkeys_enabled(void)
+{
+	return system_supports_poe();
+}
+
+#ifdef CONFIG_ARM64_POE
+
+static inline u64 por_set_kpkeys_level(u64 por, int level)
+{
+	por = por_elx_set_pkey_perms(por, KPKEYS_PKEY_DEFAULT, POE_RWX);
+
+	return por;
+}
+
+static __always_inline void __kpkeys_set_pkey_reg_nosync(u64 pkey_reg)
+{
+	write_sysreg_s(pkey_reg, SYS_POR_EL1);
+}
+
+static __always_inline int arch_kpkeys_set_level(int level)
+{
+	u64 prev_por = read_sysreg_s(SYS_POR_EL1);
+	u64 new_por = por_set_kpkeys_level(prev_por, level);
+
+	__kpkeys_set_pkey_reg_nosync(new_por);
+	isb();
+
+	return prev_por;
+}
+
+static __always_inline void arch_kpkeys_restore_pkey_reg(u64 pkey_reg)
+{
+	__kpkeys_set_pkey_reg_nosync(pkey_reg);
+	isb();
+}
+
+#endif /* CONFIG_ARM64_POE */
+
+#endif	/* __ASM_KPKEYS_H */

[RFC,v4,05/18] arm64: Implement asm/kpkeys.h using POE

Commit Message

Patch