Re: [PATCHv3 07/17] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify()

From: Dave Hansen
Date: Wed Jun 13 2018 - 14:13:11 EST

Next message: syzbot: "Re: Re: KASAN: slab-out-of-bounds Read in bpf_skb_vlan_push"
Previous message: Dave Hansen: "Re: [PATCHv3 04/17] mm/page_alloc: Handle allocation for encrypted memory"
In reply to: Kirill A. Shutemov: "[PATCHv3 07/17] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify()"
Next in thread: Kirill A. Shutemov: "Re: [PATCHv3 07/17] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 06/12/2018 07:39 AM, Kirill A. Shutemov wrote:
> Encrypted VMA will have KeyID stored in vma->vm_page_prot. This way we

"An encrypted VMA..."

> don't need to do anything special to setup encrypted page table entries
> and don't need to reserve space for KeyID in a VMA.
>
> This patch changes _PAGE_CHG_MASK to include KeyID bits. Otherwise they
> are going to be stripped from vm_page_prot on the first pgprot_modify().
>
> Define PTE_PFN_MASK_MAX similar to PTE_PFN_MASK but based on
> __PHYSICAL_MASK_SHIFT. This way we include whole range of bits
> architecturally available for PFN without referencing physical_mask and
> mktme_keyid_mask variables.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> ---
> arch/x86/include/asm/pgtable_types.h | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
> index 1e5a40673953..e8ebe760b88d 100644
> --- a/arch/x86/include/asm/pgtable_types.h
> +++ b/arch/x86/include/asm/pgtable_types.h
> @@ -121,8 +121,13 @@
> * protection key is treated like _PAGE_RW, for
> * instance, and is *not* included in this mask since
> * pte_modify() does modify it.
> + *
> + * It includes full range of PFN bits regardless if they were claimed for KeyID
> + * or not: we want to preserve KeyID on pte_modify() and pgprot_modify().
> */
> -#define _PAGE_CHG_MASK (PTE_PFN_MASK | _PAGE_PCD | _PAGE_PWT | \
> +#define PTE_PFN_MASK_MAX \
> + (((signed long)PAGE_MASK) & ((1ULL << __PHYSICAL_MASK_SHIFT) - 1))

"signed long" is really unusual to see. Was that intentional?

> +#define _PAGE_CHG_MASK (PTE_PFN_MASK_MAX | _PAGE_PCD | _PAGE_PWT | \
> _PAGE_SPECIAL | _PAGE_ACCESSED | _PAGE_DIRTY | \
> _PAGE_SOFT_DIRTY)
> #define _HPAGE_CHG_MASK (_PAGE_CHG_MASK | _PAGE_PSE)

This makes me a bit nervous. We have some places (here) where we
pretend that the KeyID is part of the paddr and then other places like
pte_pfn() where it's not.

Seems like something that will come back to bite us.

Next message: syzbot: "Re: Re: KASAN: slab-out-of-bounds Read in bpf_skb_vlan_push"
Previous message: Dave Hansen: "Re: [PATCHv3 04/17] mm/page_alloc: Handle allocation for encrypted memory"
In reply to: Kirill A. Shutemov: "[PATCHv3 07/17] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify()"
Next in thread: Kirill A. Shutemov: "Re: [PATCHv3 07/17] x86/mm: Preserve KeyID on pte_modify() and pgprot_modify()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]