Re: [PATCH, RFC 18/62] x86/mm: Implement syncing per-KeyID direct mappings
From: Peter Zijlstra
Date: Fri Jun 14 2019 - 05:56:26 EST
On Wed, May 08, 2019 at 05:43:38PM +0300, Kirill A. Shutemov wrote:
> For MKTME we use per-KeyID direct mappings. This allows kernel to have
> access to encrypted memory.
>
> sync_direct_mapping() sync per-KeyID direct mappings with a canonical
> one -- KeyID-0.
>
> The function tracks changes in the canonical mapping:
> - creating or removing chunks of the translation tree;
> - changes in mapping flags (i.e. protection bits);
> - splitting huge page mapping into a page table;
> - replacing page table with a huge page mapping;
>
> The function need to be called on every change to the direct mapping:
> hotplug, hotremove, changes in permissions bits, etc.
And yet I don't see anything in pageattr.c.
Also, this seems like an expensive scheme; if you know where the changes
where, a more fine-grained update would be faster.
> The function is nop until MKTME is enabled.
>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> ---
> arch/x86/include/asm/mktme.h | 6 +
> arch/x86/mm/init_64.c | 10 +
> arch/x86/mm/mktme.c | 441 +++++++++++++++++++++++++++++++++++
> 3 files changed, 457 insertions(+)
> @@ -1247,6 +1254,7 @@ void mark_rodata_ro(void)
> unsigned long text_end = PFN_ALIGN(&__stop___ex_table);
> unsigned long rodata_end = PFN_ALIGN(&__end_rodata);
> unsigned long all_end;
> + int ret;
>
> printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
> (end - start) >> 10);
> @@ -1280,6 +1288,8 @@ void mark_rodata_ro(void)
> free_kernel_image_pages((void *)text_end, (void *)rodata_start);
> free_kernel_image_pages((void *)rodata_end, (void *)_sdata);
>
> + ret = sync_direct_mapping();
> + WARN_ON(ret);
> debug_checkwx();
> }
>
If you'd done pageattr, the above would not be needed.