-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kmap: Add stray access protection for device pages
Device managed pages may have additional protections. These protections need to be removed prior to valid use by kernel users. Check for special treatment of device managed pages in kmap and take action if needed. Use kmap as an interface for generic kernel code because under normal circumstances it would be a bug for general kernel code to not use kmap prior to accessing kernel memory. Therefore, this should allow any valid kernel users to seamlessly use these pages without issues. Some users of kmap() have incorrectly used the mapped address outside of the thread which performed the mapping. It is not anticipated that these 'global' mappings will be required to protect pmem as the 2 filesystems which support DAX (one of the main uses of pmem) are ext4 and xfs. Neither of these perform such global mappings. To handle other kmap() users mark mappings performed through kmap() and handle faults to those pages in 1 of 3 'kmap modes' (strict, relaxed, or silent). Strict -- fails the mapping and will cause a kernel crash. Relaxed -- will print a warning but update the current running thread to have the required pkey. Silent -- will update the current thread without the warning. Relaxed is the default. The mappings protected by PKS are those originally configured when zone device pages are added to the direct map with the PGMAP_PROT_ENABLED. Highmem systems get a new mappings which inherently are open to those using that mapping. So there is no need for PKS to be involved. Therefore, only the kmap calls in the HIGHMEM=n case are modified. Because of the critical nature of mapping pages the implementation is careful to be as fast as possible when 'mapping' pages of regular DRAM. Furthermore, it should be noted that the underlying MSR write required on device pages when protected is better than a normal MSR write. Specifically, WRMSR(MSR_IA32_PKRS) is not serializing but still maintains ordering properties similar to WRPKRU. The current SDM section on PKRS needs updating but should be the same as that of WRPKRU. So to quote from the WRPKRU text: WRPKRU will never execute speculatively. Memory accesses affected by PKRU register will not execute (even speculatively) until all prior executions of WRPKRU have completed execution and updated the PKRU register. Still this will make accessing pmem more expensive from the kernel but the overhead is minimized and most pmem users access this memory through user page mappings which are not affected at all. Signed-off-by: Ira Weiny <ira.weiny@intel.com> --- INTERNAL NOTE: Would this be better squashed with the Device Access Protection patch? It seems separate but at the same time intertwined enough to be 1 patch.
- Loading branch information
Showing
6 changed files
with
103 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,6 +4,7 @@ | |
|
||
#include <linux/mm.h> | ||
|
||
#define PKEY_INVALID (INT_MIN) | ||
enum pks_alloc_flags | ||
{ | ||
PKS_FLAG_EXCLUSIVE = 0, | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters