Re: [RFC v4 00/17] powerpc: Memory Protection Keys
On Tue, 2017-06-27 at 03:11 -0700, Ram Pai wrote: > Memory protection keys enable applications to protect its > address space from inadvertent access or corruption from > itself. > > The overall idea: > > A process allocates a key and associates it with > a address range withinits address space. > The process than can dynamically set read/write > permissions on the key without involving the > kernel. Any code that violates the permissions > off the address space; as defined by its associated > key, will receive a segmentation fault. > > This patch series enables the feature on PPC64 HPTE > platform. > > ISA3.0 section 5.7.13 describes the detailed specifications. > > > Testing: > This patch series has passed all the protection key > tests available in the selftests directory. > The tests are updated to work on both x86 and powerpc. > > version v4: > (1) patches no more depend on the pte bits to program > the hpte -- comment by Balbir > (2) documentation updates > (3) fixed a bug in the selftest. > (4) unlike x86, powerpc lets signal handler change key > permission bits; the change will persist across > signal handler boundaries. Earlier we allowed > the signal handler to modify a field in the siginfo > structure which would than be used by the kernel > to program the key protection register (AMR) > -- resolves a issue raised by Ben. > "Calls to sys_swapcontext with a made-up context > will end up with a crap AMR if done by code who > didn't know about that register". > (5) these changes enable protection keys on 4k-page > kernel aswell. I have not looked at the full series, but it seems cleaner than the original one and the side-effect is that we can support 4k as well. Nice! Balbir Singh.
[RFC v4 00/17] powerpc: Memory Protection Keys
Memory protection keys enable applications to protect its address space from inadvertent access or corruption from itself. The overall idea: A process allocates a key and associates it with a address range withinits address space. The process than can dynamically set read/write permissions on the key without involving the kernel. Any code that violates the permissions off the address space; as defined by its associated key, will receive a segmentation fault. This patch series enables the feature on PPC64 HPTE platform. ISA3.0 section 5.7.13 describes the detailed specifications. Testing: This patch series has passed all the protection key tests available in the selftests directory. The tests are updated to work on both x86 and powerpc. version v4: (1) patches no more depend on the pte bits to program the hpte -- comment by Balbir (2) documentation updates (3) fixed a bug in the selftest. (4) unlike x86, powerpc lets signal handler change key permission bits; the change will persist across signal handler boundaries. Earlier we allowed the signal handler to modify a field in the siginfo structure which would than be used by the kernel to program the key protection register (AMR) -- resolves a issue raised by Ben. "Calls to sys_swapcontext with a made-up context will end up with a crap AMR if done by code who didn't know about that register". (5) these changes enable protection keys on 4k-page kernel aswell. version v3: (1) split the patches into smaller consumable patches. (2) added the ability to disable execute permission on a key at creation. (3) rename calc_pte_to_hpte_pkey_bits() to pte_to_hpte_pkey_bits() -- suggested by Anshuman (4) some code optimization and clarity in do_page_fault() (5) A bug fix while invalidating a hpte slot in __hash_page_4K() -- noticed by Aneesh version v2: (1) documentation and selftest added (2) fixed a bug in 4k hpte backed 64k pte where page invalidation was not done correctly, and initialization of second-part-of-the-pte was not done correctly if the pte was not yet Hashed with a hpte. Reported by Aneesh. (3) Fixed ABI breakage caused in siginfo structure. Reported by Anshuman. version v1: Initial version Ram Pai (17): mm: introduce an additional vma bit for powerpc pkey mm: ability to disable execute permission on a key at creation x86: key creation with PKEY_DISABLE_EXECUTE disallowed powerpc: Implement sys_pkey_alloc and sys_pkey_free system call powerpc: store and restore the pkey state across context switches powerpc: Implementation for sys_mprotect_pkey() system call powerpc: make the hash functions protection-key aware powerpc: Program HPTE key protection bits powerpc: call the hash functions with the correct pkey value powerpc: Macro the mask used for checking DSI exception powerpc: Handle exceptions caused by pkey violation powerpc: Deliver SEGV signal on pkey violation selftest: Move protecton key selftest to arch neutral directory selftest: PowerPC specific test updates to memory protection keys Documentation: Move protecton key documentation to arch neutral directory Documentation: PowerPC specific updates to memory protection keys procfs: display the protection-key number associated with a vma Documentation/filesystems/proc.txt|3 +- Documentation/vm/protection-keys.txt | 134 +++ Documentation/x86/protection-keys.txt | 85 -- Makefile |2 +- arch/powerpc/Kconfig | 15 + arch/powerpc/include/asm/book3s/64/hash.h |2 +- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 19 +- arch/powerpc/include/asm/book3s/64/mmu.h | 10 + arch/powerpc/include/asm/book3s/64/pgtable.h | 62 ++ arch/powerpc/include/asm/mman.h |8 +- arch/powerpc/include/asm/mmu_context.h| 12 + arch/powerpc/include/asm/paca.h |1 + arch/powerpc/include/asm/pkeys.h | 159 +++ arch/powerpc/include/asm/processor.h |5 + arch/powerpc/include/asm/reg.h|7 +- arch/powerpc/include/asm/systbl.h |3 + arch/powerpc/include/asm/unistd.h |6 +- arch/powerpc/include/uapi/asm/ptrace.h|3 +- arch/powerpc/include/uapi/asm/unistd.h|3 + arch/powerpc/kernel/asm-offsets.c |5 + arch/powerpc/kernel/exceptions-64s.S | 18 +- arch/powerpc/kernel/process.c | 18 +