| Message ID | 20250211161404.850215-1-ajd@linux.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Support page table check on PowerPC | expand |
On Wed, 2025-02-12 at 03:13 +1100, Andrew Donnellan wrote: > Support page table check on all PowerPC platforms. This works by > serialising assignments, reassignments and clears of page table > entries at each level in order to ensure that anonymous mappings > have at most one writable consumer, and likewise that file-backed > mappings are not simultaneously also anonymous mappings. > > In order to support this infrastructure, a number of stubs must be > defined for all powerpc platforms. Additionally, seperate > set_pte_at() > and set_pte_at_unchecked(), to allow for internal, uninstrumented > mappings. Talking to Maddy about this off-list - given that this series touches on generic code and several architectures, would it be best to take it through the mm tree rather than powerpc?
On Thu, 13 Mar 2025 13:54:39 +1100 Andrew Donnellan <ajd@linux.ibm.com> wrote: > On Wed, 2025-02-12 at 03:13 +1100, Andrew Donnellan wrote: > > Support page table check on all PowerPC platforms. This works by > > serialising assignments, reassignments and clears of page table > > entries at each level in order to ensure that anonymous mappings > > have at most one writable consumer, and likewise that file-backed > > mappings are not simultaneously also anonymous mappings. > > > > In order to support this infrastructure, a number of stubs must be > > defined for all powerpc platforms. Additionally, seperate > > set_pte_at() > > and set_pte_at_unchecked(), to allow for internal, uninstrumented > > mappings. > > Talking to Maddy about this off-list - given that this series touches > on generic code and several architectures, would it be best to take it > through the mm tree rather than powerpc? Sure, I can do that. Are the rest of the ppc team OK with these changes? I'm not seeing much acking from the usual suspects?
On 2/11/25 9:43 PM, Andrew Donnellan wrote: > Support page table check on all PowerPC platforms. This works by > serialising assignments, reassignments and clears of page table > entries at each level in order to ensure that anonymous mappings > have at most one writable consumer, and likewise that file-backed > mappings are not simultaneously also anonymous mappings. > > In order to support this infrastructure, a number of stubs must be > defined for all powerpc platforms. Additionally, seperate set_pte_at() > and set_pte_at_unchecked(), to allow for internal, uninstrumented mappings. > > (This series was written by Rohan McLure, who has left IBM and is no longer > working on powerpc - I've taken far too long to pick this up and finally > send it.) > For powerpc changes Acked-by: Madhavan Srinivasan <maddy@linux.ibm.com> > v13: > * Rebase on mainline > * Don't use set_pte_at_unchecked() for early boot purposes (Pasha) > > v12: > * Rename commits that revert changes to instead reflect that we are > reinstating old behaviour due to it providing more flexibility > * Add return line to pud_pfn() stub > * Instrument ptep_get_and_clear() for nohash > Link: https://lore.kernel.org/linuxppc-dev/20240402051154.476244-1-rmclure@linux.ibm.com/ > > v11: > * The pud_pfn() stub, which previously had no legitimate users on any > powerpc platform, now has users in Book3s64 with transparent pages. > Include a stub of the same name for each platform that does not > define their own. > * Drop patch that standardised use of p*d_leaf(), as already included > upstream in v6.9. > * Provide fallback definitions of p{m,u}d_user_accessible_page() that > do not reference p*d_leaf(), p*d_pte(), as they are defined after > powerpc/mm headers by linux/mm headers. > * Ensure that set_pte_at_unchecked() has the same checks as > set_pte_at(). > Link: https://lore.kernel.org/linuxppc-dev/20240328045535.194800-14-rmclure@linux.ibm.com/ > > v10: > * Revert patches that removed address and mm parameters from page table > check routines, including consuming code from arm64, x86_64 and > riscv. > * Implement *_user_accessible_page() routines in terms of pte_user() > where available (64-bit, book3s) but otherwise by checking the > address (on platforms where the pte does not imply whether the > mapping is for user or kernel) > * Internal set_pte_at() calls replaced with set_pte_at_unchecked(), which > is identical, but prevents double instrumentation. > Link: https://lore.kernel.org/linuxppc-dev/20240313042118.230397-9-rmclure@linux.ibm.com/T/ > > v9: > * Adapt to using the set_ptes() API, using __set_pte_at() where we need > must avoid instrumentation. > * Use the logic of *_access_permitted() for implementing > *_user_accessible_page(), which are required routines for page table > check. > * Even though we no longer need p{m,u,4}d_leaf(), still default > implement these to assist in refactoring out extant > p{m,u,4}_is_leaf(). > * Add p{m,u}_pte() stubs where asm-generic does not provide them, as > page table check wants all *user_accessible_page() variants, and we > would like to default implement the variants in terms of > pte_user_accessible_page(). > * Avoid the ugly pmdp_collapse_flush() macro nonsense! Just instrument > its constituent calls instead for radix and hash. > Link: https://lore.kernel.org/linuxppc-dev/20231130025404.37179-2-rmclure@linux.ibm.com/ > > v8: > * Fix linux/page_table_check.h include in asm/pgtable.h breaking > 32-bit. > Link: https://lore.kernel.org/linuxppc-dev/20230215231153.2147454-1-rmclure@linux.ibm.com/ > > v7: > * Remove use of extern in set_pte prototypes > * Clean up pmdp_collapse_flush macro > * Replace set_pte_at with static inline function > * Fix commit message for patch 7 > Link: https://lore.kernel.org/linuxppc-dev/20230215020155.1969194-1-rmclure@linux.ibm.com/ > > v6: > * Support huge pages and p{m,u}d accounting. > * Remove instrumentation from set_pte from kernel internal pages. > * 64s: Implement pmdp_collapse_flush in terms of __pmdp_collapse_flush > as access to the mm_struct * is required. > Link: https://lore.kernel.org/linuxppc-dev/20230214015939.1853438-1-rmclure@linux.ibm.com/ > > v5: > Link: https://lore.kernel.org/linuxppc-dev/20221118002146.25979-1-rmclure@linux.ibm.com/ > > Rohan McLure (11): > mm/page_table_check: Reinstate address parameter in > [__]page_table_check_pud_set() > mm/page_table_check: Reinstate address parameter in > [__]page_table_check_pmd_set() > mm/page_table_check: Provide addr parameter to > page_table_check_pte_set() > mm/page_table_check: Reinstate address parameter in > [__]page_table_check_pud_clear() > mm/page_table_check: Reinstate address parameter in > [__]page_table_check_pmd_clear() > mm/page_table_check: Reinstate address parameter in > [__]page_table_check_pte_clear() > mm: Provide address parameter to p{te,md,ud}_user_accessible_page() > powerpc: mm: Add pud_pfn() stub > powerpc: mm: Implement *_user_accessible_page() for ptes > powerpc: mm: Use set_pte_at_unchecked() for internal usages > powerpc: mm: Support page table check > > arch/arm64/include/asm/pgtable.h | 18 +++--- > arch/powerpc/Kconfig | 1 + > arch/powerpc/include/asm/book3s/32/pgtable.h | 12 +++- > arch/powerpc/include/asm/book3s/64/pgtable.h | 62 +++++++++++++++--- > arch/powerpc/include/asm/nohash/pgtable.h | 13 +++- > arch/powerpc/include/asm/pgtable.h | 19 ++++++ > arch/powerpc/mm/book3s64/hash_pgtable.c | 4 ++ > arch/powerpc/mm/book3s64/pgtable.c | 17 +++-- > arch/powerpc/mm/book3s64/radix_pgtable.c | 9 ++- > arch/powerpc/mm/pgtable.c | 12 ++++ > arch/riscv/include/asm/pgtable.h | 18 +++--- > arch/x86/include/asm/pgtable.h | 20 +++--- > include/linux/page_table_check.h | 67 ++++++++++++-------- > include/linux/pgtable.h | 10 +-- > mm/page_table_check.c | 39 +++++++----- > 15 files changed, 225 insertions(+), 96 deletions(-) >
Support page table check on all PowerPC platforms. This works by serialising assignments, reassignments and clears of page table entries at each level in order to ensure that anonymous mappings have at most one writable consumer, and likewise that file-backed mappings are not simultaneously also anonymous mappings. In order to support this infrastructure, a number of stubs must be defined for all powerpc platforms. Additionally, seperate set_pte_at() and set_pte_at_unchecked(), to allow for internal, uninstrumented mappings. (This series was written by Rohan McLure, who has left IBM and is no longer working on powerpc - I've taken far too long to pick this up and finally send it.) v13: * Rebase on mainline * Don't use set_pte_at_unchecked() for early boot purposes (Pasha) v12: * Rename commits that revert changes to instead reflect that we are reinstating old behaviour due to it providing more flexibility * Add return line to pud_pfn() stub * Instrument ptep_get_and_clear() for nohash Link: https://lore.kernel.org/linuxppc-dev/20240402051154.476244-1-rmclure@linux.ibm.com/ v11: * The pud_pfn() stub, which previously had no legitimate users on any powerpc platform, now has users in Book3s64 with transparent pages. Include a stub of the same name for each platform that does not define their own. * Drop patch that standardised use of p*d_leaf(), as already included upstream in v6.9. * Provide fallback definitions of p{m,u}d_user_accessible_page() that do not reference p*d_leaf(), p*d_pte(), as they are defined after powerpc/mm headers by linux/mm headers. * Ensure that set_pte_at_unchecked() has the same checks as set_pte_at(). Link: https://lore.kernel.org/linuxppc-dev/20240328045535.194800-14-rmclure@linux.ibm.com/ v10: * Revert patches that removed address and mm parameters from page table check routines, including consuming code from arm64, x86_64 and riscv. * Implement *_user_accessible_page() routines in terms of pte_user() where available (64-bit, book3s) but otherwise by checking the address (on platforms where the pte does not imply whether the mapping is for user or kernel) * Internal set_pte_at() calls replaced with set_pte_at_unchecked(), which is identical, but prevents double instrumentation. Link: https://lore.kernel.org/linuxppc-dev/20240313042118.230397-9-rmclure@linux.ibm.com/T/ v9: * Adapt to using the set_ptes() API, using __set_pte_at() where we need must avoid instrumentation. * Use the logic of *_access_permitted() for implementing *_user_accessible_page(), which are required routines for page table check. * Even though we no longer need p{m,u,4}d_leaf(), still default implement these to assist in refactoring out extant p{m,u,4}_is_leaf(). * Add p{m,u}_pte() stubs where asm-generic does not provide them, as page table check wants all *user_accessible_page() variants, and we would like to default implement the variants in terms of pte_user_accessible_page(). * Avoid the ugly pmdp_collapse_flush() macro nonsense! Just instrument its constituent calls instead for radix and hash. Link: https://lore.kernel.org/linuxppc-dev/20231130025404.37179-2-rmclure@linux.ibm.com/ v8: * Fix linux/page_table_check.h include in asm/pgtable.h breaking 32-bit. Link: https://lore.kernel.org/linuxppc-dev/20230215231153.2147454-1-rmclure@linux.ibm.com/ v7: * Remove use of extern in set_pte prototypes * Clean up pmdp_collapse_flush macro * Replace set_pte_at with static inline function * Fix commit message for patch 7 Link: https://lore.kernel.org/linuxppc-dev/20230215020155.1969194-1-rmclure@linux.ibm.com/ v6: * Support huge pages and p{m,u}d accounting. * Remove instrumentation from set_pte from kernel internal pages. * 64s: Implement pmdp_collapse_flush in terms of __pmdp_collapse_flush as access to the mm_struct * is required. Link: https://lore.kernel.org/linuxppc-dev/20230214015939.1853438-1-rmclure@linux.ibm.com/ v5: Link: https://lore.kernel.org/linuxppc-dev/20221118002146.25979-1-rmclure@linux.ibm.com/ Rohan McLure (11): mm/page_table_check: Reinstate address parameter in [__]page_table_check_pud_set() mm/page_table_check: Reinstate address parameter in [__]page_table_check_pmd_set() mm/page_table_check: Provide addr parameter to page_table_check_pte_set() mm/page_table_check: Reinstate address parameter in [__]page_table_check_pud_clear() mm/page_table_check: Reinstate address parameter in [__]page_table_check_pmd_clear() mm/page_table_check: Reinstate address parameter in [__]page_table_check_pte_clear() mm: Provide address parameter to p{te,md,ud}_user_accessible_page() powerpc: mm: Add pud_pfn() stub powerpc: mm: Implement *_user_accessible_page() for ptes powerpc: mm: Use set_pte_at_unchecked() for internal usages powerpc: mm: Support page table check arch/arm64/include/asm/pgtable.h | 18 +++--- arch/powerpc/Kconfig | 1 + arch/powerpc/include/asm/book3s/32/pgtable.h | 12 +++- arch/powerpc/include/asm/book3s/64/pgtable.h | 62 +++++++++++++++--- arch/powerpc/include/asm/nohash/pgtable.h | 13 +++- arch/powerpc/include/asm/pgtable.h | 19 ++++++ arch/powerpc/mm/book3s64/hash_pgtable.c | 4 ++ arch/powerpc/mm/book3s64/pgtable.c | 17 +++-- arch/powerpc/mm/book3s64/radix_pgtable.c | 9 ++- arch/powerpc/mm/pgtable.c | 12 ++++ arch/riscv/include/asm/pgtable.h | 18 +++--- arch/x86/include/asm/pgtable.h | 20 +++--- include/linux/page_table_check.h | 67 ++++++++++++-------- include/linux/pgtable.h | 10 +-- mm/page_table_check.c | 39 +++++++----- 15 files changed, 225 insertions(+), 96 deletions(-)