From patchwork Tue Jun 6 14:58:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Joey Gouly X-Patchwork-Id: 13269341 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id EA7F0C7EE29 for ; Tue, 6 Jun 2023 15:00:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-ID:Date:Subject:CC :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=G22BC2I339sigdNCV1IpN2Y8W8HwFkvhbD5wiY355Hg=; b=tf/4uFpimEOUVD 3bDpQxlXddVjqcvmlUpeRvRe1Ryf+HWShwqTtD3LElEv/INCXk8WZsA49u+hgcmAPO/M27UEFZzhT Tcx4IMmbRhnVNgCHelDSg1z0X0N3ugWK3jXJKcp4h5K3vSCuhCc1GbFrAUQxqbNlr7nhcfjgMYkuE bGSN2ReO1v+67Us5YCZgVlzRBT/eRtwdAMHIvG5ChjU+NaBrgXAF8ZDVYDLEuiW3aijxnDo4BRmIs X+ivHb74p1zpceerY5Ab7vBBGWXTLWhZ///NzkxWAqitRUkXgaFkRAGEK16v6NGuaktfnNZUMeiKO li+wcAQ0AAJVCJDNINnw==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1q6Y9j-0028cs-0D; Tue, 06 Jun 2023 14:59:31 +0000 Received: from mail-he1eur01on062b.outbound.protection.outlook.com ([2a01:111:f400:fe1e::62b] helo=EUR01-HE1-obe.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1q6Y9f-0028aW-17 for linux-arm-kernel@lists.infradead.org; Tue, 06 Jun 2023 14:59:29 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PUpqhvlsUX6+BM1T7O3RITOw8QQocS0GCZ4hEnIm9oc=; b=XIqmn7CEtmJDzA1TffgJYwWhcgxRbtOKxP2f6iNtM1jAccIl44/tYSO7/VuzzMZNPUsVwcZmA/Iac542PUdo0Bnmd3oTKy3JoQC+FuoAdnUJ2YKHVozthbUadz7JUYU4EQSRAuoikkLRIoGhl1pARJJlHTLxFdO8qVHQc7oFm0Q= Received: from DU2PR04CA0243.eurprd04.prod.outlook.com (2603:10a6:10:28e::8) by AS8PR08MB9361.eurprd08.prod.outlook.com (2603:10a6:20b:5a8::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.32; Tue, 6 Jun 2023 14:59:17 +0000 Received: from DBAEUR03FT035.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:28e:cafe::6a) by DU2PR04CA0243.outlook.office365.com (2603:10a6:10:28e::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.33 via Frontend Transport; Tue, 6 Jun 2023 14:59:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT035.mail.protection.outlook.com (100.127.142.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.19 via Frontend Transport; Tue, 6 Jun 2023 14:59:17 +0000 Received: ("Tessian outbound 99a3040377ca:v136"); Tue, 06 Jun 2023 14:59:17 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: d760b81cb4210551 X-CR-MTA-TID: 64aa7808 Received: from c17a722059df.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 22C3BCF9-A92D-4D99-B6A4-29CF05F4EA22.1; Tue, 06 Jun 2023 14:59:09 +0000 Received: from EUR02-DB5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c17a722059df.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 06 Jun 2023 14:59:09 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MSGuEPoQc+DAgYlESkTMcQV02r6qaQpILVI6T17v8ajdA1PnUuBnpBDoQeyYipkJ0ivIYrB6CnW91oSDkX/7XcK5SSUE/LTvs9d8lT0J6gpiAMJMKBZXIgtGu8vd0FJYWfrf0av5bAfF9k1MOavCtm5Khf66qi1YhT6jXwb6vZicfC6tZ303AP7Jaisx8wdGTVIp5YDNXOxiEIwUanHk6cIM/+p7bkpnwUudXFl1YlqovkUMPn76zF5RM6UfdWnAzaPMLULPy1APgjPiK9lY0pv7unfqDPWip0IkhabVR7vSwyUwyOhwN/YgW4yRk1CTztsWl90rhAiO+CRrcSPEFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=PUpqhvlsUX6+BM1T7O3RITOw8QQocS0GCZ4hEnIm9oc=; b=CJ8ZIuskLenMNLa36a+cRJtV/Fsd7jaalz8H5BDu37qDVxr2aTtNfhsuYFixKz00T3qawSdjggxa99SWZrVXOg2w2VM/Nl/XkudCV5je1HuWC5Wmf8IOuenrvi7CBYD4d7O2UIfnffCJdb2S62fjTc9Lv18j6n2Tg8VvKlBxYtnKf8j+CH+/WFvmEK7i87XB4L/Sb+zkXK0WPJKYSDG/XOtwFoaNaRHYGiEkpea8tk+VXzeudFTCFj37ZAOFagAFWCN+1gr7BS36mkGnKVygp/uE6RweMsICVaLloVrQ6XegaBlOeCTVbBYFRsFAbFnnmtMOuAwbsT+ipEEsaq5i4A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=lists.infradead.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PUpqhvlsUX6+BM1T7O3RITOw8QQocS0GCZ4hEnIm9oc=; b=XIqmn7CEtmJDzA1TffgJYwWhcgxRbtOKxP2f6iNtM1jAccIl44/tYSO7/VuzzMZNPUsVwcZmA/Iac542PUdo0Bnmd3oTKy3JoQC+FuoAdnUJ2YKHVozthbUadz7JUYU4EQSRAuoikkLRIoGhl1pARJJlHTLxFdO8qVHQc7oFm0Q= Received: from AS9PR01CA0004.eurprd01.prod.exchangelabs.com (2603:10a6:20b:540::13) by AS8PR08MB5974.eurprd08.prod.outlook.com (2603:10a6:20b:298::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6455.32; Tue, 6 Jun 2023 14:59:07 +0000 Received: from AM7EUR03FT032.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:540:cafe::bc) by AS9PR01CA0004.outlook.office365.com (2603:10a6:20b:540::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6477.19 via Frontend Transport; Tue, 6 Jun 2023 14:59:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C Received: from nebula.arm.com (40.67.248.234) by AM7EUR03FT032.mail.protection.outlook.com (100.127.140.65) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6477.19 via Frontend Transport; Tue, 6 Jun 2023 14:59:07 +0000 Received: from AZ-NEU-EX03.Arm.com (10.251.24.31) by AZ-NEU-EX03.Arm.com (10.251.24.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Tue, 6 Jun 2023 14:59:03 +0000 Received: from e124191.cambridge.arm.com (10.1.197.45) by mail.arm.com (10.251.24.31) with Microsoft SMTP Server id 15.1.2507.23 via Frontend Transport; Tue, 6 Jun 2023 14:59:03 +0000 From: Joey Gouly To: CC: , , , , , , , , , , , Subject: [PATCH v4 00/20] Permission Indirection Extension Date: Tue, 6 Jun 2023 15:58:39 +0100 Message-ID: <20230606145859.697944-1-joey.gouly@arm.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: AM7EUR03FT032:EE_|AS8PR08MB5974:EE_|DBAEUR03FT035:EE_|AS8PR08MB9361:EE_ X-MS-Office365-Filtering-Correlation-Id: 36a93ed8-de59-477e-3db1-08db669e99cc x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: r4d4g7wJ0sqcSC7HsXKWLrlPy3BvCb/D99SnQCJmS7oWFYCT8vNzQ+c78aMYjiv84xu59FZn/IRb0I1rxjGlNKVk+uWUnl2D6elHiONIleogOUI3ixY5ov5bLFG2NGPbYgvAs5ED1zXTn2D3GmQjC3SCFkxlQiC11llnOZWK8/tpNdGxKjG9SW4dcg2anLb3XAhFF+1r8F4iDNJyCGByoBvumDfSVlt5uJJkeBCvKy5damQUwDstM9KeEad7xQgXdzHUilh/f7GtxVaVPltlIS2KYm7plqkJEoQGKeaVrD8HjhlhZajCJehfmnbxjjW91fOZXd6u6Up66P8H1sp8jF7QEofGKu1geuDY3afUStjp6D84MYSxoDoB55msE8UOiNEDuq6euFWiqEIN6TQ6KHcnvkTuRidVu/35G+BRX7DltBFSvVa8/XD0nhTyA/thjDjUuyyRAIhiISFAApjEfR4XLML8XhEeB/C+N256T2QhAyTnW0G5EkSZ3+qLgQUUJ2Njy0Q0vERBYZ+K92/rYlkBNj3wFdoXduTmFI0k1d1xVH0DxvuQxrYxtrfJQwBgxfcReFxx/7nuUYH6hi4n5tRCir0u0c578rspfTbxHsmuVG40KRnyqWyHESodoTeT/Fn1yFQyFdFKcvgLjc4Jbu1OLIpEUQb1Z5bBe4M3WvgX2LfqILR55vEtuHOqOaefnZTgPuS9QJUKAtg2kHt7frIGYQr3y0e1rj/47ZDj6aUH1Hei1f/VDRUaZhyBaKDcSWrtFbIMAfKUiNQOvDFyCLWOI9BZE79iYOlN/soohL0= X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230028)(4636009)(39860400002)(376002)(396003)(346002)(136003)(451199021)(46966006)(36840700001)(40470700004)(478600001)(2906002)(40460700003)(82740400003)(36756003)(966005)(7696005)(356005)(6666004)(36860700001)(82310400005)(2616005)(47076005)(336012)(83380400001)(426003)(86362001)(26005)(81166007)(186003)(1076003)(40480700001)(5660300002)(8936002)(8676002)(41300700001)(4326008)(70586007)(70206006)(316002)(44832011)(6916009)(54906003)(36900700001);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB5974 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT035.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 54051dc7-338d-4537-36a5-08db669e93f7 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: QsT/qeIIt4G12/4Gq63lcvpQrSRoDVhuNIgMDdRbPGQsJZ7v2oPQ/AO/jrL3BtmoVjCYi01ADIqcZSt9CScTXnTqB4gDyO4RmM95APmmYFtS4q44KnGj+eQ25wpeAaNAzdExMka9fOxaMVPbAaB8y8EnvYf6EHWDHgYjnMAeOqprbBu/DYiui/wfZMOdtB+vmb6JUBgZdnImxQEhIMTLwJjySZaDrS1H9SXVzpamTRCylyWtavFVS6GNWAqswJLZK75t0IlG8jdWXyI5khjV+pWcinzPhfZBIQE/1t4OQwJa5uPBZPDEfAV1+bnfEyDwvhgXGfNjBz5fjp00CLz3Tk2JgG8xAcBZM1Zt2+F7NTXhL5Lc27+75Uxw0wVueyIup+poEc1EtMcrtELO7cVv+SY6jeNC/OaFILgQNni5U8JH0X4ihx6HqR863/C2U7D1OxBAzhKmDmrBYRVoG5DBmMUM2JBo5hcr6ZIq6make70g9vly3hgExDVFoPqMYpEUvnhN1oChvVD8mP3NY4nTruVTj1966NVnksnxfSHcJ49DgfgmeFFPmkC2woPXQA+5wnGC/AbHGVMMFAjs9jkyCW/bmmbna4rGGIwo7tVnmAMa8gKqjBgp+DN9YTI69l5f0eV+8bC/K7MO5qqFUZYGOqvh8G7DlJUvVR/kVuHc3pUl2lzeSj3BuKVboIjl//nfu1NMZhHTH+zuFvW/Mg7UrbYAQNYHZp8AozWVPqMIlj1I68NvZFgda+UdA1wAScrUHZJVhT0MRQfe2J64L67v7A== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230028)(4636009)(396003)(39860400002)(376002)(136003)(346002)(451199021)(36840700001)(40470700004)(46966006)(40460700003)(83380400001)(186003)(47076005)(426003)(2906002)(336012)(2616005)(36756003)(86362001)(82310400005)(82740400003)(81166007)(40480700001)(36860700001)(1076003)(966005)(316002)(41300700001)(6666004)(5660300002)(107886003)(8936002)(8676002)(7696005)(54906003)(478600001)(4326008)(70206006)(70586007)(6916009)(26005)(44832011);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jun 2023 14:59:17.4222 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 36a93ed8-de59-477e-3db1-08db669e99cc X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT035.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR08MB9361 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20230606_075927_556264_B8F54C80 X-CRM114-Status: GOOD ( 13.80 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi all, This series implements the Permission Indirection Extension introduced in 2022 VMSA enhancements [1]. Changes since v3 [2]: - Rebased onto for-next/feat_mops - Enabled TCR2 in new HCRX_HOST_FLAGS/HCRX_GUEST_FLAGS - Use ARM64_CPUID_FIELDS in cpufeature.c - Add Marc Z's R-b tags The Permission Indirection Extension is a new way to set memory permissions. Instead of directly encoding the permission in the Page Table Entry (PTE), fields in the PTEs are used to index into an array of permissions specified in a register. This indirection provides greater flexibility, greater encoding density and enables the representation of new permissions. The PTEs bit that are repurposed for use with permission indirection are: 54 PTE_UXN 53 PTE_PXN 51 PTE_DBM 6 PTE_USER The way that PIE is implemented in this patchset is that the encodings are picked such that they match how Linux currently sets the bits in the PTEs, so none of the page table handling has changed. This means this patchset keeps the same functionality as currently implemented, but allows for future expansion. Enabling PIE is also a prerequisite for implementing the Guarded Control Stack Extension (GCS). Another related extension is the Permission Overlay Extension, which is not covered by this patch set, but is mentioned in patch 5 as half of PIE encoding values apply an overlay. However, since overlays are not currently enabled, they act as all the other permissions do. This first few patches are adding the new system registers, and cpufeature capabilities. Then KVM support for save/restore of the new registers is added. Finally the new Permission Indirection registers are set and the new feature is enabled. Thanks, Joey [1] https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/arm-a-profile-architecture-2022 [2] http://lists.infradead.org/pipermail/linux-arm-kernel/2023-May/833014.html Joey Gouly (20): arm64/sysreg: Add ID register ID_AA64MMFR3 arm64/sysreg: add system registers TCR2_ELx arm64/sysreg: update HCRX_EL2 register arm64/sysreg: add PIR*_ELx registers arm64: cpufeature: add system register ID_AA64MMFR3 arm64: cpufeature: add TCR2 cpucap arm64: cpufeature: add Permission Indirection Extension cpucap KVM: arm64: Save/restore TCR2_EL1 KVM: arm64: Save/restore PIE registers KVM: arm64: expose ID_AA64MMFR3_EL1 to guests arm64: add PTE_UXN/PTE_WRITE to SWAPPER_*_FLAGS arm64: add PTE_WRITE to PROT_SECT_NORMAL arm64: reorganise PAGE_/PROT_ macros arm64: disable EL2 traps for PIE arm64: add encodings of PIRx_ELx registers arm64: enable Permission Indirection Extension (PIE) arm64: transfer permission indirection settings to EL2 arm64: Document boot requirements for PIE KVM: selftests: get-reg-list: support ID register features KVM: selftests: get-reg-list: add Permission Indirection registers Documentation/arm64/booting.rst | 26 +++ arch/arm64/include/asm/cpu.h | 1 + arch/arm64/include/asm/el2_setup.h | 11 +- arch/arm64/include/asm/kernel-pgtable.h | 8 +- arch/arm64/include/asm/kvm_arm.h | 4 +- arch/arm64/include/asm/kvm_host.h | 5 + arch/arm64/include/asm/pgtable-hwdef.h | 8 + arch/arm64/include/asm/pgtable-prot.h | 122 ++++++++++--- arch/arm64/include/asm/sysreg.h | 19 ++ arch/arm64/kernel/cpufeature.c | 24 +++ arch/arm64/kernel/cpuinfo.c | 1 + arch/arm64/kernel/head.S | 8 +- arch/arm64/kernel/hyp-stub.S | 18 ++ arch/arm64/kvm/hyp/include/hyp/sysreg-sr.h | 12 ++ arch/arm64/kvm/sys_regs.c | 5 +- arch/arm64/mm/proc.S | 19 +- arch/arm64/tools/cpucaps | 2 + arch/arm64/tools/sysreg | 165 +++++++++++++++++- .../selftests/kvm/aarch64/get-reg-list.c | 53 +++++- 19 files changed, 467 insertions(+), 44 deletions(-)