x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (6b28baca) · Commits · 戴 / test

arch/x86/include/asm/pgtable-2level.h

+17 −0

Original line number	Diff line number	Diff line
		@@ -95,4 +95,21 @@ static inline unsigned long pte_bitop(unsigned long value, unsigned int rightshi
		#define __pte_to_swp_entry(pte) ((swp_entry_t) { (pte).pte_low })
		#define __swp_entry_to_pte(x) ((pte_t) { .pte = (x).val })

		/* No inverted PFNs on 2 level page tables */

		static inline u64 protnone_mask(u64 val)
		{
		return 0;
		}

		static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask)
		{
		return val;
		}

		static inline bool __pte_needs_invert(u64 val)
		{
		return false;
		}

		#endif /* _ASM_X86_PGTABLE_2LEVEL_H */

arch/x86/include/asm/pgtable-3level.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -295,4 +295,6 @@ static inline pte_t gup_get_pte(pte_t *ptep)
		return pte;
		}

		#include <asm/pgtable-invert.h>

		#endif /* _ASM_X86_PGTABLE_3LEVEL_H */

arch/x86/include/asm/pgtable-invert.h

0 → 100644

+32 −0

Original line number	Diff line number	Diff line
		/* SPDX-License-Identifier: GPL-2.0 */
		#ifndef _ASM_PGTABLE_INVERT_H
		#define _ASM_PGTABLE_INVERT_H 1

		#ifndef __ASSEMBLY__

		static inline bool __pte_needs_invert(u64 val)
		{
		return (val & (_PAGE_PRESENT\|_PAGE_PROTNONE)) == _PAGE_PROTNONE;
		}

		/* Get a mask to xor with the page table entry to get the correct pfn. */
		static inline u64 protnone_mask(u64 val)
		{
		return __pte_needs_invert(val) ? ~0ull : 0;
		}

		static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask)
		{
		/*
		* When a PTE transitions from NONE to !NONE or vice-versa
		* invert the PFN part to stop speculation.
		* pte_pfn undoes this when needed.
		*/
		if (__pte_needs_invert(oldval) != __pte_needs_invert(val))
		val = (val & ~mask) \| (~val & mask);
		return val;
		}

		#endif /* __ASSEMBLY__ */

		#endif

arch/x86/include/asm/pgtable.h

+31 −13

Original line number	Diff line number	Diff line
		@@ -185,19 +185,29 @@ static inline int pte_special(pte_t pte)
		return pte_flags(pte) & _PAGE_SPECIAL;
		}

		/* Entries that were set to PROT_NONE are inverted */

		static inline u64 protnone_mask(u64 val);

		static inline unsigned long pte_pfn(pte_t pte)
		{
		return (pte_val(pte) & PTE_PFN_MASK) >> PAGE_SHIFT;
		unsigned long pfn = pte_val(pte);
		pfn ^= protnone_mask(pfn);
		return (pfn & PTE_PFN_MASK) >> PAGE_SHIFT;
		}

		static inline unsigned long pmd_pfn(pmd_t pmd)
		{
		return (pmd_val(pmd) & pmd_pfn_mask(pmd)) >> PAGE_SHIFT;
		unsigned long pfn = pmd_val(pmd);
		pfn ^= protnone_mask(pfn);
		return (pfn & pmd_pfn_mask(pmd)) >> PAGE_SHIFT;
		}

		static inline unsigned long pud_pfn(pud_t pud)
		{
		return (pud_val(pud) & pud_pfn_mask(pud)) >> PAGE_SHIFT;
		unsigned long pfn = pud_val(pud);
		pfn ^= protnone_mask(pfn);
		return (pfn & pud_pfn_mask(pud)) >> PAGE_SHIFT;
		}

		static inline unsigned long p4d_pfn(p4d_t p4d)
		@@ -545,25 +555,33 @@ static inline pgprotval_t check_pgprot(pgprot_t pgprot)

		static inline pte_t pfn_pte(unsigned long page_nr, pgprot_t pgprot)
		{
		return __pte(((phys_addr_t)page_nr << PAGE_SHIFT) \|
		check_pgprot(pgprot));
		phys_addr_t pfn = page_nr << PAGE_SHIFT;
		pfn ^= protnone_mask(pgprot_val(pgprot));
		pfn &= PTE_PFN_MASK;
		return __pte(pfn \| check_pgprot(pgprot));
		}

		static inline pmd_t pfn_pmd(unsigned long page_nr, pgprot_t pgprot)
		{
		return __pmd(((phys_addr_t)page_nr << PAGE_SHIFT) \|
		check_pgprot(pgprot));
		phys_addr_t pfn = page_nr << PAGE_SHIFT;
		pfn ^= protnone_mask(pgprot_val(pgprot));
		pfn &= PHYSICAL_PMD_PAGE_MASK;
		return __pmd(pfn \| check_pgprot(pgprot));
		}

		static inline pud_t pfn_pud(unsigned long page_nr, pgprot_t pgprot)
		{
		return __pud(((phys_addr_t)page_nr << PAGE_SHIFT) \|
		check_pgprot(pgprot));
		phys_addr_t pfn = page_nr << PAGE_SHIFT;
		pfn ^= protnone_mask(pgprot_val(pgprot));
		pfn &= PHYSICAL_PUD_PAGE_MASK;
		return __pud(pfn \| check_pgprot(pgprot));
		}

		static inline u64 flip_protnone_guard(u64 oldval, u64 val, u64 mask);

		static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
		{
		pteval_t val = pte_val(pte);
		pteval_t val = pte_val(pte), oldval = val;

		/*
		* Chop off the NX bit (if present), and add the NX portion of
		@@ -571,17 +589,17 @@ static inline pte_t pte_modify(pte_t pte, pgprot_t newprot)
		*/
		val &= _PAGE_CHG_MASK;
		val \|= check_pgprot(newprot) & ~_PAGE_CHG_MASK;

		val = flip_protnone_guard(oldval, val, PTE_PFN_MASK);
		return __pte(val);
		}

		static inline pmd_t pmd_modify(pmd_t pmd, pgprot_t newprot)
		{
		pmdval_t val = pmd_val(pmd);
		pmdval_t val = pmd_val(pmd), oldval = val;

		val &= _HPAGE_CHG_MASK;
		val \|= check_pgprot(newprot) & ~_HPAGE_CHG_MASK;

		val = flip_protnone_guard(oldval, val, PHYSICAL_PMD_PAGE_MASK);
		return __pmd(val);
		}

arch/x86/include/asm/pgtable_64.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -357,5 +357,7 @@ static inline bool gup_fast_permitted(unsigned long start, int nr_pages,
		return true;
		}

		#include <asm/pgtable-invert.h>

		#endif /* !__ASSEMBLY__ */
		#endif /* _ASM_X86_PGTABLE_64_H */

Admin message