[PATCH v7 00/22] Kernel userspace access/execution prevention with hash translation
Aneesh Kumar K.V
aneesh.kumar at linux.ibm.com
Tue Dec 1 14:41:53 AEDT 2020
"Aneesh Kumar K.V" <aneesh.kumar at linux.ibm.com> writes:
> This patch series implements KUAP and KUEP with hash translation mode using
> memory keys. The kernel now uses memory protection key 3 to control access
> to the kernel. Kernel page table entries are now configured with key 3.
> Access to locations configured with any other key value is denied when in
> kernel mode (MSR_PR=0). This includes userspace which is by default configured
> with key 0.
>
> null-syscall benchmark results:
>
> With smap/smep disabled:
> Without patch:
> 845.29 ns 2451.44 cycles
> With patch series:
> 858.38 ns 2489.30 cycles
>
> With smap/smep enabled:
> Without patch:
> NA
> With patch series:
> 1021.51 ns 2962.44 cycles
>
> Changes from v6:
> * Address review comments
> * Rename MMU FTR defines
>
> Changes from v5:
> * Rework the patch based on suggestion from Michael to avoid the
> usage of CONFIG_PPC_PKEY on BOOKE platforms.
>
> Changes from v4:
> * Repost with other pkey related changes split out as a separate series.
> * Improve null-syscall benchmark by optimizing SPRN save and restore.
>
> Changes from v3:
> * Fix build error reported by kernel test robot <lkp at intel.com>
>
> Changes from v2:
> * Rebase to the latest kernel.
> * Fixed a bug with disabling KUEP/KUAP on kernel command line
> * Added a patch to make kup key dynamic.
>
> Changes from V1:
> * Rebased on latest kernel
I disabled kernel debug config options based on request from Nick
Piggin. null_syscall benchmark numbers after that.
Full series/all patches applied
radix:
277.51 ns 1054.59 cycles
hash
348.24 ns 1323.32 cycles
hash nosmap nosmep
280.39 ns 1065.47 cycles
Patch 22 dropped (no optimization)
hash
341.87 ns 1326.64 cycles
hash nosmap nosmep
312.74 ns 1188.42 cycles
Without patches:
radix:
281.31 ns 1068.98 cycles
hash (same as below)
286.37 ns 1088.21 cycles
hash nosmap nosmep
286.44 ns 1088.46 cycles
More information about the Linuxppc-dev
mailing list