Add HAOC feature for deepin linux-6.6.y: Isolated Execution Environment(IEE) #670
Conversation
Reviewer's Guide by SourceryThis pull request introduces the Isolated Execution Environment (IEE) feature for both X86_64 and AArch64 architectures. It includes changes to memory management, context switching, interrupt handling, and build configuration to support the new IEE functionality. A kernel command line option 'haoc=on' is added to enable the feature. Sequence diagram for IEE protected memory accesssequenceDiagram
participant Kernel
participant IEE Gate
participant IEE Protected Memory
Kernel->>IEE Gate: Access IEE Protected Memory
activate IEE Gate
IEE Gate->>IEE Gate: Save Context (DAIF, LR)
IEE Gate->>IEE Gate: Disable Interrupts
IEE Gate->>IEE Gate: Switch to IEE Stack
IEE Gate->>IEE Gate: Modify TCR_EL1 (Enable HPD1 and A1)
IEE Gate->>IEE Protected Memory: Access Memory (Read/Write)
IEE Gate->>IEE Gate: Modify TCR_EL1 (Disable HPD1 and A1)
IEE Gate->>IEE Gate: Switch to Kernel Stack
IEE Gate->>IEE Gate: Restore Context (DAIF, LR)
IEE Gate-->>Kernel: Return
deactivate IEE Gate
Updated class diagram for iee_stackclassDiagram
class iee_stack {
void* stack
}
note for iee_stack "This class represents the IEE stack for each CPU."
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
|
Hi @IamJustaChild. Thanks for your PR. 😃 |
|
Hi @IamJustaChild. Thanks for your PR. I'm waiting for a deepin-community member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey @IamJustaChild - I've reviewed your changes - here's some feedback:
Overall Comments:
- Consider adding a comment describing the purpose of the
NO_BLOCK_MAPPINGSandNO_CONT_MAPPINGSflags. - It would be helpful to add a comment explaining why CET is disabled when HAOC is enabled.
Here's what I looked at during the review
- 🟢 General issues: all looks good
- 🟢 Security: all looks good
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Documentation: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
|
评审发现代码有fix未合入 https://gitee.com/openeuler/kernel/pulls/15512 |
| syscall.o proton-pack.o idreg-override.o idle.o \ | ||
| patching.o | ||
|
|
||
| obj-$(CONFIG_IEE) += haoc/ |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
community inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/IBQKOW ------------------------------------------------- Support Isolated Execution Environment for x86. IEE depends on CR0.wp Signed-off-by: Shu Hang <[email protected]> Signed-off-by: Hu Bing <<[email protected]> Signed-off-by: Liu Zhehui <[email protected]>
community inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/IBQKOW ----------------------------------- The base framework of HAOC. Could isolate kernel critical data and enforce all write access made and verified in IEE APIs. Needs hardware support FEAT_HPDS. Signed-off-by: Lyu Jinglin <[email protected]> Signed-off-by: Zhang Shiyang <[email protected]> Signed-off-by: Liu Zhehui <[email protected]>
community inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/IBQKOW ----------------------------------- Use kernel command line haoc to control if HAOC should be enabled. eg: haoc=on to enable haoc protection. Signed-off-by: Shu Hang <[email protected]> Signed-off-by: Hu Bing <[email protected]> Signed-off-by: Liu Zhehui <[email protected]>
community inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/IBQKOW ----------------------------------- Use kernel command line parameter "haoc" to control if HAOC should be enabled on ARM64. Signed-off-by: Lyu Jinglin <[email protected]> Signed-off-by: Zhang Shiyang <[email protected]> Signed-off-by: Liu Zhehui <[email protected]>
- change "__ptep_get" to "ptep_get" - change "__set_pte" to "set_pte" - change "P4D_TABLE_AF" to "PMD_SECT_AF" - change the place of "iee_tcr_mask" Signed-off-by: Lyu Jinglin <[email protected]> Signed-off-by: Liu Zhehui <[email protected]>
community inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IBTMTU -------------------------------- add support for large memory (more than 1TB) in HAOC-ARM64 IEE. Fixes: 8d2e6d1bb690 ("HAOC: Add support for AArch64 Isolated Execution Environment(IEE).") Signed-off-by: Zhang Shiyang <[email protected]> Signed-off-by: Liu Zhehui <[email protected]>
community inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/IBSGVE -------------------------------- add support for versions lower than ARMv8.1-a Fixes: 8d2e6d1bb690 ("HAOC: Add support for AArch64 Isolated Execution Environment(IEE).") Signed-off-by: Lyu Jinglin <[email protected]> Signed-off-by: Liu Zhehui <[email protected]>
|
We use `#pragma GCC optimize("O0")` because we want to a "memset()" function
for internal use within IEE. However, when the compiler detects operations similar
to memset, it automatically optimizes them into calls to the standard memset
library function. Since IEE calling external functions to access data may cause
security issues, we must prevent this function from being optimized. Now it
supports clang/llvm.
Remove "def_bool = y" for IEE in Kconfig and edit
deepin_x86/arm64_desktop_defconfig to enable IEE by default.
Remove -Wno-unused-variable in Makefile.
Signed-off-by: Lyu Jinglin <[email protected]>
Signed-off-by: Liu Zhehui <[email protected]>
|
/ok-to-test |
| CONFIG_KVM=y | ||
| CONFIG_IEE=y | ||
| CONFIG_KPROBES=y | ||
| CONFIG_SHADOW_CALL_STACK=y |
| #define SET_INVALID(x) __pgprot(pgprot_val(x) & (~PTE_VALID)) | ||
| #define SET_NG(x) __pgprot(pgprot_val(x) | PTE_NG) | ||
|
|
||
| #define PGD_APTABLE_RO (_AT(pudval_t, 1) << 62) |
| #define ASID_BIT (UL(1) << 48) | ||
|
|
||
| #ifdef CONFIG_UNMAP_KERNEL_AT_EL0 | ||
| #define IEE_ASID 0xfffe |
| panic("Alloc pgtable error.\n"); | ||
|
|
||
| { | ||
| /* Iterate on the new page table. */ |
| /* The reverse operation of put_pages_into_iee(). | ||
| * Call this function when you are returning pages back to kernel. | ||
| */ | ||
| void remove_pages_from_iee(unsigned long addr, int order) |
| remove_pages_from_iee(addr, order); | ||
| } | ||
|
|
||
| #include <asm/ptrace.h> |
| p4dp = p4d_offset(pgdp, addr); | ||
| p4d = READ_ONCE(*p4dp); | ||
| if (!p4d_none(p4d) && !(p4d_val(p4d) & PGD_APTABLE_RO)) { | ||
| phys += next - addr; |
There was a problem hiding this comment.
这是在单向依次处理所有 PGD 页表项,每个页表项只可能处理一次,不会导致死循环
arch/arm64/kernel/smp.c
Outdated
| /* Init percpu seeds for random tags after cpus are set up. */ | ||
| kasan_init_sw_tags(); | ||
| #ifdef CONFIG_IEE | ||
| extern void iee_stack_init(void); |
arch/x86/Kconfig
Outdated
| Support for Isolated Execution Environment Framework. Foundation of HAOC. | ||
| Could isolate kernel critical data and enforce all write access made and | ||
| verified in IEE APIs. | ||
| depends on X86_64 |
| SYM_FUNC_END(iee_rw_gate) | ||
|
|
||
| .global iee_tcr | ||
| iee_tcr: |
There was a problem hiding this comment.
当开启BTF后有以下编译错误:
LD .tmp_vmlinux.btf
arch/arm64/kernel/haoc/iee/iee-gate.o: in function iee_protected_rw_gate': /home/deepin/actions-runner/_work/kernel/kernel/arch/arm64/kernel/haoc/iee/iee-gate.S:55:(.iee.text+0x24): relocation truncated to fit: R_AARCH64_LDST64_ABS_LO12_NC against symbol iee_tcr' defined in .text section in arch/arm64/kernel/haoc/iee/iee-gate.o
ld: /home/deepin/actions-runner/_work/kernel/kernel/arch/arm64/kernel/haoc/iee/iee-gate.S:55: 警告:one possible cause of this error is that the symbol is being referenced in the indicated code as if it had a larger alignment than was declared where it was defined
/home/deepin/actions-runner/_work/kernel/kernel/arch/arm64/kernel/haoc/iee/iee-gate.S:85:(.iee.text+0x8c): relocation truncated to fit: R_AARCH64_LDST64_ABS_LO12_NC against symbol kernel_tcr' defined in .text section in arch/arm64/kernel/haoc/iee/iee-gate.o ld: /home/deepin/actions-runner/_work/kernel/kernel/arch/arm64/kernel/haoc/iee/iee-gate.S:85: 警告:one possible cause of this error is that the symbol is being referenced in the indicated code as if it had a larger alignment than was declared where it was defined arch/arm64/kernel/haoc/iee/iee-mmu.o: in function iee_init_tcr':
/home/deepin/actions-runner/_work/kernel/kernel/arch/arm64/kernel/haoc/iee/iee-mmu.c:63:(.init.text+0x2c0): relocation truncated to fit: R_AARCH64_LDST64_ABS_LO12_NC against symbol `kernel_tcr' defined in .text section in arch/arm64/kernel/haoc/iee/iee-gate.o
ld: /home/deepin/actions-runner/_work/kernel/kernel/arch/arm64/kernel/haoc/iee/iee-mmu.c:63: 警告:one possible cause of this error is that the symbol is being referenced in the indicated code as if it had a larger alignment than was declared where it was defined
BTF .btf.vmlinux.bin.o
pahole: .tmp_vmlinux.btf: Invalid argument
可能是定义时没有对齐
1. add align before "iee_tcr" in iee-gate.S 2. format HAOC Kconfig 3. add some comments for ARM64 iee-rw-gate 4. restore deepin_arm64_desktop_defconfig "CONFIG_SHADOW_CALL_STACK=y" Signed-off-by: Lyu Jinglin <[email protected]> Signed-off-by: Liu Zhehui <[email protected]>
|
Avenger-285714
merged commit 585d92b
into
deepin-community:linux-6.6.y
5 participants
Summary by Sourcery
This pull request introduces the Isolated Execution Environment (IEE) feature for the deepin linux-6.6.y kernel, supporting both X86_64 and AArch64 architectures. The IEE provides an isolated environment for executing specific code, enhancing system security. It includes mechanisms for memory protection and access control.
New Features: