From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.1 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D5FDC47409 for ; Fri, 24 Jan 2020 11:40:27 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id B7604206F0 for ; Fri, 24 Jan 2020 11:40:26 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=c-s.fr header.i=@c-s.fr header.b="iiu4nggJ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B7604206F0 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=c-s.fr Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 3A4F96B0003; Fri, 24 Jan 2020 06:40:26 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 357786B0005; Fri, 24 Jan 2020 06:40:26 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 26CA46B0006; Fri, 24 Jan 2020 06:40:26 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0137.hostedemail.com [216.40.44.137]) by kanga.kvack.org (Postfix) with ESMTP id 129EC6B0003 for ; Fri, 24 Jan 2020 06:40:26 -0500 (EST) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with SMTP id C3710180AD807 for ; Fri, 24 Jan 2020 11:40:25 +0000 (UTC) X-FDA: 76412334810.27.brush87_3adc5548be3b X-HE-Tag: brush87_3adc5548be3b X-Filterd-Recvd-Size: 4856 Received: from pegase1.c-s.fr (pegase1.c-s.fr [93.17.236.30]) by imf24.hostedemail.com (Postfix) with ESMTP for ; Fri, 24 Jan 2020 11:40:25 +0000 (UTC) Received: from localhost (mailhub1-int [192.168.12.234]) by localhost (Postfix) with ESMTP id 483xyt3Jbyz9tyMg; Fri, 24 Jan 2020 12:40:22 +0100 (CET) Authentication-Results: localhost; dkim=pass reason="1024-bit key; insecure key" header.d=c-s.fr header.i=@c-s.fr header.b=iiu4nggJ; dkim-adsp=pass; dkim-atps=neutral X-Virus-Scanned: Debian amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [192.168.12.234]) (amavisd-new, port 10024) with ESMTP id A3I6opIEV_tl; Fri, 24 Jan 2020 12:40:22 +0100 (CET) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 483xyt27bmz9tyMf; Fri, 24 Jan 2020 12:40:22 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=c-s.fr; s=mail; t=1579866022; bh=FHdRJ1lym9x5LZH3JKxzccvEq6M9sGBs3OTmqNRLhTU=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=iiu4nggJtlejyS9CxTCWd166SJF9J7eVXuwRZ7M2gotO68hUK81m+MR2Tstk3ho8B Rj9fXdhonGjq/7IdTo1GHGLsriWmDEEd0f4c2HcS4bPl+9p+eVKJ1QKA/pX/XYHPtq QQIRjBIznCVLXgOan515E+eWZeriwxtYhT7tVKTQ= Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 885948B858; Fri, 24 Jan 2020 12:40:23 +0100 (CET) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id Rd4xOECJWD9L; Fri, 24 Jan 2020 12:40:23 +0100 (CET) Received: from [172.25.230.111] (po15451.idsi0.si.c-s.fr [172.25.230.111]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 514BB8B84A; Fri, 24 Jan 2020 12:40:23 +0100 (CET) Subject: Re: [PATCH v2 6/6] powerpc: Implement user_access_begin and friends To: Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org References: <12a4be679e43de1eca6e5e2173163f27e2f25236.1579715466.git.christophe.leroy@c-s.fr> <2a20d19776faba4d85dbe51ae00a5f6ac5ac0969.1579715466.git.christophe.leroy@c-s.fr> <87iml2idi9.fsf@mpe.ellerman.id.au> <87ftg6icc8.fsf@mpe.ellerman.id.au> From: Christophe Leroy Message-ID: <0c2855c2-a6d6-6b35-7f69-f55add58dfb8@c-s.fr> Date: Fri, 24 Jan 2020 12:40:23 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <87ftg6icc8.fsf@mpe.ellerman.id.au> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: fr Content-Transfer-Encoding: quoted-printable X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Le 23/01/2020 =C3=A0 13:31, Michael Ellerman a =C3=A9crit=C2=A0: > Michael Ellerman writes: >> Christophe Leroy writes: >>> Today, when a function like strncpy_from_user() is called, >>> the userspace access protection is de-activated and re-activated >>> for every word read. >>> >>> By implementing user_access_begin and friends, the protection >>> is de-activated at the beginning of the copy and re-activated at the >>> end. >>> >>> Implement user_access_begin(), user_access_end() and >>> unsafe_get_user(), unsafe_put_user() and unsafe_copy_to_user() >>> >>> For the time being, we keep user_access_save() and >>> user_access_restore() as nops. >> >> That means we will run with user access enabled in a few more places, = but >> it's only used sparingly AFAICS: >> >> kernel/trace/trace_branch.c: unsigned long flags =3D user_access= _save(); >> lib/ubsan.c: unsigned long flags =3D user_access_save(); >> lib/ubsan.c: unsigned long ua_flags =3D user_access_save(); >> mm/kasan/common.c: unsigned long flags =3D user_access_save(); >> >> And we don't have objtool checking that user access enablement isn't >> leaking in the first place, so I guess it's OK for us not to implement >> these to begin with? >=20 > It looks like we can implement them on on all three KUAP > implementations. >=20 > For radix and 8xx we just return/set the relevant SPR. >=20 > For book3s/32/kup.h I think we'd just need to add a KUAP_CURRENT case t= o > allow_user_access()? Can't do that, we don't want to keep the info in current->thread.kuap=20 after user_access_save(), otherwise we might unexpectedly re-open access=20 through an interrupt. And if we use KUAP_CURRENT case of prevent_user_access(), it means we'll=20 read current->thread.kuap twice. So, just regenerate addr and end from the flags, and use=20 allow_user_access() and prevent_user_access() as usual. I'll have it in v4 Christophe