From: Andy Lutomirski <luto@kernel.org>
To: Yu-cheng Yu <yu-cheng.yu@intel.com>
Cc: X86 ML <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>,
LKML <linux-kernel@vger.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>,
linux-arch <linux-arch@vger.kernel.org>,
Linux API <linux-api@vger.kernel.org>,
Arnd Bergmann <arnd@arndb.de>,
Balbir Singh <bsingharora@gmail.com>,
Borislav Petkov <bp@alien8.de>,
Cyrill Gorcunov <gorcunov@gmail.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Eugene Syromiatnikov <esyr@redhat.com>,
Florian Weimer <fweimer@redhat.com>,
"H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
Jonathan Corbet <corbet@lwn.net>,
Kees Cook <keescook@chromium.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Nadav Amit <nadav.amit@gmail.com>,
Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
Peter Zijlstra <peterz@infradead.org>,
Randy Dunlap <rdunlap@infradead.org>,
"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
Dave Martin <Dave.Martin@arm.com>
Subject: Re: [RFC PATCH 2/3] Introduce arch_prctl(ARCH_X86_CET_MARK_LEGACY_CODE)
Date: Sat, 29 Jun 2019 16:43:18 -0700 [thread overview]
Message-ID: <CALCETrVvbbCWMPo7v5eYgTocaxRQPHerJ=CRjWscGxgb6QjOFA@mail.gmail.com> (raw)
In-Reply-To: <20190628194158.2431-2-yu-cheng.yu@intel.com>
> On Jun 28, 2019, at 12:41 PM, Yu-cheng Yu <yu-cheng.yu@intel.com> wrote:
>
> The CET legacy code bitmap covers the whole user-mode address space and is
> located at the top of the user-mode address space. It is allocated only
> when the first time arch_prctl(ARCH_X86_MARK_LEGACY_CODE) is called from
> an application.
>
> Introduce:
>
> arch_prctl(ARCH_X86_MARK_LEGACY_CODE, unsigned long *buf)
> Mark an address range as IBT legacy code.
How about defining a struct for this?
The change log should discuss where the bitmap goes and how it’s allocated.
> +static int alloc_bitmap(void)
> +{
> + unsigned long addr;
> + u64 msr_ia32_u_cet;
> +
> + addr = do_mmap_locked(NULL, IBT_BITMAP_ADDR, IBT_BITMAP_SIZE,
> + PROT_READ | PROT_WRITE,
> + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED_NOREPLACE,
> + VM_IBT | VM_NORESERVE, NULL);
> +
> + if (IS_ERR((void *)addr))
> + return addr;
> +
> + current->thread.cet.ibt_bitmap_addr = addr;
addr is a constant. Why are you storing it? If it ends up not being
constant, you should wire up mremap like the vDSO does.
> +static int set_user_bits(unsigned long __user *buf, unsigned long buf_size,
> + unsigned long start_bit, unsigned long end_bit, unsigned long set)
> +{
> + unsigned long start_ul, end_ul, total_ul;
> + int i, j, r;
> +
> + if (round_up(end_bit, BITS_PER_BYTE) / BITS_PER_BYTE > buf_size)
> + end_bit = buf_size * BITS_PER_BYTE - 1;
> +
> + start_ul = start_bit / BITS_PER_LONG;
> + end_ul = end_bit / BITS_PER_LONG;
> + total_ul = (end_ul - start_ul + 1);
> +
> + i = start_bit % BITS_PER_LONG;
> + j = end_bit % BITS_PER_LONG;
> +
> + r = 0;
> + put_user_try {
put_user_try is obsolete. Just use get_user(), etc.
Also, I must be missing something fundamental, because this series
claims that user code can't write directly to the bitmap. This means
that this entire function shouldn't work at all.
next prev parent reply other threads:[~2019-06-29 23:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-28 19:41 [RFC PATCH 1/3] mm: Introduce VM_IBT for CET legacy code bitmap Yu-cheng Yu
2019-06-28 19:41 ` [RFC PATCH 2/3] Introduce arch_prctl(ARCH_X86_CET_MARK_LEGACY_CODE) Yu-cheng Yu
2019-06-29 23:43 ` Andy Lutomirski [this message]
2019-06-28 19:41 ` [RFC PATCH 3/3] Prevent user from writing to IBT bitmap Yu-cheng Yu
2019-06-29 23:44 ` Andy Lutomirski
2019-07-01 19:48 ` Yu-cheng Yu
2019-06-28 21:49 ` [RFC PATCH 1/3] mm: Introduce VM_IBT for CET legacy code bitmap Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CALCETrVvbbCWMPo7v5eYgTocaxRQPHerJ=CRjWscGxgb6QjOFA@mail.gmail.com' \
--to=luto@kernel.org \
--cc=Dave.Martin@arm.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=bsingharora@gmail.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=esyr@redhat.com \
--cc=fweimer@redhat.com \
--cc=gorcunov@gmail.com \
--cc=hjl.tools@gmail.com \
--cc=hpa@zytor.com \
--cc=jannh@google.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mike.kravetz@oracle.com \
--cc=mingo@redhat.com \
--cc=nadav.amit@gmail.com \
--cc=oleg@redhat.com \
--cc=pavel@ucw.cz \
--cc=peterz@infradead.org \
--cc=ravi.v.shankar@intel.com \
--cc=rdunlap@infradead.org \
--cc=tglx@linutronix.de \
--cc=vedvyas.shanbhogue@intel.com \
--cc=x86@kernel.org \
--cc=yu-cheng.yu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).