From: Christophe LEROY <christophe.leroy@c-s.fr>
To: Russell Currey <ruscur@russell.cc>
Cc: mikey@neuling.org, linuxppc-dev@lists.ozlabs.org, npiggin@gmail.com
Subject: Re: [PATCH 0/5] Guarded Userspace Access Prevention on Radix
Date: Thu, 8 Nov 2018 18:52:45 +0100 [thread overview]
Message-ID: <3b8d2b1b-548b-5a07-4358-4e645c06f59e@c-s.fr> (raw)
In-Reply-To: <cdfb9e078946c63170845d2ec7167a6902514fc1.camel@russell.cc>
Le 01/11/2018 à 04:54, Russell Currey a écrit :
> On Wed, 2018-10-31 at 17:58 +0100, LEROY Christophe wrote:
>> Russell Currey <ruscur@russell.cc> a écrit :
>>
>>> On Fri, 2018-10-26 at 18:29 +0200, LEROY Christophe wrote:
>>>> Russell Currey <ruscur@russell.cc> a écrit :
>>>>
>>>>> Guarded Userspace Access Prevention is a security mechanism
>>>>> that
>>>>> prevents
>>>>> the kernel from being able to read and write userspace
>>>>> addresses
>>>>> outside of
>>>>> the allowed paths, most commonly copy_{to/from}_user().
>>>>>
>>>>> At present, the only CPU that supports this is POWER9, and only
>>>>> while using
>>>>> the Radix MMU. Privileged reads and writes cannot access user
>>>>> data
>>>>> when
>>>>> key 0 of the AMR is set. This is described in the "Radix Tree
>>>>> Translation
>>>>> Storage Protection" section of the POWER ISA as of version 3.0.
>>>>
>>>> It is not right that only power9 can support that.
>>>
>>> It's true that not only P9 can support it, but there are more
>>> considerations under hash than radix, implementing this for radix
>>> is a
>>> first step.
>>
>> I don't know much about hash, but I was talking about the 8xx which
>> is
>> a nohash ppc32. I'll see next week if I can do something with it on
>> top of your serie.
>
> My small brain saw the number 8 and assumed you were talking about
> POWER8, I didn't know what 8xx was until now.
>
> Working on a refactor to make things a bit more generic, and removing
> the radix name and dependency from the config option.
In signal_32.c and signal_64.c, save_user_regs() calls __put_user() to
modify code, then calls flush_icache_range() on user addresses.
Shouldn't flush_icache_range() be performed with userspace access
protection unlocked ?
Christophe
next prev parent reply other threads:[~2018-11-08 17:54 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-26 6:35 [PATCH 0/5] Guarded Userspace Access Prevention on Radix Russell Currey
2018-10-26 6:35 ` [PATCH 1/5] powerpc/64s: Guarded Userspace Access Prevention Russell Currey
2018-10-26 8:20 ` kbuild test robot
2018-10-28 17:57 ` LEROY Christophe
2018-10-31 4:00 ` Russell Currey
2018-10-31 16:54 ` LEROY Christophe
2018-10-29 13:27 ` kbuild test robot
2018-10-26 6:35 ` [PATCH 2/5] powerpc/futex: GUAP support for futex ops Russell Currey
2018-10-26 16:32 ` LEROY Christophe
2018-10-29 1:08 ` Russell Currey
2018-10-26 6:35 ` [PATCH 3/5] powerpc/lib: checksum GUAP support Russell Currey
2018-10-26 16:33 ` LEROY Christophe
2018-10-26 6:35 ` [PATCH 4/5] powerpc/64s: Disable GUAP with nosmap option Russell Currey
2018-10-26 6:35 ` [PATCH 5/5] powerpc/64s: Document that PPC supports nosmap Russell Currey
2018-10-26 16:35 ` LEROY Christophe
2018-10-29 1:06 ` Russell Currey
2018-10-31 17:06 ` LEROY Christophe
2018-10-26 16:29 ` [PATCH 0/5] Guarded Userspace Access Prevention on Radix LEROY Christophe
2018-10-31 3:53 ` Russell Currey
2018-10-31 16:58 ` LEROY Christophe
2018-11-01 3:54 ` Russell Currey
2018-11-08 17:52 ` Christophe LEROY [this message]
2018-11-08 20:09 ` Benjamin Herrenschmidt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3b8d2b1b-548b-5a07-4358-4e645c06f59e@c-s.fr \
--to=christophe.leroy@c-s.fr \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mikey@neuling.org \
--cc=npiggin@gmail.com \
--cc=ruscur@russell.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).