From: Ali Raza <aliraza@bu.edu>
To: Andy Lutomirski <luto@kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Cc: Jonathan Corbet <corbet@lwn.net>,
masahiroy@kernel.org, michal.lkml@markovi.net,
Nick Desaulniers <ndesaulniers@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>,
"Peter Zijlstra (Intel)" <peterz@infradead.org>,
Al Viro <viro@zeniv.linux.org.uk>, Arnd Bergmann <arnd@arndb.de>,
juri.lelli@redhat.com, vincent.guittot@linaro.org,
dietmar.eggemann@arm.com, Steven Rostedt <rostedt@goodmis.org>,
Ben Segall <bsegall@google.com>,
mgorman@suse.de, bristot@redhat.com, vschneid@redhat.com,
Paolo Bonzini <pbonzini@redhat.com>,
jpoimboe@kernel.org, linux-doc@vger.kernel.org,
linux-kbuild@vger.kernel.org, linux-mm@kvack.org,
linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org,
the arch/x86 maintainers <x86@kernel.org>,
rjones@redhat.com, munsoner@bu.edu, tommyu@bu.edu,
drepper@redhat.com, lwoodman@redhat.com, mboydmcse@gmail.com,
okrieg@bu.edu, rmancuso@bu.edu
Subject: Re: [RFC UKL 05/10] x86/uaccess: Make access_ok UKL aware
Date: Thu, 6 Oct 2022 17:16:36 -0400 [thread overview]
Message-ID: <0a7fdb8b-9b7c-86bd-b409-736b664b19a7@bu.edu> (raw)
In-Reply-To: <d32399c1-88ae-4b7d-925e-b82b2a983e30@app.fastmail.com>
On 10/4/22 13:36, Andy Lutomirski wrote:
>
>
> On Mon, Oct 3, 2022, at 3:21 PM, Ali Raza wrote:
>> When configured for UKL, access_ok needs to account for the unified address
>> space that is used by the kernel and the process being run. To do this,
>> they need to check the task struct field added earlier to determine where
>> the execution that is making the check is running. For a zero value, the
>> normal boundary definitions apply, but non-zero value indicates a UKL
>> thread and a shared address space should be assumed.
>
> I think this is just wrong. Why should a UKL process be able to read() to kernel (high-half) memory?
>
> set_fs() is gone. Please keep it gone.
UKL needs access to kernel memory because the UKL application is linked
with the kernel, so its data lives along with kernel data in the kernel
half of memory. So any thing which involves a check to see if user
pointer indeed lives in user part of memory would fail. For example,
anything which invokes copy_to_user or copy_from_user would involve a
call to access_ok. This would fail because the UKL user pointer will
have a kernel address.
>
>>
>> Cc: Jonathan Corbet <corbet@lwn.net>
>> Cc: Masahiro Yamada <masahiroy@kernel.org>
>> Cc: Michal Marek <michal.lkml@markovi.net>
>> Cc: Nick Desaulniers <ndesaulniers@google.com>
>> Cc: Thomas Gleixner <tglx@linutronix.de>
>> Cc: Ingo Molnar <mingo@redhat.com>
>> Cc: Borislav Petkov <bp@alien8.de>
>> Cc: Dave Hansen <dave.hansen@linux.intel.com>
>> Cc: "H. Peter Anvin" <hpa@zytor.com>
>> Cc: Andy Lutomirski <luto@kernel.org>
>> Cc: Eric Biederman <ebiederm@xmission.com>
>> Cc: Kees Cook <keescook@chromium.org>
>> Cc: Peter Zijlstra <peterz@infradead.org>
>> Cc: Alexander Viro <viro@zeniv.linux.org.uk>
>> Cc: Arnd Bergmann <arnd@arndb.de>
>> Cc: Juri Lelli <juri.lelli@redhat.com>
>> Cc: Vincent Guittot <vincent.guittot@linaro.org>
>> Cc: Dietmar Eggemann <dietmar.eggemann@arm.com>
>> Cc: Steven Rostedt <rostedt@goodmis.org>
>> Cc: Ben Segall <bsegall@google.com>
>> Cc: Mel Gorman <mgorman@suse.de>
>> Cc: Daniel Bristot de Oliveira <bristot@redhat.com>
>> Cc: Valentin Schneider <vschneid@redhat.com>
>> Cc: Paolo Bonzini <pbonzini@redhat.com>
>> Cc: Josh Poimboeuf <jpoimboe@kernel.org>
>>
>> Signed-off-by: Ali Raza <aliraza@bu.edu>
>> ---
>> arch/x86/include/asm/uaccess.h | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>> diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
>> index 913e593a3b45..adef521b2e59 100644
>> --- a/arch/x86/include/asm/uaccess.h
>> +++ b/arch/x86/include/asm/uaccess.h
>> @@ -37,11 +37,19 @@ static inline bool pagefault_disabled(void);
>> * Return: true (nonzero) if the memory block may be valid, false (zero)
>> * if it is definitely invalid.
>> */
>> +#ifdef CONFIG_UNIKERNEL_LINUX
>> +#define access_ok(addr, size) \
>> +({ \
>> + WARN_ON_IN_IRQ(); \
>> + (is_ukl_thread() ? 1 : likely(__access_ok(addr, size))); \
>> +})
>> +#else
>> #define access_ok(addr, size) \
>> ({ \
>> WARN_ON_IN_IRQ(); \
>> likely(__access_ok(addr, size)); \
>> })
>> +#endif
>>
>> #include <asm-generic/access_ok.h>
>>
>> --
>> 2.21.3
next prev parent reply other threads:[~2022-10-06 21:16 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-03 22:21 [RFC UKL 00/10] Unikernel Linux (UKL) Ali Raza
2022-10-03 22:21 ` [RFC UKL 01/10] kbuild: Add sections and symbols to linker script for UKL support Ali Raza
2022-10-03 22:21 ` [RFC UKL 02/10] x86/boot: Load the PT_TLS segment for Unikernel configs Ali Raza
2022-10-04 17:30 ` Andy Lutomirski
2022-10-06 21:00 ` Ali Raza
2022-10-03 22:21 ` [RFC UKL 03/10] sched: Add task_struct tracking of kernel or application execution Ali Raza
2022-10-03 22:21 ` [RFC UKL 04/10] x86/entry: Create alternate entry path for system calls Ali Raza
2022-10-04 17:43 ` Andy Lutomirski
2022-10-06 21:12 ` Ali Raza
2022-10-03 22:21 ` [RFC UKL 05/10] x86/uaccess: Make access_ok UKL aware Ali Raza
2022-10-04 17:36 ` Andy Lutomirski
2022-10-06 21:16 ` Ali Raza [this message]
2022-10-03 22:21 ` [RFC UKL 06/10] x86/fault: Skip checking kernel mode access to user address space for UKL Ali Raza
2022-10-03 22:21 ` [RFC UKL 07/10] x86/signal: Adjust signal handler register values and return frame Ali Raza
2022-10-04 17:34 ` Andy Lutomirski
2022-10-06 21:20 ` Ali Raza
2022-10-03 22:21 ` [RFC UKL 08/10] exec: Make exec path for starting UKL application Ali Raza
2022-10-03 22:21 ` [RFC UKL 09/10] exec: Give userspace a method for starting UKL process Ali Raza
2022-10-04 17:35 ` Andy Lutomirski
2022-10-06 21:25 ` Ali Raza
2022-10-03 22:21 ` [RFC UKL 10/10] Kconfig: Add config option for enabling and sample for testing UKL Ali Raza
2022-10-04 2:11 ` Bagas Sanjaya
2022-10-06 21:28 ` Ali Raza
2022-10-07 10:21 ` Masahiro Yamada
2022-10-13 17:08 ` Ali Raza
2022-10-06 21:27 ` [RFC UKL 00/10] Unikernel Linux (UKL) H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0a7fdb8b-9b7c-86bd-b409-736b664b19a7@bu.edu \
--to=aliraza@bu.edu \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=bristot@redhat.com \
--cc=bsegall@google.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=dietmar.eggemann@arm.com \
--cc=drepper@redhat.com \
--cc=ebiederm@xmission.com \
--cc=hpa@zytor.com \
--cc=jpoimboe@kernel.org \
--cc=juri.lelli@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=lwoodman@redhat.com \
--cc=masahiroy@kernel.org \
--cc=mboydmcse@gmail.com \
--cc=mgorman@suse.de \
--cc=michal.lkml@markovi.net \
--cc=mingo@redhat.com \
--cc=munsoner@bu.edu \
--cc=ndesaulniers@google.com \
--cc=okrieg@bu.edu \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=rjones@redhat.com \
--cc=rmancuso@bu.edu \
--cc=rostedt@goodmis.org \
--cc=tglx@linutronix.de \
--cc=tommyu@bu.edu \
--cc=vincent.guittot@linaro.org \
--cc=viro@zeniv.linux.org.uk \
--cc=vschneid@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).