linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Ram Pai <linuxram@us.ibm.com>
To: Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org,
	benh@kernel.crashing.org, paulus@samba.org,
	khandual@linux.vnet.ibm.com, aneesh.kumar@linux.vnet.ibm.com,
	bsingharora@gmail.com, dave.hansen@intel.com, hbabu@us.ibm.com
Subject: Re: [RFC PATCH 7/7 v1]powerpc: Deliver SEGV signal on protection key violation.
Date: Fri, 16 Jun 2017 12:35:52 -0700	[thread overview]
Message-ID: <20170616193552.GC17588@ram.oc3035372033.ibm.com> (raw)
In-Reply-To: <87zid8uqnu.fsf@concordia.ellerman.id.au>

On Fri, Jun 16, 2017 at 09:18:29PM +1000, Michael Ellerman wrote:
> Ram Pai <linuxram@us.ibm.com> writes:
> > diff --git a/arch/powerpc/include/uapi/asm/ptrace.h b/arch/powerpc/include/uapi/asm/ptrace.h
> > index 8036b38..109d0c2 100644
> > --- a/arch/powerpc/include/uapi/asm/ptrace.h
> > +++ b/arch/powerpc/include/uapi/asm/ptrace.h
> > @@ -49,6 +49,8 @@ struct pt_regs {
> >  	unsigned long dar;		/* Fault registers */
> >  	unsigned long dsisr;		/* on 4xx/Book-E used for ESR */
> >  	unsigned long result;		/* Result of a system call */
> > +	unsigned long dscr;		/* contents of the DSCR register */
> > +	unsigned long amr;		/* contents of AMR register */
> >  };
> 
> You can't change pt_regs, it's ABI.
> 
> > @@ -109,7 +111,8 @@ struct pt_regs {
> >  #define PT_DSISR 42
> >  #define PT_RESULT 43
> >  #define PT_DSCR 44
> > -#define PT_REGS_COUNT 44
> > +#define PT_AMR 45
> > +#define PT_REGS_COUNT 45
> 
> You can add PT_AMR, but it has to be synthetic like DSCR, ie. not
> actually in pt_regs but available via ptrace.

ok.

> 
> But do we want to do that? How does the x86 code export the key(s) of a
> process? Or doesn't it?

The semantics defined on x86 is, 

    signal handler has to have a way of knowing the contents of the
    PKRU; (the x86 equivalent of AMR).  Also the signal handler
    has to have the ability to modify the PKRU before it returns
    from the signal handler. This modified information will be
    used by the kernel to program the CPU's PKRU register.

    if the signal handler does not have the ability to do so, than
    when the signal handler returns and the user code restarts executing
    where it had left, it will continue to access the same protected 
    address and fault again, which will again invoke the signal handler
    and this will continue infinitely.

We have to provide the same semantics on powerpc. The way I intend to
do it is to use one of the unused field in the gp_regs and fill that 
with the contents of the AMR register. PT_AMR, at offset 45 in gp_regs
is not used currently. offset 45, 46, and 47 are available AFIACT.


Dave: Why is it not ok to reprogram the PKRU from the signal handler,
        instead of telling the kernel to do so on its behalf? Or
	have I got my understanding of the semantics wrong?


> 
> cheers

-- 
Ram Pai

  reply	other threads:[~2017-06-16 19:36 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-06  1:05 [RFC PATCH 0/7 v1] powerpc: Memory Protection Keys Ram Pai
2017-06-06  1:05 ` [RFC PATCH 1/7 v1]powerpc: Free up four PTE bits to accommodate memory keys Ram Pai
2017-06-12  6:57   ` Aneesh Kumar K.V
2017-06-12 22:20     ` Ram Pai
2017-06-13  2:02       ` Aneesh Kumar K.V
2017-06-13 21:51         ` Ram Pai
2017-06-13  4:52   ` Aneesh Kumar K.V
2017-06-13 21:52     ` Ram Pai
2017-06-06  1:05 ` [RFC PATCH 2/7 v1]powerpc: Implement sys_pkey_alloc and sys_pkey_free system call Ram Pai
2017-06-06  1:05 ` [RFC PATCH 3/7 v1]powerpc: store and restore the key state across context switches Ram Pai
2017-06-06  1:05 ` [RFC PATCH 4/7 v1]powerpc: Implementation for sys_mprotect_pkey() system call Ram Pai
2017-06-06  1:05 ` [RFC PATCH 5/7 v1]powerpc: Program HPTE key protection bits Ram Pai
2017-06-06  1:05 ` [RFC PATCH 6/7 v1]powerpc: Handle exceptions caused by violation of key protection Ram Pai
2017-06-06  1:05 ` [RFC PATCH 7/7 v1]powerpc: Deliver SEGV signal on protection key violation Ram Pai
2017-06-16  9:20   ` Anshuman Khandual
2017-06-16 10:33     ` Benjamin Herrenschmidt
2017-06-16 19:15       ` Ram Pai
2017-06-16 22:54         ` Benjamin Herrenschmidt
2017-06-22 21:41           ` Ram Pai
2017-06-16 19:10     ` Ram Pai
2017-06-16 11:18   ` Michael Ellerman
2017-06-16 19:35     ` Ram Pai [this message]
2017-06-20  7:07 ` [RFC PATCH 0/7 v1] powerpc: Memory Protection Keys Pavel Machek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170616193552.GC17588@ram.oc3035372033.ibm.com \
    --to=linuxram@us.ibm.com \
    --cc=aneesh.kumar@linux.vnet.ibm.com \
    --cc=benh@kernel.crashing.org \
    --cc=bsingharora@gmail.com \
    --cc=dave.hansen@intel.com \
    --cc=hbabu@us.ibm.com \
    --cc=khandual@linux.vnet.ibm.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linuxppc-dev@lists.ozlabs.org \
    --cc=mpe@ellerman.id.au \
    --cc=paulus@samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).