From: Christophe Leroy <christophe.leroy@c-s.fr>
To: Michael Ellerman <mpe@ellerman.id.au>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
ruscur@russell.cc
Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v2 10/10] powerpc/32s: Implement Kernel Userspace Access Protection
Date: Tue, 23 Apr 2019 11:26:39 +0200 [thread overview]
Message-ID: <e297ba05-e82d-d269-20d2-5bd3914b1d14@c-s.fr> (raw)
In-Reply-To: <87ftqfu7j1.fsf@concordia.ellerman.id.au>
Le 18/04/2019 à 08:55, Michael Ellerman a écrit :
> Christophe Leroy <christophe.leroy@c-s.fr> writes:
>> diff --git a/arch/powerpc/include/asm/book3s/32/kup.h b/arch/powerpc/include/asm/book3s/32/kup.h
>> index 5f97c742ca71..b3560b2de435 100644
>> --- a/arch/powerpc/include/asm/book3s/32/kup.h
>> +++ b/arch/powerpc/include/asm/book3s/32/kup.h
>> @@ -37,6 +37,113 @@
> ...
>> +
>> +static inline void allow_user_access(void __user *to, const void __user *from, u32 size)
>> +{
>> + u32 addr = (__force u32)to;
>> + u32 end = min(addr + size, TASK_SIZE);
>> +
>> + if (!addr || addr >= TASK_SIZE || !size)
>> + return;
>> +
>> + current->thread.kuap = (addr & 0xf0000000) | ((((end - 1) >> 28) + 1) & 0xf);
>> + kuap_update_sr(mfsrin(addr) & ~SR_KS, addr, end); /* Clear Ks */
>> +}
>
> When rebasing on my v6 I changed the above to:
>
> static inline void allow_user_access(void __user *to, const void __user *from, u32 size)
> {
> u32 addr, end;
>
> if (__builtin_constant_p(to) && to == NULL)
> return;
Good point, it avoids keeping the test compiled in when the 'to' is not
NULL.
>
> addr = (__force u32)to;
>
> if (!addr || addr >= TASK_SIZE || !size)
> return;
Then the !addr test isn't needed anymore I think.
Christophe
>
> end = min(addr + size, TASK_SIZE);
> current->thread.kuap = (addr & 0xf0000000) | ((((end - 1) >> 28) + 1) & 0xf);
> kuap_update_sr(mfsrin(addr) & ~SR_KS, addr, end); /* Clear Ks */
> }
>
> Which I think achieves the same result. It does boot :)
>
>> +
>> +static inline void prevent_user_access(void __user *to, const void __user *from, u32 size)
>> +{
>> + u32 addr = (__force u32)to;
>> + u32 end = min(addr + size, TASK_SIZE);
>> +
>> + if (!addr || addr >= TASK_SIZE || !size)
>> + return;
>> +
>> + current->thread.kuap = 0;
>> + kuap_update_sr(mfsrin(addr) | SR_KS, addr, end); /* set Ks */
>> +}
>> +
>> +static inline void allow_read_from_user(const void __user *from, unsigned long size)
>> +{
>> +}
>
> And I dropped that.
>
> cheers
>
next prev parent reply other threads:[~2019-04-23 9:26 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-11 8:30 [PATCH v2 00/10] Kernel Userspace protection for PPC32 Christophe Leroy
2019-03-11 8:30 ` [PATCH v2 01/10] powerpc/6xx: fix setup and use of SPRN_SPRG_PGDIR for hash32 Christophe Leroy
2019-03-20 13:04 ` [v2, " Michael Ellerman
2019-03-11 8:30 ` [PATCH v2 02/10] powerpc/mm: Detect bad KUAP faults (Squash of v5 series) Christophe Leroy
2019-03-11 8:30 ` [PATCH v2 03/10] powerpc/32: Remove MSR_PR test when returning from syscall Christophe Leroy
2019-04-21 14:18 ` [v2, " Michael Ellerman
2019-03-11 8:30 ` [PATCH v2 04/10] powerpc/32: Prepare for Kernel Userspace Access Protection Christophe Leroy
2019-03-11 8:30 ` [PATCH v2 05/10] powerpc/8xx: Only define APG0 and APG1 Christophe Leroy
2019-03-11 8:30 ` [PATCH v2 06/10] powerpc/8xx: Add Kernel Userspace Execution Prevention Christophe Leroy
2019-03-11 8:30 ` [PATCH v2 07/10] powerpc/8xx: Add Kernel Userspace Access Protection Christophe Leroy
2019-04-18 6:53 ` Michael Ellerman
2019-03-11 8:30 ` [PATCH v2 08/10] powerpc/32s: Implement Kernel Userspace Execution Prevention Christophe Leroy
2019-03-11 8:30 ` [PATCH v2 09/10] powerpc/32s: Prepare Kernel Userspace Access Protection Christophe Leroy
2019-03-11 8:30 ` [PATCH v2 10/10] powerpc/32s: Implement " Christophe Leroy
2019-04-18 6:55 ` Michael Ellerman
2019-04-23 9:26 ` Christophe Leroy [this message]
2020-01-21 17:22 ` GCC bug ? " Christophe Leroy
2020-01-21 19:55 ` Segher Boessenkool
2020-01-22 6:52 ` Christophe Leroy
2020-01-22 13:36 ` Segher Boessenkool
2020-01-22 14:45 ` Christophe Leroy
2020-01-22 6:57 ` Christophe Leroy
2020-01-22 13:18 ` Segher Boessenkool
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e297ba05-e82d-d269-20d2-5bd3914b1d14@c-s.fr \
--to=christophe.leroy@c-s.fr \
--cc=benh@kernel.crashing.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
--cc=ruscur@russell.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).