Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751770AbbLHSMI (ORCPT ); Tue, 8 Dec 2015 13:12:08 -0500 Received: from www.linutronix.de ([62.245.132.108]:51509 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750986AbbLHSMH (ORCPT ); Tue, 8 Dec 2015 13:12:07 -0500 Date: Tue, 8 Dec 2015 19:11:18 +0100 (CET) From: Thomas Gleixner To: Dave Hansen cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org, dave.hansen@linux.intel.com Subject: Re: [PATCH 17/34] x86, pkeys: check VMAs and PTEs for protection keys In-Reply-To: <20151204011448.23DC574D@viggo.jf.intel.com> Message-ID: References: <20151204011424.8A36E365@viggo.jf.intel.com> <20151204011448.23DC574D@viggo.jf.intel.com> User-Agent: Alpine 2.11 (DEB 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001,URIBL_BLOCKED=0.001 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1633 Lines: 44 On Thu, 3 Dec 2015, Dave Hansen wrote: > Today, for normal faults and page table walks, we check the VMA > and/or PTE to ensure that it is compatible with the action. For > instance, if we get a write fault on a non-writeable VMA, we > SIGSEGV. > > We try to do the same thing for protection keys. Basically, we > try to make sure that if a user does this: > > mprotect(ptr, size, PROT_NONE); > *ptr = foo; > > they see the same effects with protection keys when they do this: > > mprotect(ptr, size, PROT_READ|PROT_WRITE); > set_pkey(ptr, size, 4); > wrpkru(0xffffff3f); // access disable pkey 4 > *ptr = foo; > > The state to do that checking is in the VMA, but we also > sometimes have to do it on the page tables only, like when doing > a get_user_pages_fast() where we have no VMA. > > We add two functions and expose them to generic code: > > arch_pte_access_permitted(pte_flags, write) > arch_vma_access_permitted(vma, write) > > These are, of course, backed up in x86 arch code with checks > against the PTE or VMA's protection key. > > But, there are also cases where we do not want to respect > protection keys. When we ptrace(), for instance, we do not want > to apply the tracer's PKRU permissions to the PTEs from the > process being traced. > > Signed-off-by: Dave Hansen Reviewed-by: Thomas Gleixner -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/