Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp280435imu;
        Mon, 10 Dec 2018 21:48:23 -0800 (PST)
X-Google-Smtp-Source: AFSGD/VZ0forNnV92OHO/RnlaGYfTyWg7H86NFSNhzAI0B/XDNof0dR2WDwP6ANzKI+iusLpr4wh
X-Received: by 2002:a65:624c:: with SMTP id q12mr13445385pgv.379.1544507303289;
        Mon, 10 Dec 2018 21:48:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544507303; cv=none;
        d=google.com; s=arc-20160816;
        b=clMpQG+X4/NYjpjj7vyANHlcsPKEOxMf9gkW/MEmOss6/HeuOSDr2M52GibIpFcXio
         hiUTPrFNIsB73BdH2xea5OKylyhQ9xsC3HT1snvfld81koUPHgerRhNMYIMGEUdMDfkn
         el9zH68RzjYoC9x+g/weOAkQZJviuxiB2ZWORIkJvW0DbLjI1du500t3yTPQ2hZm1fJK
         b9fXJ2tjjrkfhIBsdGrv1g4nFkdDRxWtOLZu+Z186ejo/tTEVnwmS2vwoTb87sRKNvhe
         Ertj3tyRHK6Uu3zsvImsYKkq965MT5SooMNR9SE848LG77o5NxPfmiIUKJkHpvIyO561
         m+Aw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:date:cc:to:from:subject
         :message-id:dkim-signature;
        bh=pMxm48d9UHOSlbEZYv6rkEmhC3bI8rIFomvnflUbkl4=;
        b=ae+DDXWB67LZHtmL4JpGrg78Zbr9hiMJCxOMAyXe98mG3MVyGxuBsV7BN4WfL2COE4
         NbhX/2L9cf0Y8g+ma5DmvRoQ7T8jYCRsnzNJNpZVbl2jFUrzOPUxYWLXpsWu2BLJBE0t
         LfvlukTlz31F6tI2uo+fQ5C2sZ73m+ajjCag3itGz7cocuUV7kZ5QtCyRWg2OB4R+JCV
         U3ed5J07PHjBtD2u789CJ1FpgTAhKcFRzvAN/eMmg+uSk30FV1bjMtL2/rZ2mOw/PF8Z
         4+1lxjPNB7Tu2riINfVpFzBeEoC1fKiqq+y614QfzdzrVd4PQ9oCOqHY+8N88dYAmoV+
         VQRw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=aP+PP6Ej;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o9si12091815pfe.63.2018.12.10.21.48.08;
        Mon, 10 Dec 2018 21:48:23 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=aP+PP6Ej;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728939AbeLKFYV (ORCPT <rfc822;wxiaokuan@gmail.com> + 99 others);
        Tue, 11 Dec 2018 00:24:21 -0500
Received: from out1-smtp.messagingengine.com ([66.111.4.25]:60577 "EHLO
        out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1727991AbeLKFYV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 11 Dec 2018 00:24:21 -0500
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
        by mailout.nyi.internal (Postfix) with ESMTP id 9260C21AFB;
        Tue, 11 Dec 2018 00:24:19 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
  by compute6.internal (MEProxy); Tue, 11 Dec 2018 00:24:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
        messagingengine.com; h=cc:content-transfer-encoding:content-type
        :date:from:in-reply-to:message-id:mime-version:references
        :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
        :x-sasl-enc; s=fm1; bh=pMxm48d9UHOSlbEZYv6rkEmhC3bI8rIFomvnflUbk
        l4=; b=aP+PP6EjbmmeRsntvCr4m0DaMmsrtX39zSUPFEYkQOFJMkx4jlZhpuluy
        RCeXPNE7Kl8ldG+uLXBFGJAUga9dYMh8owI+3+MY6+B9cWhGNCLfL3d6TSw/Gih4
        o34I8XwZn00w2c570fjn0kh2qE9g1ZNFUgE7TpXxu27NGz6zHSO1SPCuTRXIsmyc
        u67fTYYFII/mAu5TUSt7EQiM0M4nZnYMO9ZItaQln6yXiTEQliFPbtNurH8w8I2z
        2aZv0B86mQqSxl8cJVDukwuGr8nd1TwiVl1OtWXYptnDd6ibTI+HnMrWRkCPX885
        N5EFsCn/wPT01G4+ADEPtWsw6WZSQ==
X-ME-Sender: <xms:AkoPXA4F4FZiiJhe-uoi_1NY5m1DYR3gmVx10-jf0YoGVMFy7XDFIQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtkedrudegiedgkeefucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef
    tddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlhcuvffnffculdeftd
    dmnecujfgurhepkffuhffvffgjfhgtfggggfesthejredttderjeenucfhrhhomheptfhu
    shhsvghllhcuvehurhhrvgihuceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecukf
    hppeduvddvrdelledrkedvrddutdenucfrrghrrghmpehmrghilhhfrhhomheprhhushgt
    uhhrsehruhhsshgvlhhlrdgttgenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:AkoPXJZ3Mv8z812JtnvmQeWn5HXoFmy-V1iCFE-u4BN4iC9h8i3NwQ>
    <xmx:AkoPXA1l12Mx2W95ZuXxnVkP72MHAzUcjtPEIznohOLLYPTEQbCwlw>
    <xmx:AkoPXMqwgj7HRx9UDyQYgVthHE_WOYDZE7aaVWcv37dmfYcK9YzhNQ>
    <xmx:AkoPXPOofqbL7kbUOUdxqbBSFAbRKR7-HopiOwU17XjmNPDAiiCiQw>
    <xmx:AkoPXFp6Yp1ZJCLZ3Ne2uT_jDJmXxCuIKgl72INGWDvta298m6xptQ>
    <xmx:A0oPXLuF1ZHQk87iRwqWSFnWhSro6hkdKfWohWbZxzlbumj25IQeVA>
Received: from crackle.ozlabs.ibm.com (unknown [122.99.82.10])
        by mail.messagingengine.com (Postfix) with ESMTPA id A017EE450E;
        Tue, 11 Dec 2018 00:24:15 -0500 (EST)
Message-ID: <a6dbd5284d8700d591614481fda242a25ca5a3b5.camel@russell.cc>
Subject: Re: [RFC PATCH v2 11/11] powerpc/book3s32: Implement Kernel
 Userspace Access Protection
From:   Russell Currey <ruscur@russell.cc>
To:     Christophe Leroy <christophe.leroy@c-s.fr>,
        Benjamin Herrenschmidt <benh@kernel.crashing.org>,
        Paul Mackerras <paulus@samba.org>,
        Michael Ellerman <mpe@ellerman.id.au>
Cc:     linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Date:   Tue, 11 Dec 2018 16:25:07 +1100
In-Reply-To: <98e37def51328f58d8c2ceb60edd4b3da7b6f2ef.1543356926.git.christophe.leroy@c-s.fr>
References: <76d777b36e54e7b8d4c196405decc712fc5eaf45.1543356926.git.christophe.leroy@c-s.fr>
         <98e37def51328f58d8c2ceb60edd4b3da7b6f2ef.1543356926.git.christophe.leroy@c-s.fr>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.30.2 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2018-11-28 at 09:27 +0000, Christophe Leroy wrote:
> This patch implements Kernel Userspace Access Protection for
> book3s/32.
> 
> Due to limitations of the processor page protection capabilities,
> the protection is only against writing. read protection cannot be
> achieved using page protection.
> 
> In order to provide the protection, Ku and Ks keys are modified in
> Userspace Segment registers, and different PP bits are used to:
> 
> PP01 provides RW for Key 0 and RO for Key 1
> PP10 provides RW for all
> PP11 provides RO for all
> 
> Today PP10 is used for RW pages and PP11 for RO pages. This patch
> modifies page protection to PP01 for RW pages.
> 
> Then segment registers are set to Ku 0 and Ks 1. When kernel needs
> to write to RW pages, the associated segment register is changed to
> Ks 0 in order to allow write access to the kernel.
> 
> In order to avoid having the read all segment registers when
> locking/unlocking the access, some data is kept in the thread_struct
> and saved on stack on exceptions. The field identifies both the
> first unlocked segment and the first segment following the last
> unlocked one. When no segment is unlocked, it contains value 0.
> 
> Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>

Hey Christophe, I tried to test this and got a machine check after the
kernel starts init.

Vector: 700 (Program Check) at [ef0b5e70]
    pc: 00000ca4
    lr: b7e1a030
    sp: ef0b5f30
   msr: 81002
  current = 0xef0b8000
    pid   = 1, comm = init

Testing with mac99 model in qemu.

- Russell