Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp280435imu; Mon, 10 Dec 2018 21:48:23 -0800 (PST) X-Google-Smtp-Source: AFSGD/VZ0forNnV92OHO/RnlaGYfTyWg7H86NFSNhzAI0B/XDNof0dR2WDwP6ANzKI+iusLpr4wh X-Received: by 2002:a65:624c:: with SMTP id q12mr13445385pgv.379.1544507303289; Mon, 10 Dec 2018 21:48:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544507303; cv=none; d=google.com; s=arc-20160816; b=clMpQG+X4/NYjpjj7vyANHlcsPKEOxMf9gkW/MEmOss6/HeuOSDr2M52GibIpFcXio hiUTPrFNIsB73BdH2xea5OKylyhQ9xsC3HT1snvfld81koUPHgerRhNMYIMGEUdMDfkn el9zH68RzjYoC9x+g/weOAkQZJviuxiB2ZWORIkJvW0DbLjI1du500t3yTPQ2hZm1fJK b9fXJ2tjjrkfhIBsdGrv1g4nFkdDRxWtOLZu+Z186ejo/tTEVnwmS2vwoTb87sRKNvhe Ertj3tyRHK6Uu3zsvImsYKkq965MT5SooMNR9SE848LG77o5NxPfmiIUKJkHpvIyO561 m+Aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature; bh=pMxm48d9UHOSlbEZYv6rkEmhC3bI8rIFomvnflUbkl4=; b=ae+DDXWB67LZHtmL4JpGrg78Zbr9hiMJCxOMAyXe98mG3MVyGxuBsV7BN4WfL2COE4 NbhX/2L9cf0Y8g+ma5DmvRoQ7T8jYCRsnzNJNpZVbl2jFUrzOPUxYWLXpsWu2BLJBE0t LfvlukTlz31F6tI2uo+fQ5C2sZ73m+ajjCag3itGz7cocuUV7kZ5QtCyRWg2OB4R+JCV U3ed5J07PHjBtD2u789CJ1FpgTAhKcFRzvAN/eMmg+uSk30FV1bjMtL2/rZ2mOw/PF8Z 4+1lxjPNB7Tu2riINfVpFzBeEoC1fKiqq+y614QfzdzrVd4PQ9oCOqHY+8N88dYAmoV+ VQRw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=aP+PP6Ej; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o9si12091815pfe.63.2018.12.10.21.48.08; Mon, 10 Dec 2018 21:48:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=aP+PP6Ej; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728939AbeLKFYV (ORCPT + 99 others); Tue, 11 Dec 2018 00:24:21 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:60577 "EHLO out1-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727991AbeLKFYV (ORCPT ); Tue, 11 Dec 2018 00:24:21 -0500 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 9260C21AFB; Tue, 11 Dec 2018 00:24:19 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Tue, 11 Dec 2018 00:24:19 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=pMxm48d9UHOSlbEZYv6rkEmhC3bI8rIFomvnflUbk l4=; b=aP+PP6EjbmmeRsntvCr4m0DaMmsrtX39zSUPFEYkQOFJMkx4jlZhpuluy RCeXPNE7Kl8ldG+uLXBFGJAUga9dYMh8owI+3+MY6+B9cWhGNCLfL3d6TSw/Gih4 o34I8XwZn00w2c570fjn0kh2qE9g1ZNFUgE7TpXxu27NGz6zHSO1SPCuTRXIsmyc u67fTYYFII/mAu5TUSt7EQiM0M4nZnYMO9ZItaQln6yXiTEQliFPbtNurH8w8I2z 2aZv0B86mQqSxl8cJVDukwuGr8nd1TwiVl1OtWXYptnDd6ibTI+HnMrWRkCPX885 N5EFsCn/wPT01G4+ADEPtWsw6WZSQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtkedrudegiedgkeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef tddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlhcuvffnffculdeftd dmnecujfgurhepkffuhffvffgjfhgtfggggfesthejredttderjeenucfhrhhomheptfhu shhsvghllhcuvehurhhrvgihuceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecukf hppeduvddvrdelledrkedvrddutdenucfrrghrrghmpehmrghilhhfrhhomheprhhushgt uhhrsehruhhsshgvlhhlrdgttgenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: Received: from crackle.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id A017EE450E; Tue, 11 Dec 2018 00:24:15 -0500 (EST) Message-ID: Subject: Re: [RFC PATCH v2 11/11] powerpc/book3s32: Implement Kernel Userspace Access Protection From: Russell Currey To: Christophe Leroy , Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Date: Tue, 11 Dec 2018 16:25:07 +1100 In-Reply-To: <98e37def51328f58d8c2ceb60edd4b3da7b6f2ef.1543356926.git.christophe.leroy@c-s.fr> References: <76d777b36e54e7b8d4c196405decc712fc5eaf45.1543356926.git.christophe.leroy@c-s.fr> <98e37def51328f58d8c2ceb60edd4b3da7b6f2ef.1543356926.git.christophe.leroy@c-s.fr> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.30.2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 2018-11-28 at 09:27 +0000, Christophe Leroy wrote: > This patch implements Kernel Userspace Access Protection for > book3s/32. > > Due to limitations of the processor page protection capabilities, > the protection is only against writing. read protection cannot be > achieved using page protection. > > In order to provide the protection, Ku and Ks keys are modified in > Userspace Segment registers, and different PP bits are used to: > > PP01 provides RW for Key 0 and RO for Key 1 > PP10 provides RW for all > PP11 provides RO for all > > Today PP10 is used for RW pages and PP11 for RO pages. This patch > modifies page protection to PP01 for RW pages. > > Then segment registers are set to Ku 0 and Ks 1. When kernel needs > to write to RW pages, the associated segment register is changed to > Ks 0 in order to allow write access to the kernel. > > In order to avoid having the read all segment registers when > locking/unlocking the access, some data is kept in the thread_struct > and saved on stack on exceptions. The field identifies both the > first unlocked segment and the first segment following the last > unlocked one. When no segment is unlocked, it contains value 0. > > Signed-off-by: Christophe Leroy Hey Christophe, I tried to test this and got a machine check after the kernel starts init. Vector: 700 (Program Check) at [ef0b5e70] pc: 00000ca4 lr: b7e1a030 sp: ef0b5f30 msr: 81002 current = 0xef0b8000 pid = 1, comm = init Testing with mac99 model in qemu. - Russell