Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp268002yba; Thu, 18 Apr 2019 00:35:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqwm0r4PDyc6/EUR5GQ6SFXliyW6zafLHYovx9mGGzrcJrPfE0vTzBwFGcnaCLjGXMdyUQ9Y X-Received: by 2002:a62:6a81:: with SMTP id f123mr93956960pfc.40.1555572900805; Thu, 18 Apr 2019 00:35:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555572900; cv=none; d=google.com; s=arc-20160816; b=i8nfrtCrFd+BiNOeF6n5Tnr7wr/Zofm+gGweZR2KQwiOCdPw8JoMBpHufmTwzdP2id 78KYSr+frJUQFNt37zKQPvuh8omAeAqge63V5lO3CiG2y/db/BvKgofBpZ2NAqZowE8t CM51ntuPKRjmPhBvHO4InhYKyVuzikvCb98eHtng/QpBWIa/FHWaVR2SjDvqF0PNGUMr poxNZfNkIWmGgTc43O/tKH0BbYkVRrh+VxVIhFZ0NR+apcBqXsCt+PrX8rKqGHMDNpTd xxR7j30/2htZPOsQHjGz/mXj2JwMbOFTeG2LzFhJsMNOhnJ2kRf5PxdlD7zWwUyAgwWe WGpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from; bh=dFIt8EaXehLVAXp+iJreGa65jxgSdovNDK6sKI2uxxo=; b=OIAk218fAj6LizOEy4V544Z1mZ/OnZ+J6FdMC4r1wXS1egpgz8cVfMr19AKYDLO+wk scw/HQwSchbYQJsNyVRIOA2p6TdIaLJl2kHMzxy2GgZ66NrI6d5XuWW7vmyLp2p0ijvi Q7JEb+1SwIX84Mk+72R6GPWdBUoSaxTww4wCwAazXQGA++E/uYMBRc6/PwFDJo5zKeLE vonmLVn4gOpMC882c/Ne/9c7NEhJjOl/SgfXGNNuvQ0OMMNXQWU/9navtOmpsDNwI3Nh Rm0q4i5ZqsQblKPORj2UPQlebBcHscNFMB5U6YC//QyJfKhLWeDceF3xQKyCnKoCUDam sU5A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z23si1389292plo.40.2019.04.18.00.34.45; Thu, 18 Apr 2019 00:35:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388101AbfDRGzd (ORCPT + 99 others); Thu, 18 Apr 2019 02:55:33 -0400 Received: from ozlabs.org ([203.11.71.1]:45425 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725987AbfDRGzd (ORCPT ); Thu, 18 Apr 2019 02:55:33 -0400 Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 44l8xt6jzLz9s4V; Thu, 18 Apr 2019 16:55:30 +1000 (AEST) From: Michael Ellerman To: Christophe Leroy , Benjamin Herrenschmidt , Paul Mackerras , ruscur@russell.cc Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Subject: Re: [PATCH v2 10/10] powerpc/32s: Implement Kernel Userspace Access Protection In-Reply-To: References: Date: Thu, 18 Apr 2019 16:55:30 +1000 Message-ID: <87ftqfu7j1.fsf@concordia.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Christophe Leroy writes: > diff --git a/arch/powerpc/include/asm/book3s/32/kup.h b/arch/powerpc/include/asm/book3s/32/kup.h > index 5f97c742ca71..b3560b2de435 100644 > --- a/arch/powerpc/include/asm/book3s/32/kup.h > +++ b/arch/powerpc/include/asm/book3s/32/kup.h > @@ -37,6 +37,113 @@ ... > + > +static inline void allow_user_access(void __user *to, const void __user *from, u32 size) > +{ > + u32 addr = (__force u32)to; > + u32 end = min(addr + size, TASK_SIZE); > + > + if (!addr || addr >= TASK_SIZE || !size) > + return; > + > + current->thread.kuap = (addr & 0xf0000000) | ((((end - 1) >> 28) + 1) & 0xf); > + kuap_update_sr(mfsrin(addr) & ~SR_KS, addr, end); /* Clear Ks */ > +} When rebasing on my v6 I changed the above to: static inline void allow_user_access(void __user *to, const void __user *from, u32 size) { u32 addr, end; if (__builtin_constant_p(to) && to == NULL) return; addr = (__force u32)to; if (!addr || addr >= TASK_SIZE || !size) return; end = min(addr + size, TASK_SIZE); current->thread.kuap = (addr & 0xf0000000) | ((((end - 1) >> 28) + 1) & 0xf); kuap_update_sr(mfsrin(addr) & ~SR_KS, addr, end); /* Clear Ks */ } Which I think achieves the same result. It does boot :) > + > +static inline void prevent_user_access(void __user *to, const void __user *from, u32 size) > +{ > + u32 addr = (__force u32)to; > + u32 end = min(addr + size, TASK_SIZE); > + > + if (!addr || addr >= TASK_SIZE || !size) > + return; > + > + current->thread.kuap = 0; > + kuap_update_sr(mfsrin(addr) | SR_KS, addr, end); /* set Ks */ > +} > + > +static inline void allow_read_from_user(const void __user *from, unsigned long size) > +{ > +} And I dropped that. cheers