Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1984301ybt; Thu, 2 Jul 2020 20:16:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxqKiZIlWU7LGGsaIrX4WKUEuCgLUw4LzhFxP/VYQ6T5f3O7n9S5ZSC4HHsEZ9wnXP2BuLD X-Received: by 2002:a05:6402:16db:: with SMTP id r27mr38957190edx.139.1593746212855; Thu, 02 Jul 2020 20:16:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1593746212; cv=none; d=google.com; s=arc-20160816; b=thF7704ZX56JuZczrz2Qp91HbnHi/icDusy5w30PqyRDlWW1sR0/XgBefQL7uEeMav oGl3qZ3sJxaOPQnejxz3ZzcMVsD+W0J+EAcqIjMsE2nOwRbDCcL+Iet6o+6ulFwItkwn MrwKKdE0sh8s0YxQyxagokzoVLEWOSoat6JAd2eAYUwaDBf+c23/aJrvmXEP8O9LPgpE O73fNlqMeSQOvFGqrpZ2OKhhiaTKj6HyfMS0P6QtjX+NRVviQvxvMQg5OmvZClQeLpIa Ha+w65SqBPj8W+PInrljK+Y1svFf0jscrUJCd9qiPFFaXis4BEt2F+u4USGJHXaNYeiM BmTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:references:in-reply-to:subject:cc:to:from :dkim-signature; bh=QTF711f6AGvakrPaQY9kPwAsi9FG3pT8cAmisY1YE7M=; b=k2ryEfn7z6ayGl6NZN4PEm/NRmp3nkq6FHgt22tqBAfAmdgN85n5qgadgyQStbZly/ mkIG+IuMu2emR1HNQZQOEV8CrRZViI0GYuWns7fcepeCs3T3U8wbf2URtG07kEMgG9CV 82FPanuwTNfOO0e48QFM4HOmqgpgbgLi/aGi35kAor2m0nSCMGKaVqi/xJDagRd7N9VA 3MhyUOxAxGPO18ofwHHlislKnYNFozsVsB9YzExAk0wP2cSn6WVxXKq1jEZt8D2IIcHz KtA6HtDRybXg4sPlWbQhRJQ4Qpjqm1M3JidNFKveQlNW8GhyvsCWnA6oB5CgYn9O8sFp LXGw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ellerman.id.au header.s=201909 header.b="Mc/oOTj2"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m23si6854584edq.346.2020.07.02.20.16.29; Thu, 02 Jul 2020 20:16:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ellerman.id.au header.s=201909 header.b="Mc/oOTj2"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726108AbgGCDPO (ORCPT + 99 others); Thu, 2 Jul 2020 23:15:14 -0400 Received: from bilbo.ozlabs.org ([203.11.71.1]:54533 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726098AbgGCDPN (ORCPT ); Thu, 2 Jul 2020 23:15:13 -0400 Received: from authenticated.ozlabs.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.ozlabs.org (Postfix) with ESMTPSA id 49yg7c4MDFz9sRW; Fri, 3 Jul 2020 13:15:08 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ellerman.id.au; s=201909; t=1593746111; bh=xrhV7mFpYqjEET0styJIDaaRlrdHNT2J0CceIfNA+BI=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From; b=Mc/oOTj21DfwWI4SUfqYityNavn8+SAohINjgOhnU7JaC1sYq3EQdyZ30ZI8foyJZ haSQq0lLsZn8WebzDMiw9pFOv7YcPX6J1NSWkQcUALVfKS54vD3tl+KemFCQxiYtPO 8dWOw02lWGbbWml9aV2aswU28DLUbg9Xrzi1HAoErF0+yGaN3ykF7d+1JsdEWSxVtd BpL3RQG9AtZxOEVFoO4x8eGEGdnJmKJNqoFmgJcwQGKek2mXYwWk7/LPK8FbTg5YwR vAY0tLuG5veJyQ1E3LXzFybgdfwmWDA11O7VSFG6eu6e1Xn261TvoBUUkOqo1xyHzo INWzQ8orwk33A== From: Michael Ellerman To: Christophe Leroy , Linus Torvalds , Al Viro , Christophe Leroy Cc: Josh Poimboeuf , Peter Zijlstra , the arch/x86 maintainers , Linux Kernel Mailing List Subject: Re: objtool clac/stac handling change.. In-Reply-To: <8be7cf19-9fc9-ce9c-091f-c8824a01a3c8@csgroup.eu> References: <20200701184131.GI2786714@ZenIV.linux.org.uk> <20200701195914.GK2786714@ZenIV.linux.org.uk> <87lfk26nx4.fsf@mpe.ellerman.id.au> <8be7cf19-9fc9-ce9c-091f-c8824a01a3c8@csgroup.eu> Date: Fri, 03 Jul 2020 13:17:22 +1000 Message-ID: <87h7up70e5.fsf@mpe.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Christophe Leroy writes: > Le 02/07/2020 =C3=A0 15:34, Michael Ellerman a =C3=A9crit=C2=A0: >> Linus Torvalds writes: >>> On Wed, Jul 1, 2020 at 12:59 PM Al Viro wrote: >>>> On Wed, Jul 01, 2020 at 12:04:36PM -0700, Linus Torvalds wrote: >>>>> >>>>> That's actually for the access granting. Shutting the access down ends >>>>> up always doing the same thing anyway.. >>>> >>>> #define user_read_access_end prevent_current_read_from_user >>>> #define user_write_access_end prevent_current_write_to_user >>>> static inline void prevent_current_read_from_user(void) >>>> { >>>> prevent_user_access(NULL, NULL, ~0UL, KUAP_CURRENT_READ); >>>> } >>>> >>>> static inline void prevent_current_write_to_user(void) >>>> { >>>> prevent_user_access(NULL, NULL, ~0UL, KUAP_CURRENT_WRITE); >>>> } >>>> >>>> and prevent_user_access() has instances that do care about the directi= on... >>> >>> Go and look closer. >>> >>> There are three cases: >>> >>> (a) the 32-bit book3s case. It looks like it cares, but when you look >>> closer, it ends up not caring about the read side, and saving the >>> "which address to I allow user writes to" in current->thread.kuap >>> >>> (b) the nohash 32-bit case - doesn't care >>> >>> (c) the 64-bit books case - doesn't care >>> >>> So yes, in the (a) case it does make a difference between reads and >>> writes, but at least as far as I can tell, it ignores the read case, >>> and has code to avoid the unnecessary "disable user writes" case when >>> there was only a read enable done. >>=20 >> Yeah that's my understanding too. >>=20 >> Christophe is the expert on that code so I'll defer to him if I'm wrong. >>=20 >>> Now, it's possible that I'm wrong, but the upshot of that is that even >>> on powerpc, I think that if we just made the rule be that "taking a >>> user exception should automatically do the 'user_access_end()' for us" >>> is trivial. >>=20 >> I think we can do something to make it work. >>=20 >> We don't have an equivalent of x86's ex_handler_uaccess(), so it's not >> quite as easy as whacking a user_access_end() in there. > > Isn't it something easy to do in bad_page_fault() ? We'd need to do it there at least. But I'm not convinced that's the only place we'd need to do it. We could theoretically take a machine check on a user access, and those are handled differently on each sub-(sub-sub)-platform, and I think all or most of them don't call bad_page_fault(). > Not exactly a call to user_access_end() but altering regs->kuap so that=20 > user access is not restored on exception exit. Yes. >> Probably the simplest option for us is to just handle it in our >> unsafe_op_wrap(). I'll try and come up with something tomorrow. > > unsafe_op_wrap() is not used anymore for unsafe_put_user() as we are now= =20 > using asm goto. Sure, but we could change it back to use unsafe_op_wrap(). I did a quick hack to do that and see no difference in the generated code, but your commit adding put_user_goto() did show better code generation, so possibly it depends on compiler version, or my example wasn't complicated enough (filldir()). cheers