[PATCH v6 15/22] powerpc/book3s64/kuap: Restrict access to userspace based... | linuxppc-dev

[PATCH v6 00/22] Kernel userspace access/execution prevention with hash translation · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 01/22] powerpc: Add new macro to handle NESTED_IFCLR · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 02/22] KVM: PPC: BOOK3S: PR: Ignore UAMOR SPR · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
[PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
[PATCH v6 05/22] powerpc/book3s64/kuap: Move KUAP related function outside radix · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 06/22] powerpc/book3s64/kuep: Move KUEP related function outside radix · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
[PATCH v6 08/22] powerpc/book3s64/kuap: Use Key 3 for kernel mapping with hash translation · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Aneesh Kumar K.V <hidden> · 2020-11-26
Re: [PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Christophe Leroy <hidden> · 2020-11-26
[PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Christophe Leroy <hidden> · 2020-11-25
[PATCH v6 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 12/22] powerpc/book3s64/pkeys: Reset userspace AMR correctly on exec · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 13/22] powerpc/ptrace-view: Use pt_regs values instead of thread_struct based one. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 14/22] powerpc/book3s64/pkeys: Don't update SPRN_AMR when in kernel mode. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 15/22] powerpc/book3s64/kuap: Restrict access to userspace based on userspace AMR · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Aneesh Kumar K.V <hidden> · 2020-11-26
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Christophe Leroy <hidden> · 2020-11-26
[PATCH v6 17/22] powerpc/book3s64/kuap: Use Key 3 to implement KUAP with hash translation. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 18/22] powerpc/book3s64/kuep: Use Key 3 to implement KUEP with hash translation. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Christophe Leroy <hidden> · 2021-03-15
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Aneesh Kumar K.V <hidden> · 2021-03-15
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Christophe Leroy <hidden> · 2021-03-15
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Christophe Leroy <hidden> · 2021-10-08
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Michael Ellerman <mpe@ellerman.id.au> · 2021-10-11
[PATCH v6 20/22] powerpc/book3s64/hash/kuep: Enable KUEP on hash · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 21/22] powerpc/book3s64/hash/kup: Don't hardcode kup key · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 22/22] powerpc/book3s64/pkeys: Optimize FTR_KUAP and FTR_KUEP disabled case · Aneesh Kumar K.V <hidden> · 2020-11-25

[PATCH v6 15/22] powerpc/book3s64/kuap: Restrict access to userspace based on userspace AMR

From: Aneesh Kumar K.V <hidden>
Date: 2020-11-25 05:46:41
Subsystem: linux for powerpc (32-bit and 64-bit), the rest · Maintainers: Madhavan Srinivasan, Michael Ellerman, Linus Torvalds

If an application has configured address protection such that read/write is
denied using pkey even the kernel should receive a FAULT on accessing the same.

This patch use user AMR value stored in pt_regs.amr to achieve the same.

Reviewed-by: Sandipan Das <redacted>
Signed-off-by: Aneesh Kumar K.V <redacted>
---
 arch/powerpc/include/asm/book3s/64/kup.h | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/arch/powerpc/include/asm/book3s/64/kup.h b/arch/powerpc/include/asm/book3s/64/kup.h
index 47270596215b..4a3d0d601745 100644
--- a/arch/powerpc/include/asm/book3s/64/kup.h
+++ b/arch/powerpc/include/asm/book3s/64/kup.h

@@ -312,14 +312,20 @@ bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
 static __always_inline void allow_user_access(void __user *to, const void __user *from,
 					      unsigned long size, unsigned long dir)
 {
+	unsigned long thread_amr = 0;
+
 	// This is written so we can resolve to a single case at build time
 	BUILD_BUG_ON(!__builtin_constant_p(dir));
+
+	if (mmu_has_feature(MMU_FTR_PKEY))
+		thread_amr = current_thread_amr();
+
 	if (dir == KUAP_READ)
-		set_kuap(AMR_KUAP_BLOCK_WRITE);
+		set_kuap(thread_amr | AMR_KUAP_BLOCK_WRITE);
 	else if (dir == KUAP_WRITE)
-		set_kuap(AMR_KUAP_BLOCK_READ);
+		set_kuap(thread_amr | AMR_KUAP_BLOCK_READ);
 	else if (dir == KUAP_READ_WRITE)
-		set_kuap(0);
+		set_kuap(thread_amr);
 	else
 		BUILD_BUG();
 }

-- 
2.28.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help