Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP

[PATCH v6 00/22] Kernel userspace access/execution prevention with hash translation · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 01/22] powerpc: Add new macro to handle NESTED_IFCLR · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 02/22] KVM: PPC: BOOK3S: PR: Ignore UAMOR SPR · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
[PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
[PATCH v6 05/22] powerpc/book3s64/kuap: Move KUAP related function outside radix · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 06/22] powerpc/book3s64/kuep: Move KUEP related function outside radix · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
[PATCH v6 08/22] powerpc/book3s64/kuap: Use Key 3 for kernel mapping with hash translation · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Aneesh Kumar K.V <hidden> · 2020-11-26
Re: [PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Christophe Leroy <hidden> · 2020-11-26
[PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Christophe Leroy <hidden> · 2020-11-25
[PATCH v6 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 12/22] powerpc/book3s64/pkeys: Reset userspace AMR correctly on exec · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 13/22] powerpc/ptrace-view: Use pt_regs values instead of thread_struct based one. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 14/22] powerpc/book3s64/pkeys: Don't update SPRN_AMR when in kernel mode. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 15/22] powerpc/book3s64/kuap: Restrict access to userspace based on userspace AMR · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Aneesh Kumar K.V <hidden> · 2020-11-26
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Christophe Leroy <hidden> · 2020-11-26
[PATCH v6 17/22] powerpc/book3s64/kuap: Use Key 3 to implement KUAP with hash translation. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 18/22] powerpc/book3s64/kuep: Use Key 3 to implement KUEP with hash translation. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Christophe Leroy <hidden> · 2021-03-15
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Aneesh Kumar K.V <hidden> · 2021-03-15
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Christophe Leroy <hidden> · 2021-03-15
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Christophe Leroy <hidden> · 2021-10-08
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Michael Ellerman <mpe@ellerman.id.au> · 2021-10-11
[PATCH v6 20/22] powerpc/book3s64/hash/kuep: Enable KUEP on hash · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 21/22] powerpc/book3s64/hash/kup: Don't hardcode kup key · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 22/22] powerpc/book3s64/pkeys: Optimize FTR_KUAP and FTR_KUEP disabled case · Aneesh Kumar K.V <hidden> · 2020-11-25

From: Christophe Leroy <hidden>
Date: 2020-11-25 14:31:10


Le 25/11/2020 à 06:16, Aneesh Kumar K.V a écrit :

quoted hunk ↗ jump to hunk

With hash translation use DSISR_KEYFAULT to identify a wrong access.
With Radix we look at the AMR value and type of fault.

Signed-off-by: Aneesh Kumar K.V <redacted>
---
  arch/powerpc/include/asm/book3s/32/kup.h     |  4 +--
  arch/powerpc/include/asm/book3s/64/kup.h     | 27 ++++++++++++++++----
  arch/powerpc/include/asm/kup.h               |  4 +--
  arch/powerpc/include/asm/nohash/32/kup-8xx.h |  4 +--
  arch/powerpc/mm/fault.c                      |  2 +-
  5 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/arch/powerpc/include/asm/book3s/32/kup.h b/arch/powerpc/include/asm/book3s/32/kup.h
index 32fd4452e960..b18cd931e325 100644
--- a/arch/powerpc/include/asm/book3s/32/kup.h
+++ b/arch/powerpc/include/asm/book3s/32/kup.h

@@ -177,8 +177,8 @@ static inline void restore_user_access(unsigned long flags)
  		allow_user_access(to, to, end - addr, KUAP_READ_WRITE);
  }
  
-static inline bool
-bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
+static inline bool bad_kuap_fault(struct pt_regs *regs, unsigned long address,
+				  bool is_write, unsigned long error_code)
  {
  	unsigned long begin = regs->kuap & 0xf0000000;
  	unsigned long end = regs->kuap << 28;

diff --git a/arch/powerpc/include/asm/book3s/64/kup.h b/arch/powerpc/include/asm/book3s/64/kup.h
index 4a3d0d601745..2922c442a218 100644
--- a/arch/powerpc/include/asm/book3s/64/kup.h
+++ b/arch/powerpc/include/asm/book3s/64/kup.h

@@ -301,12 +301,29 @@ static inline void set_kuap(unsigned long value)
  	isync();
  }
  
-static inline bool
-bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
+#define RADIX_KUAP_BLOCK_READ	UL(0x4000000000000000)
+#define RADIX_KUAP_BLOCK_WRITE	UL(0x8000000000000000)
+
+static inline bool bad_kuap_fault(struct pt_regs *regs, unsigned long address,
+				  bool is_write, unsigned long error_code)
  {
-	return WARN(mmu_has_feature(MMU_FTR_KUAP) &&
-		    (regs->kuap & (is_write ? AMR_KUAP_BLOCK_WRITE : AMR_KUAP_BLOCK_READ)),
-		    "Bug: %s fault blocked by AMR!", is_write ? "Write" : "Read");
+	if (!mmu_has_feature(MMU_FTR_KUAP))
+		return false;
+
+	if (radix_enabled()) {
+		/*
+		 * Will be a storage protection fault.
+		 * Only check the details of AMR[0]
+		 */
+		return WARN((regs->kuap & (is_write ? RADIX_KUAP_BLOCK_WRITE : RADIX_KUAP_BLOCK_READ)),
+			    "Bug: %s fault blocked by AMR!", is_write ? "Write" : "Read");

I think it is pointless to keep the WARN() here.

I have a series aiming at removing them. See 
https://patchwork.ozlabs.org/project/linuxppc-dev/patch/cc9129bdda1dbc2f0a09cf45fece7d0b0e690784.1605541983.git.christophe.leroy@csgroup.eu/

quoted hunk ↗ jump to hunk

+	}
+	/*
+	 * We don't want to WARN here because userspace can setup
+	 * keys such that a kernel access to user address can cause
+	 * fault
+	 */
+	return !!(error_code & DSISR_KEYFAULT);
  }
  
  static __always_inline void allow_user_access(void __user *to, const void __user *from,

diff --git a/arch/powerpc/include/asm/kup.h b/arch/powerpc/include/asm/kup.h
index a06e50b68d40..952be0414f43 100644
--- a/arch/powerpc/include/asm/kup.h
+++ b/arch/powerpc/include/asm/kup.h

@@ -59,8 +59,8 @@ void setup_kuap(bool disabled);
  #else
  static inline void setup_kuap(bool disabled) { }
  
-static inline bool
-bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
+static inline bool bad_kuap_fault(struct pt_regs *regs, unsigned long address,
+				  bool is_write, unsigned long error_code)
  {
  	return false;
  }

diff --git a/arch/powerpc/include/asm/nohash/32/kup-8xx.h b/arch/powerpc/include/asm/nohash/32/kup-8xx.h
index 567cdc557402..7bdd9e5b63ed 100644
--- a/arch/powerpc/include/asm/nohash/32/kup-8xx.h
+++ b/arch/powerpc/include/asm/nohash/32/kup-8xx.h

@@ -60,8 +60,8 @@ static inline void restore_user_access(unsigned long flags)
  	mtspr(SPRN_MD_AP, flags);
  }
  
-static inline bool
-bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
+static inline bool bad_kuap_fault(struct pt_regs *regs, unsigned long address,
+				  bool is_write, unsigned long error_code)
  {
  	return WARN(!((regs->kuap ^ MD_APG_KUAP) & 0xff000000),
  		    "Bug: fault blocked by AP register !");

diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
index 0add963a849b..c91621df0c61 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c

@@ -227,7 +227,7 @@ static bool bad_kernel_fault(struct pt_regs *regs, unsigned long error_code,
  
  	// Read/write fault in a valid region (the exception table search passed
  	// above), but blocked by KUAP is bad, it can never succeed.
-	if (bad_kuap_fault(regs, address, is_write))
+	if (bad_kuap_fault(regs, address, is_write, error_code))
  		return true;
  
  	// What's left? Kernel fault on user in well defined regions (extable

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help