Re: [PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init

[PATCH v6 00/22] Kernel userspace access/execution prevention with hash translation · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 01/22] powerpc: Add new macro to handle NESTED_IFCLR · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 02/22] KVM: PPC: BOOK3S: PR: Ignore UAMOR SPR · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 03/22] powerpc/book3s64/kuap/kuep: Make KUAP and KUEP a subfeature of PPC_MEM_KEYS · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
[PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 04/22] powerpc/book3s64/kuap/kuep: Move uamor setup to pkey init · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
[PATCH v6 05/22] powerpc/book3s64/kuap: Move KUAP related function outside radix · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 06/22] powerpc/book3s64/kuep: Move KUEP related function outside radix · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 07/22] powerpc/book3s64/kuap: Rename MMU_FTR_RADIX_KUAP to MMU_FTR_KUAP · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
[PATCH v6 08/22] powerpc/book3s64/kuap: Use Key 3 for kernel mapping with hash translation · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Aneesh Kumar K.V <hidden> · 2020-11-26
Re: [PATCH v6 09/22] powerpc/exec: Set thread.regs early during exec · Christophe Leroy <hidden> · 2020-11-26
[PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 10/22] powerpc/book3s64/pkeys: Store/restore userspace AMR/IAMR correctly on entry and exit from kernel · Christophe Leroy <hidden> · 2020-11-25
[PATCH v6 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 11/22] powerpc/book3s64/pkeys: Inherit correctly on fork. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 12/22] powerpc/book3s64/pkeys: Reset userspace AMR correctly on exec · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 13/22] powerpc/ptrace-view: Use pt_regs values instead of thread_struct based one. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 14/22] powerpc/book3s64/pkeys: Don't update SPRN_AMR when in kernel mode. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 15/22] powerpc/book3s64/kuap: Restrict access to userspace based on userspace AMR · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Christophe Leroy <hidden> · 2020-11-25
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Aneesh Kumar K.V <hidden> · 2020-11-26
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Michael Ellerman <mpe@ellerman.id.au> · 2020-11-26
Re: [PATCH v6 16/22] powerpc/book3s64/kuap: Improve error reporting with KUAP · Christophe Leroy <hidden> · 2020-11-26
[PATCH v6 17/22] powerpc/book3s64/kuap: Use Key 3 to implement KUAP with hash translation. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 18/22] powerpc/book3s64/kuep: Use Key 3 to implement KUEP with hash translation. · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Aneesh Kumar K.V <hidden> · 2020-11-25
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Christophe Leroy <hidden> · 2021-03-15
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Aneesh Kumar K.V <hidden> · 2021-03-15
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Christophe Leroy <hidden> · 2021-03-15
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Christophe Leroy <hidden> · 2021-10-08
Re: [PATCH v6 19/22] powerpc/book3s64/hash/kuap: Enable kuap on hash · Michael Ellerman <mpe@ellerman.id.au> · 2021-10-11
[PATCH v6 20/22] powerpc/book3s64/hash/kuep: Enable KUEP on hash · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 21/22] powerpc/book3s64/hash/kup: Don't hardcode kup key · Aneesh Kumar K.V <hidden> · 2020-11-25
[PATCH v6 22/22] powerpc/book3s64/pkeys: Optimize FTR_KUAP and FTR_KUEP disabled case · Aneesh Kumar K.V <hidden> · 2020-11-25

From: Michael Ellerman <mpe@ellerman.id.au>
Date: 2020-11-26 03:29:46

"Aneesh Kumar K.V" [off-list ref] writes:

quoted hunk ↗ jump to hunk

This patch consolidates UAMOR update across pkey, kuap and kuep features.
The boot cpu initialize UAMOR via pkey init and both radix/hash do the
secondary cpu UAMOR init in early_init_mmu_secondary.

We don't check for mmu_feature in radix secondary init because UAMOR
is a supported SPRN with all CPUs supporting radix translation.
The old code was not updating UAMOR if we had smap disabled and smep enabled.
This change handles that case.

Signed-off-by: Aneesh Kumar K.V <redacted>
---
 arch/powerpc/mm/book3s64/radix_pgtable.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/arch/powerpc/mm/book3s64/radix_pgtable.c b/arch/powerpc/mm/book3s64/radix_pgtable.c
index 3adcf730f478..bfe441af916a 100644
--- a/arch/powerpc/mm/book3s64/radix_pgtable.c
+++ b/arch/powerpc/mm/book3s64/radix_pgtable.c

@@ -620,9 +620,6 @@ void setup_kuap(bool disabled)
 		cur_cpu_spec->mmu_features |= MMU_FTR_RADIX_KUAP;
 	}
 
-	/* Make sure userspace can't change the AMR */
-	mtspr(SPRN_UAMOR, 0);
-
 	/*
 	 * Set the default kernel AMR values on all cpus.
 	 */

@@ -721,6 +718,11 @@ void radix__early_init_mmu_secondary(void)
 
 	radix__switch_mmu_context(NULL, &init_mm);
 	tlbiel_all();
+
+#ifdef CONFIG_PPC_PKEY
+	/* Make sure userspace can't change the AMR */
+	mtspr(SPRN_UAMOR, 0);
+#endif

If PPC_PKEY is disabled I think this leaves UAMOR unset, which means it
could potentially allow AMR to be used as a covert channel between
processes.

cheers

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help