[{"id":1790036,"web_url":"http://patchwork.ozlabs.org/comment/1790036/","msgid":"<20171019102046.356de68b@MiWiFi-R3-srv>","date":"2017-10-18T23:20:46","subject":"Re: [PATCH 19/25] powerpc: implementation for\n\tarch_vma_access_permitted()","submitter":{"id":9347,"url":"http://patchwork.ozlabs.org/api/people/9347/","name":"Balbir Singh","email":"bsingharora@gmail.com"},"content":"On Fri, 8 Sep 2017 15:45:07 -0700\nRam Pai wrote:\n\n> This patch provides the implementation for\n> arch_vma_access_permitted(). Returns true if the\n> requested access is allowed by pkey associated with the\n> vma.\n> \n> Signed-off-by: Ram Pai \n> ---\n> arch/powerpc/include/asm/mmu_context.h | 5 +++-\n> arch/powerpc/mm/pkeys.c | 43 ++++++++++++++++++++++++++++++++\n> 2 files changed, 47 insertions(+), 1 deletions(-)\n> \n> diff --git a/arch/powerpc/include/asm/mmu_context.h b/arch/powerpc/include/asm/mmu_context.h\n> index 04e9221..9a56355 100644\n> --- a/arch/powerpc/include/asm/mmu_context.h\n> +++ b/arch/powerpc/include/asm/mmu_context.h\n> @@ -135,6 +135,10 @@ static inline void arch_bprm_mm_init(struct mm_struct *mm,\n> {\n> }\n> \n> +#ifdef CONFIG_PPC64_MEMORY_PROTECTION_KEYS\n> +bool arch_vma_access_permitted(struct vm_area_struct *vma,\n> +\t\t\tbool write, bool execute, bool foreign);\n> +#else /* CONFIG_PPC64_MEMORY_PROTECTION_KEYS */\n> static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,\n> \t\tbool write, bool execute, bool foreign)\n> {\n> @@ -142,7 +146,6 @@ static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,\n> \treturn true;\n> }\n> \n> -#ifndef CONFIG_PPC64_MEMORY_PROTECTION_KEYS\n> #define pkey_initialize()\n> #define pkey_mm_init(mm)\n> \n> diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c\n> index 24589d9..21c3b42 100644\n> --- a/arch/powerpc/mm/pkeys.c\n> +++ b/arch/powerpc/mm/pkeys.c\n> @@ -320,3 +320,46 @@ bool arch_pte_access_permitted(u64 pte, bool write, bool execute)\n> \treturn pkey_access_permitted(pte_to_pkey_bits(pte),\n> \t\t\twrite, execute);\n> }\n> +\n> +/*\n> + * We only want to enforce protection keys on the current process\n> + * because we effectively have no access to AMR/IAMR for other\n> + * processes or any way to tell *which * AMR/IAMR in a threaded\n> + * process we could use.\n> + *\n> + * So do not enforce things if the VMA is not from the current\n> + * mm, or if we are in a kernel thread.\n> + */\n> +static inline bool vma_is_foreign(struct vm_area_struct *vma)\n> +{\n> +\tif (!current->mm)\n> +\t\treturn true;\n> +\t/*\n> +\t * if the VMA is from another process, then AMR/IAMR has no\n> +\t * relevance and should not be enforced.\n> +\t */\n> +\tif (current->mm != vma->vm_mm)\n> +\t\treturn true;\n> +\n> +\treturn false;\n> +}\n> +\n> +bool arch_vma_access_permitted(struct vm_area_struct *vma,\n> +\t\tbool write, bool execute, bool foreign)\n> +{\n> +\tint pkey;\n> +\n> +\tif (!pkey_inited)\n> +\t\treturn true;\n> +\n> +\t/* allow access if the VMA is not one from this process */\n> +\tif (foreign || vma_is_foreign(vma))\n> +\t\treturn true;\n> +\n> +\tpkey = vma_pkey(vma);\n> +\n> +\tif (!pkey)\n> +\t\treturn true;\n> +\n> +\treturn pkey_access_permitted(pkey, write, execute);\n> +}\n\nAgain, I think this is GUP, I don't really understand the top level\nuse case of enforcing permissions for GUP in a thread context.\n\nBalbir Singh.","headers":{"Return-Path":"","X-Original-To":["patchwork-incoming@ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Delivered-To":["patchwork-incoming@ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Received":["from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68])\n\t(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3yHSl63wSQz9t6K\n\tfor ;\n\tThu, 19 Oct 2017 10:22:26 +1100 (AEDT)","from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 3yHSl61dJ4zDqBd\n\tfor ;\n\tThu, 19 Oct 2017 10:22:26 +1100 (AEDT)","from mail-pg0-x241.google.com (mail-pg0-x241.google.com\n\t[IPv6:2607:f8b0:400e:c05::241])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 3yHSjP56FrzDq5x\n\tfor ;\n\tThu, 19 Oct 2017 10:20:57 +1100 (AEDT)","by mail-pg0-x241.google.com with SMTP id 15so838920pgc.12\n\tfor ;\n\tWed, 18 Oct 2017 16:20:57 -0700 (PDT)","from MiWiFi-R3-srv ([122.99.82.10])\n\tby smtp.gmail.com with ESMTPSA id\n\tc26sm25207867pfl.115.2017.10.18.16.20.51\n\t(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);\n\tWed, 18 Oct 2017 16:20:55 -0700 (PDT)"],"Authentication-Results":["ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"sDNQGUcd\"; dkim-atps=neutral","lists.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"sDNQGUcd\"; dkim-atps=neutral","ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=gmail.com\n\t(client-ip=2607:f8b0:400e:c05::241; helo=mail-pg0-x241.google.com;\n\tenvelope-from=bsingharora@gmail.com; receiver=)","lists.ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"sDNQGUcd\"; dkim-atps=neutral"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=date:from:to:cc:subject:message-id:in-reply-to:references\n\t:mime-version:content-transfer-encoding;\n\tbh=P3B/nyVnflR5db3i1akhLRKxUr9g9ebg0yV2Sm/L+lU=;\n\tb=sDNQGUcdjiat347iU4G8Ts40m85FnKxg02WlSPM2pPfuqKyVI4/szefs9acFOIJ3wh\n\tomeO+ifmXxzvV0mVNgAj+QQ4uCe9DSDjF9o729vc1yxYpMv9KDaojPFe93D5npw1uPMI\n\tlwesmgZLV+IcQwwOEcl93ijl6P6N+hf3vLcKzQ1EPoJcjLU6ZOVcLY0nyaqTknQpIy9r\n\tbF6p/Ae6stFEUZAlOIHn3zkCYrr4qY2t36vATfGIxsHEl3xWWcGiMnH80UqwTywj+13Y\n\t6T4Ju69Y2MqihIwGfcqQwHDwXxZbsUNy7dIqgsJk6wYTKhDSD5O8SzzP+Y1CGRloG3kX\n\tZ4ZA==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to\n\t:references:mime-version:content-transfer-encoding;\n\tbh=P3B/nyVnflR5db3i1akhLRKxUr9g9ebg0yV2Sm/L+lU=;\n\tb=RztBCfa/jgNRk8G5A3Gsgiw3CG6j7M59avnqS2aSkPiixIanuHsdJDFir2UfXluBww\n\trg9Rywt5lRa4VG/JjW9i4xBWVCHnxiA8mAhDxIyrbi+S2sH2GtBWA+P9YXLse8wNWQgx\n\tKwqWEgHg+a+Tj6ZfXvPTJcnRwp55CJQCH6WcanDXi5A5IvfW5EezjQD4w4tQQ7JKYKcX\n\tomVhJleNI75qOMowMzE3HVAZw4yA7uIWxP4/P7KCzIFxssI5aezrAPW7TKGqbl/Jb2EO\n\tJeJIqGyI6RmsLacAicxGTm89qQQRsY3iZDkMSIbauU4w51gyuEbq19BRGoMpn0yR/Yis\n\tKu8w==","X-Gm-Message-State":"AMCzsaWjK/Z8WJiiPMFvJSPthqEY9Zd91OxBVHyD9G15g+WHjTQNyd66\n\tETVGNVSlAdYgw8wY/EVKgRU=","X-Google-Smtp-Source":"AOwi7QCpMITkxjdn33TALSn1mQCDiYW1s4aDJniweLM4nbVAFqvgQOySRbZxCydfHGlA0t2mtQx0hg==","X-Received":"by 10.84.171.193 with SMTP id l59mr16929928plb.13.1508368855531; \n\tWed, 18 Oct 2017 16:20:55 -0700 (PDT)","Date":"Thu, 19 Oct 2017 10:20:46 +1100","From":"Balbir Singh ","To":"Ram Pai ","Subject":"Re: [PATCH 19/25] powerpc: implementation for\n\tarch_vma_access_permitted()","Message-ID":"<20171019102046.356de68b@MiWiFi-R3-srv>","In-Reply-To":"<1504910713-7094-28-git-send-email-linuxram@us.ibm.com>","References":"<1504910713-7094-1-git-send-email-linuxram@us.ibm.com>\n\t<1504910713-7094-28-git-send-email-linuxram@us.ibm.com>","X-Mailer":"Claws Mail 3.15.1-dirty (GTK+ 2.24.31; x86_64-redhat-linux-gnu)","MIME-Version":"1.0","Content-Type":"text/plain; charset=US-ASCII","Content-Transfer-Encoding":"7bit","X-BeenThere":"linuxppc-dev@lists.ozlabs.org","X-Mailman-Version":"2.1.24","Precedence":"list","List-Id":"Linux on PowerPC Developers Mail List\n\t","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"ebiederm@xmission.com, mhocko@kernel.org, paulus@samba.org,\n\taneesh.kumar@linux.vnet.ibm.com, bauerman@linux.vnet.ibm.com,\n\tlinuxppc-dev@lists.ozlabs.org, khandual@linux.vnet.ibm.com","Errors-To":"linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org","Sender":"\"Linuxppc-dev\"\n\t"}},{"id":1793241,"web_url":"http://patchwork.ozlabs.org/comment/1793241/","msgid":"<8737684ken.fsf@concordia.ellerman.id.au>","date":"2017-10-24T15:48:00","subject":"Re: [PATCH 19/25] powerpc: implementation for\n\tarch_vma_access_permitted()","submitter":{"id":46580,"url":"http://patchwork.ozlabs.org/api/people/46580/","name":"Michael Ellerman","email":"mpe@ellerman.id.au"},"content":"Ram Pai writes:\n\n> diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c\n> index 24589d9..21c3b42 100644\n> --- a/arch/powerpc/mm/pkeys.c\n> +++ b/arch/powerpc/mm/pkeys.c\n> @@ -320,3 +320,46 @@ bool arch_pte_access_permitted(u64 pte, bool write, bool execute)\n> \treturn pkey_access_permitted(pte_to_pkey_bits(pte),\n> \t\t\twrite, execute);\n> }\n> +\n> +/*\n> + * We only want to enforce protection keys on the current process\n> + * because we effectively have no access to AMR/IAMR for other\n> + * processes or any way to tell *which * AMR/IAMR in a threaded\n> + * process we could use.\n\nThis comment doesn't match the code, or at least is confusing to me.\n\nA \"threaded process\" is two tasks that have the same mm. ie. where\ncurrent->mm == vma->mm.\n\nAnd in that case we *do* enforce protection, based on the AMR/IAMR of\nthe current thread.\n\n> + * So do not enforce things if the VMA is not from the current\n> + * mm, or if we are in a kernel thread.\n> + */\n> +static inline bool vma_is_foreign(struct vm_area_struct *vma)\n> +{\n> +\tif (!current->mm)\n> +\t\treturn true;\n> +\t/*\n> +\t * if the VMA is from another process, then AMR/IAMR has no\n> +\t * relevance and should not be enforced.\n> +\t */\n> +\tif (current->mm != vma->vm_mm)\n> +\t\treturn true;\n\nie. threaded processes end up here, because they *do* share an mm.\n\n> +\n> +\treturn false;\n> +}\n> +\n> +bool arch_vma_access_permitted(struct vm_area_struct *vma,\n> +\t\tbool write, bool execute, bool foreign)\n> +{\n> +\tint pkey;\n> +\n> +\tif (!pkey_inited)\n> +\t\treturn true;\n> +\n> +\t/* allow access if the VMA is not one from this process */\n> +\tif (foreign || vma_is_foreign(vma))\n> +\t\treturn true;\n> +\n> +\tpkey = vma_pkey(vma);\n> +\n> +\tif (!pkey)\n> +\t\treturn true;\n\nI think I'd prefer if we didn't special case key 0, instead just let it\ngo through to pkey_access_permitted().\n\n> +\n> +\treturn pkey_access_permitted(pkey, write, execute);\n> +}\n\ncheers","headers":{"Return-Path":"","X-Original-To":["patchwork-incoming@ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Delivered-To":["patchwork-incoming@ozlabs.org","linuxppc-dev@lists.ozlabs.org"],"Received":["from lists.ozlabs.org (lists.ozlabs.org [103.22.144.68])\n\t(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3yLySg1Bf2z9s7p\n\tfor ;\n\tWed, 25 Oct 2017 02:52:03 +1100 (AEDT)","from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 3yLySg0Hy7zDqwd\n\tfor ;\n\tWed, 25 Oct 2017 02:52:03 +1100 (AEDT)","from ozlabs.org (ozlabs.org [IPv6:2401:3900:2:1::2])\n\t(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 3yLyN82kx8zDr4m\n\tfor ;\n\tWed, 25 Oct 2017 02:48:08 +1100 (AEDT)","from authenticated.ozlabs.org (localhost [127.0.0.1])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPSA id 3yLyN60KRhz9sNc;\n\tWed, 25 Oct 2017 02:48:05 +1100 (AEDT)"],"From":"Michael Ellerman ","To":"Ram Pai , linuxppc-dev@lists.ozlabs.org","Subject":"Re: [PATCH 19/25] powerpc: implementation for\n\tarch_vma_access_permitted()","In-Reply-To":"<1504910713-7094-28-git-send-email-linuxram@us.ibm.com>","References":"<1504910713-7094-1-git-send-email-linuxram@us.ibm.com>\n\t<1504910713-7094-28-git-send-email-linuxram@us.ibm.com>","Date":"Tue, 24 Oct 2017 17:48:00 +0200","Message-ID":"<8737684ken.fsf@concordia.ellerman.id.au>","MIME-Version":"1.0","Content-Type":"text/plain","X-BeenThere":"linuxppc-dev@lists.ozlabs.org","X-Mailman-Version":"2.1.24","Precedence":"list","List-Id":"Linux on PowerPC Developers Mail List\n\t","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Cc":"ebiederm@xmission.com, linuxram@us.ibm.com, mhocko@kernel.org,\n\tpaulus@samba.org, aneesh.kumar@linux.vnet.ibm.com,\n\tbauerman@linux.vnet.ibm.com, khandual@linux.vnet.ibm.com","Errors-To":"linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org","Sender":"\"Linuxppc-dev\"\n\t"}}]