| Message ID | 1478007500-23624-3-git-send-email-bsingharora@gmail.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
Balbir Singh <bsingharora@gmail.com> writes: > ISA 3 allows for prevention of instruction fetch and execution > of user mode pages. If such an error occurs, SRR1 bit 35 > reports the error. We catch and report the error in do_page_fault() > > Signed-off-by: Balbir Singh <bsingharora@gmail.com> > --- > arch/powerpc/mm/fault.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c > index d0b137d..835fd03 100644 > --- a/arch/powerpc/mm/fault.c > +++ b/arch/powerpc/mm/fault.c > @@ -404,6 +404,10 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, > (cpu_has_feature(CPU_FTR_NOEXECUTE) || > !(vma->vm_flags & (VM_READ | VM_WRITE)))) > goto bad_area; > + > + if (radix_enabled() && (regs->msr & SRR1_ISI_N_OR_G)) > + goto bad_area; Why is this within radix_enabled() ? Hash can also generate an interrupt with that SRR1 value right ? > + > #ifdef CONFIG_PPC_STD_MMU > /* > * protfault should only happen due to us -aneesh
Balbir Singh <bsingharora@gmail.com> writes: > ISA 3 allows for prevention of instruction fetch and execution > of user mode pages. If such an error occurs, SRR1 bit 35 > reports the error. We catch and report the error in do_page_fault() > > Signed-off-by: Balbir Singh <bsingharora@gmail.com> > --- > arch/powerpc/mm/fault.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c > index d0b137d..835fd03 100644 > --- a/arch/powerpc/mm/fault.c > +++ b/arch/powerpc/mm/fault.c > @@ -404,6 +404,10 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, > (cpu_has_feature(CPU_FTR_NOEXECUTE) || > !(vma->vm_flags & (VM_READ | VM_WRITE)))) > goto bad_area; > + > + if (radix_enabled() && (regs->msr & SRR1_ISI_N_OR_G)) > + goto bad_area; > + Can we also do this check early, ie, before down_read(mmap_sem) -aneesh
On 09/11/16 03:09, Aneesh Kumar K.V wrote: > Balbir Singh <bsingharora@gmail.com> writes: > >> ISA 3 allows for prevention of instruction fetch and execution >> of user mode pages. If such an error occurs, SRR1 bit 35 >> reports the error. We catch and report the error in do_page_fault() >> >> Signed-off-by: Balbir Singh <bsingharora@gmail.com> >> --- >> arch/powerpc/mm/fault.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c >> index d0b137d..835fd03 100644 >> --- a/arch/powerpc/mm/fault.c >> +++ b/arch/powerpc/mm/fault.c >> @@ -404,6 +404,10 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, >> (cpu_has_feature(CPU_FTR_NOEXECUTE) || >> !(vma->vm_flags & (VM_READ | VM_WRITE)))) >> goto bad_area; >> + >> + if (radix_enabled() && (regs->msr & SRR1_ISI_N_OR_G)) >> + goto bad_area; > > Why is this within radix_enabled() ? Hash can also generate an > interrupt with that SRR1 value right ? > Yes the bits are not specific to radix. I suspect the check above took care of instruction exceptions, so we've never needed it before. I'll remove the check Balbir
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index d0b137d..835fd03 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -404,6 +404,10 @@ int do_page_fault(struct pt_regs *regs, unsigned long address, (cpu_has_feature(CPU_FTR_NOEXECUTE) || !(vma->vm_flags & (VM_READ | VM_WRITE)))) goto bad_area; + + if (radix_enabled() && (regs->msr & SRR1_ISI_N_OR_G)) + goto bad_area; + #ifdef CONFIG_PPC_STD_MMU /* * protfault should only happen due to us
ISA 3 allows for prevention of instruction fetch and execution of user mode pages. If such an error occurs, SRR1 bit 35 reports the error. We catch and report the error in do_page_fault() Signed-off-by: Balbir Singh <bsingharora@gmail.com> --- arch/powerpc/mm/fault.c | 4 ++++ 1 file changed, 4 insertions(+)