From patchwork Mon Nov 6 08:57:10 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 834570 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yVp8f12ttz9s3T for ; Mon, 6 Nov 2017 21:05:22 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="BDj6y+0R"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3yVp8d5nN7zDrL9 for ; Mon, 6 Nov 2017 21:05:21 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="BDj6y+0R"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c09::242; helo=mail-qk0-x242.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="BDj6y+0R"; dkim-atps=neutral Received: from mail-qk0-x242.google.com (mail-qk0-x242.google.com [IPv6:2607:f8b0:400d:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3yVmhH0GShzDr5S for ; Mon, 6 Nov 2017 19:59:11 +1100 (AEDT) Received: by mail-qk0-x242.google.com with SMTP id n5so9989623qke.11 for ; Mon, 06 Nov 2017 00:59:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=Jn/e9zJnvbxZAVDuJbkX1Zal8jeIcLE7qvQ3Prs5zNs=; b=BDj6y+0Ryf6j9hPA2n7Pox3cQkthlge4IlGlA/alscSclKw6prh9Tf/uD47wAIA/tj zGjrOA1/mYVYxZtgDeU4W7tKqH8zWOKA4SHbxq2fYBdh7oD5YXyzSmM1RvogSWnULtPR BTEBphy3I/p29usgs+WhVwTeu44KAylwpWED8xvCygHRrz8uRPs40DmeXfWndGiTLfxx k+fmQG3jfzCCBM009TyTkqHCKYp6pUUkC/qxQVNNII1UO8z2phqcBPQuy3Ixo91hCcbT dY//f9F/HTFckVMHBEqpC68iuH4OuJBpP9VmXFtdXuWiTyu8ycsG/u9Uqx2uKhMsjolm OAoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=Jn/e9zJnvbxZAVDuJbkX1Zal8jeIcLE7qvQ3Prs5zNs=; b=PmFbPe0+s2YqjZu7U9cU6uxitWeSAXMypG6M70sWgcf8IVqqqd4WxQ/cnPYO82kdU5 aFBTxriRZZT23PnNsXJzHH45gLXigwmFbQpwksCEWV1KOCIJh7Po6TexxadiNK4S89Ay 7GTm3uGy+IMUMchl+/bOF0+eq5TVI/+w9CLtu26zTXd9ymACQ5m52EcfQWzzIZs6a41/ D2EGqMYJr6s1cFOqDwJo99VHb3EDYNIMiLIYJ7idtt/kmZu7CT7lYD+iHHmkE9RFktFM 101GNLXPwAIzmpSY86KbbqmXpnCrtTCInPI0n+16H8uB5KMxYyYtvkRU081Yg7rlFv+g UYkg== X-Gm-Message-State: AJaThX6zpPk+TCUkDnH/rpdwKT84jyLAHeQjCPQJanFDxay+ANr8VV0U 1vp7Hj2fz109jpwaSpGB9So= X-Google-Smtp-Source: ABhQp+RQDXV6LS5qZcFK/bdyzNQqeF2xTplJLXgFMsJ68RgAyB3NXpyZvYZSGdH1fo45yraSvXRxsQ== X-Received: by 10.55.19.19 with SMTP id d19mr4610435qkh.189.1509958749147; Mon, 06 Nov 2017 00:59:09 -0800 (PST) Received: from localhost.localdomain (50-39-103-96.bvtn.or.frontiernet.net. [50.39.103.96]) by smtp.gmail.com with ESMTPSA id r26sm8001094qki.42.2017.11.06.00.59.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Nov 2017 00:59:08 -0800 (PST) From: Ram Pai To: mpe@ellerman.id.au, mingo@redhat.com, akpm@linux-foundation.org, corbet@lwn.net, arnd@arndb.de Subject: [PATCH v9 18/51] powerpc: implementation for arch_vma_access_permitted() Date: Mon, 6 Nov 2017 00:57:10 -0800 Message-Id: <1509958663-18737-19-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1509958663-18737-1-git-send-email-linuxram@us.ibm.com> References: <1509958663-18737-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.24 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: linux-arch@vger.kernel.org, ebiederm@xmission.com, linux-doc@vger.kernel.org, x86@kernel.org, dave.hansen@intel.com, linux-kernel@vger.kernel.org, linuxram@us.ibm.com, mhocko@kernel.org, linux-mm@kvack.org, paulus@samba.org, aneesh.kumar@linux.vnet.ibm.com, linux-kselftest@vger.kernel.org, bauerman@linux.vnet.ibm.com, linuxppc-dev@lists.ozlabs.org, khandual@linux.vnet.ibm.com Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" This patch provides the implementation for arch_vma_access_permitted(). Returns true if the requested access is allowed by pkey associated with the vma. Signed-off-by: Ram Pai --- arch/powerpc/include/asm/mmu_context.h | 5 +++- arch/powerpc/mm/pkeys.c | 34 ++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletions(-) diff --git a/arch/powerpc/include/asm/mmu_context.h b/arch/powerpc/include/asm/mmu_context.h index a557735..95a3288 100644 --- a/arch/powerpc/include/asm/mmu_context.h +++ b/arch/powerpc/include/asm/mmu_context.h @@ -136,6 +136,10 @@ static inline void arch_bprm_mm_init(struct mm_struct *mm, { } +#ifdef CONFIG_PPC_MEM_KEYS +bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, + bool execute, bool foreign); +#else /* CONFIG_PPC_MEM_KEYS */ static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, bool execute, bool foreign) { @@ -143,7 +147,6 @@ static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, return true; } -#ifndef CONFIG_PPC_MEM_KEYS #define pkey_initialize() #define pkey_mm_init(mm) #define thread_pkey_regs_save(thread) diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c index 13902be..3b221bd 100644 --- a/arch/powerpc/mm/pkeys.c +++ b/arch/powerpc/mm/pkeys.c @@ -375,3 +375,37 @@ bool arch_pte_access_permitted(u64 pte, bool write, bool execute) return pkey_access_permitted(pte_to_pkey_bits(pte), write, execute); } + +/* + * We only want to enforce protection keys on the current thread because we + * effectively have no access to AMR/IAMR for other threads or any way to tell + * which AMR/IAMR in a threaded process we could use. + * + * So do not enforce things if the VMA is not from the current mm, or if we are + * in a kernel thread. + */ +static inline bool vma_is_foreign(struct vm_area_struct *vma) +{ + if (!current->mm) + return true; + + /* if it is not our ->mm, it has to be foreign */ + if (current->mm != vma->vm_mm) + return true; + + return false; +} + +bool arch_vma_access_permitted(struct vm_area_struct *vma, bool write, + bool execute, bool foreign) +{ + if (static_branch_likely(&pkey_disabled)) + return true; + /* + * Do not enforce our key-permissions on a foreign vma. + */ + if (foreign || vma_is_foreign(vma)) + return true; + + return pkey_access_permitted(vma_pkey(vma), write, execute); +}