From patchwork Tue Jul 17 13:51:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 945101 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41VNvh3zkvz9s0n for ; Wed, 18 Jul 2018 01:08:32 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="uxaqlgaT"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41VNvh2X7YzF3Hy for ; Wed, 18 Jul 2018 01:08:32 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="uxaqlgaT"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c0d::244; helo=mail-qt0-x244.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="uxaqlgaT"; dkim-atps=neutral Received: from mail-qt0-x244.google.com (mail-qt0-x244.google.com [IPv6:2607:f8b0:400d:c0d::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41VMBp6bSqzF3Hb for ; Tue, 17 Jul 2018 23:51:30 +1000 (AEST) Received: by mail-qt0-x244.google.com with SMTP id h4-v6so888303qtj.7 for ; Tue, 17 Jul 2018 06:51:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=VZsuTB+h91eZIuT05BgBckI7KkuS7VEbGlkqyYXKUyc=; b=uxaqlgaT2dPuqbnbiWxvcMgKtvXqqL1SDci+EbfqiInXc2oADFGtflSfhHnFTxxg5r ABtXiA1CcPlXBLbv4Fi2yTlp6Ka20dPigJ6vlnH1kAfsVe3abUVlaxYu1s+oAWqoe08T jRitdiuS7MDODXFitLvd5107xlvWkSPo1pVG2R7IIz+hgEYZmVSBK2HTO5I3el0A33lQ 2pc3ZAgnIP8RpNUlpNpJFoT3FPF0RCSq5/GcRfbW3mNRKCFrFr7mkptF86+yyNXAUoy6 FYRwhlv801lkAup8zHkZqW5xGdDuDyQTsXLZdXV2yhCXh8mzadpXuV+hj7IcU+gjJZEh dm0Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=VZsuTB+h91eZIuT05BgBckI7KkuS7VEbGlkqyYXKUyc=; b=T1RV/Pcq7lPhV5RmXU6vOR8T/wsfj4HmtUDcSO3dTL7iJX2tTPnymFfA4guwpQfmjG 5oaVPLeOH3ClA4vGYaIsXezc0GM9KGMmoyHUoqDov45vxXGp4knwk6e89AT50RYr1zmR qeEkrhaWZGvvuu8q4jtEBUp7Dp0deqHARMFwiXzZndiHMvAq+sNBGdzC2+jMJT6WGT/L 3rG+LOS0U/2ye43ZsuG1Zf+nO4qQ1f+3JrCq/v31LwcVocpIt+LSPkHLwJlfe0EFaPMX RJozriVUzt35RZSNtlSTNhj4DokpQeh8JFlTy4ki1bnqmJ1zhMcs22nIoSqKxTxHGCgU 2O+A== X-Gm-Message-State: AOUpUlF6hXNVD6zBRHcFVWYdb19xkRGESImq12Cxz9C3q4Sid+yb7Qi9 +jkoQrosoExSz2pq3dGm1gv43w== X-Google-Smtp-Source: AAOMgpdmRFacfK+hEIMVcQX+Y8yNumPoTWDzINE2J5T+gOOpE/dWNbNM8qkoNaKFmdAdm0tpNCqxZw== X-Received: by 2002:ac8:29e:: with SMTP id p30-v6mr1607423qtg.131.1531835489012; Tue, 17 Jul 2018 06:51:29 -0700 (PDT) Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161]) by smtp.gmail.com with ESMTPSA id f3-v6sm785548qtf.61.2018.07.17.06.51.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 06:51:28 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au Subject: [PATCH v3 1/9] powerpc/pkeys: Give all threads control of their key permissions Date: Tue, 17 Jul 2018 06:51:02 -0700 Message-Id: <1531835470-32691-2-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> References: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fweimer@redhat.com, Ulrich.Weigand@de.ibm.com, linuxram@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Currently in a multithreaded application, a key allocated by one thread is not usable by other threads. By "not usable" we mean that other threads are unable to change the access permissions for that key for themselves. When a new key is allocated in one thread, the corresponding UAMOR bits for that thread get enabled, however the UAMOR bits for that key for all other threads remain disabled. Other threads have no way to set permissions on the key, and the current default permissions are that read/write is enabled for all keys, which means the key has no effect for other threads. Although that may be the desired behaviour in some circumstances, having all threads able to control their permissions for the key is more flexible. The current behaviour also differs from the x86 behaviour, which is problematic for users. To fix this, enable the UAMOR bits for all keys, at process creation (in start_thread(), ie exec time). Since the contents of UAMOR are inherited at fork, all threads are capable of modifying the permissions on any key. This is technically an ABI break on powerpc, but pkey support is fairly new on powerpc and not widely used, and this brings us into line with x86. Fixes: cf43d3b26452 ("powerpc: Enable pkey subsystem") Cc: stable@vger.kernel.org # v4.16+ Tested-by: Florian Weimer Signed-off-by: Ram Pai [mpe: Reword some of the changelog] Signed-off-by: Michael Ellerman --- arch/powerpc/mm/pkeys.c | 44 ++++++++++++++++++++++++++------------------ 1 files changed, 26 insertions(+), 18 deletions(-) diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c index e6f500f..0facc0d 100644 --- a/arch/powerpc/mm/pkeys.c +++ b/arch/powerpc/mm/pkeys.c @@ -15,8 +15,9 @@ int pkeys_total; /* Total pkeys as per device tree */ bool pkeys_devtree_defined; /* pkey property exported by device tree */ u32 initial_allocation_mask; /* Bits set for reserved keys */ -u64 pkey_amr_uamor_mask; /* Bits in AMR/UMOR not to be touched */ +u64 pkey_amr_mask; /* Bits in AMR not to be touched */ u64 pkey_iamr_mask; /* Bits in AMR not to be touched */ +u64 pkey_uamor_mask; /* Bits in UMOR not to be touched */ #define AMR_BITS_PER_PKEY 2 #define AMR_RD_BIT 0x1UL @@ -119,20 +120,26 @@ int pkey_initialize(void) #else os_reserved = 0; #endif - initial_allocation_mask = ~0x0; - pkey_amr_uamor_mask = ~0x0ul; + initial_allocation_mask = (0x1 << 0) | (0x1 << 1); + + /* register mask is in BE format */ + pkey_amr_mask = ~0x0ul; pkey_iamr_mask = ~0x0ul; - /* - * key 0, 1 are reserved. - * key 0 is the default key, which allows read/write/execute. - * key 1 is recommended not to be used. PowerISA(3.0) page 1015, - * programming note. - */ - for (i = 2; i < (pkeys_total - os_reserved); i++) { - initial_allocation_mask &= ~(0x1 << i); - pkey_amr_uamor_mask &= ~(0x3ul << pkeyshift(i)); + + for (i = 0; i < (pkeys_total - os_reserved); i++) { + pkey_amr_mask &= ~(0x3ul << pkeyshift(i)); pkey_iamr_mask &= ~(0x1ul << pkeyshift(i)); } + + pkey_uamor_mask = ~0x0ul; + pkey_uamor_mask &= ~(0x3ul << pkeyshift(0)); + + /* mark the rest of the keys as reserved and hence unavailable */ + for (i = (pkeys_total - os_reserved); i < pkeys_total; i++) { + initial_allocation_mask |= (0x1 << i); + pkey_uamor_mask &= ~(0x3ul << pkeyshift(i)); + } + return 0; } @@ -289,9 +296,6 @@ void thread_pkey_regs_restore(struct thread_struct *new_thread, if (static_branch_likely(&pkey_disabled)) return; - /* - * TODO: Just set UAMOR to zero if @new_thread hasn't used any keys yet. - */ if (old_thread->amr != new_thread->amr) write_amr(new_thread->amr); if (old_thread->iamr != new_thread->iamr) @@ -305,9 +309,13 @@ void thread_pkey_regs_init(struct thread_struct *thread) if (static_branch_likely(&pkey_disabled)) return; - thread->amr = read_amr() & pkey_amr_uamor_mask; - thread->iamr = read_iamr() & pkey_iamr_mask; - thread->uamor = read_uamor() & pkey_amr_uamor_mask; + thread->amr = pkey_amr_mask; + thread->iamr = pkey_iamr_mask; + thread->uamor = pkey_uamor_mask; + + write_uamor(pkey_uamor_mask); + write_amr(pkey_amr_mask); + write_iamr(pkey_iamr_mask); } static inline bool pkey_allows_readwrite(int pkey) From patchwork Tue Jul 17 13:51:03 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 945111 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41VP1P0PQBz9rxs for ; Wed, 18 Jul 2018 01:13:29 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="klNd7eV5"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41VP1N5z1tzF3KJ for ; Wed, 18 Jul 2018 01:13:28 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="klNd7eV5"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c0d::243; helo=mail-qt0-x243.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="klNd7eV5"; dkim-atps=neutral Received: from mail-qt0-x243.google.com (mail-qt0-x243.google.com [IPv6:2607:f8b0:400d:c0d::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41VMBr3LFPzF3Hr for ; Tue, 17 Jul 2018 23:51:32 +1000 (AEST) Received: by mail-qt0-x243.google.com with SMTP id q12-v6so887806qtp.6 for ; Tue, 17 Jul 2018 06:51:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=nutFJyVrtXWOudLaWXF3Kuyw8rV0m0afoIg7RwQeFpo=; b=klNd7eV5zE5YE2LiAWerPvLT7qqx0X/8+ciTBOgeaAKwbS9QqtSECAx6iHLr42cHkk Rr1xLquUY6/bDykmW0dmc54uga+E9uObku6xYbHdS2OkF3SGhPmzC6RzSnlFg5JYMPWt 6/UtkVpndxwGFlv0kFjiSU7sXx2Ou1QlZGyO7+UA7Q4d9VoxNCgPIYlrNB3c7X6Yj7sK HR/yZgJBu0yffHnADlEbuoe2nOnVDEOrLi+7pyJ7uuWtHlQ9WMXTPPRQtcX4yb/FOMBl 3kKi2XCN6UiZawOzo+nESjfVBU3NWAzkYJa/VfZqCYbLr0MA+HlAuFECpgudEvn+R1DC Q0hQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=nutFJyVrtXWOudLaWXF3Kuyw8rV0m0afoIg7RwQeFpo=; b=qdS0yBohlA3zL9js5u/sPKr0hJkHCGzfYiFhtO2mLeT6CGFi3Cl9bsALx+OWf6aoRs dOLxWnPqTOafOai3c0eKJSjqLtfFAaC9vJDr8lOJzjxEcKt2CRHmFrKHGFPQmYIfcdD1 fdJJX8vhG06DCfTgmzM/3OJkdxP5DTE/YkmtyuasUJX4dXC6qZll+VuvK4xk/L3OO8sO GT83QMSEoqcwHhdG+KMvQBk0SaMN+RvDVezCct5FH8JbqTkr6HnldqmrV+YHsppCUEA9 4RIxTmZKwTFz7uuqskTX49uBE2SE2gw4Irj83KUcWIhnUuAn4DVrDdHj2JFMJbz618RR 7FuA== X-Gm-Message-State: AOUpUlHbHwh7kXYgE1VDL3pl0nLaLSOcftPyKVhF9h3JpsrTl48VPPBl xp1aovazTXz/IEjT+FbvTcI= X-Google-Smtp-Source: AAOMgpd5t1fFNiFsQNyF3wN4LW/YhDUT2aV2OE1VdiYgBLlXq2hVePqyBtjzTm5Q8HGOX8i26H3eGg== X-Received: by 2002:ac8:892:: with SMTP id v18-v6mr1631906qth.49.1531835490479; Tue, 17 Jul 2018 06:51:30 -0700 (PDT) Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161]) by smtp.gmail.com with ESMTPSA id f3-v6sm785548qtf.61.2018.07.17.06.51.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 06:51:30 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au Subject: [PATCH v3 2/9] powerpc/pkeys: Deny read/write/execute by default Date: Tue, 17 Jul 2018 06:51:03 -0700 Message-Id: <1531835470-32691-3-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> References: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fweimer@redhat.com, Ulrich.Weigand@de.ibm.com, linuxram@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Deny all permissions on all keys, with some exceptions. pkey-0 must allow all permissions, or else everything comes to a screaching halt. Execute-only key must allow execute permission. Signed-off-by: Ram Pai --- arch/powerpc/mm/pkeys.c | 8 +++----- 1 files changed, 3 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c index 0facc0d..7dc0024 100644 --- a/arch/powerpc/mm/pkeys.c +++ b/arch/powerpc/mm/pkeys.c @@ -124,12 +124,10 @@ int pkey_initialize(void) /* register mask is in BE format */ pkey_amr_mask = ~0x0ul; - pkey_iamr_mask = ~0x0ul; + pkey_amr_mask &= ~(0x3ul << pkeyshift(0)); - for (i = 0; i < (pkeys_total - os_reserved); i++) { - pkey_amr_mask &= ~(0x3ul << pkeyshift(i)); - pkey_iamr_mask &= ~(0x1ul << pkeyshift(i)); - } + pkey_iamr_mask = ~0x0ul; + pkey_iamr_mask &= ~(0x3ul << pkeyshift(0)); pkey_uamor_mask = ~0x0ul; pkey_uamor_mask &= ~(0x3ul << pkeyshift(0)); From patchwork Tue Jul 17 13:51:04 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 945115 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41VP4C35vdz9rxs for ; Wed, 18 Jul 2018 01:15:55 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="UI1cF9tk"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41VP4C1Mb6zF3Hl for ; Wed, 18 Jul 2018 01:15:55 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="UI1cF9tk"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c0d::242; helo=mail-qt0-x242.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="UI1cF9tk"; dkim-atps=neutral Received: from mail-qt0-x242.google.com (mail-qt0-x242.google.com [IPv6:2607:f8b0:400d:c0d::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41VMBt1c3TzF3Hd for ; Tue, 17 Jul 2018 23:51:34 +1000 (AEST) Received: by mail-qt0-x242.google.com with SMTP id a5-v6so897213qtp.2 for ; Tue, 17 Jul 2018 06:51:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=aOHafJeZ7KungNMSzlsTy0CWfI2O0TIBdC2jyrrYL/4=; b=UI1cF9tk0ZIX6RMdhQ9FGA8YbGuaN83nZLuHkKl8q2AtAssVnAlxZMKCwv5y8LWIF1 LGiT0hbr7uLzZ5K/nYj4t7k45WK9fAVahR4cpflaqNDegnkB25Mh5u/KZ7opZ7unZta2 M1kuQDga5l4hu/oxqOWoqcTd1FYiKqaKmHGlEXqFf2pqw/mFkWy8GB67xLK+j0Osjpoq dPwhUnupihLKKh/TGdqvwJrzLDuPDXiRZmEgXZkaKYXt2C3+cDZHG9EVoDbhT5EGktLZ 5+71mzS/ouqemnKGSdKyqJSKxp45f4iH5KfraTVTpXmWw44UxOWoQqynuw1i3qzapxfD cgEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=aOHafJeZ7KungNMSzlsTy0CWfI2O0TIBdC2jyrrYL/4=; b=Rbf9pXEiY8/EX94FFfbaPwN/eYR9CpRr1vSt93V6uEBT3nTg32IvaG5upiRpIlnNi4 TO80y2dPwXwDcAAJIn9LhNshJcKWUKh+RVya5wI/tyZkBWgdnmUncujql73j4niRDlW/ PW0Rw+9H3qjyRWzrTRblzqPMCcej/uWF0eJwpwnLn1q12f+tII3cHfXGRyAJ4QuWRBfA UzDxU6ke2uvtYts8bnuYXLKEh7/g4gqZUVx83SC3rtMWVcFcas2kDSoPeXJQbb6nOBYG drsH5dho2Ln2vGxBfKFwAME9ydMatlgg86pQQnRtRQ3mbhLwiisnxHegkZBLyaFvIh/B NmFg== X-Gm-Message-State: AOUpUlFEssXFCplAIcj+a/zp4C2SSZ5J8l1wP4S/OIZktjGDa6u/mvut EB0J8VmWzdjz+DjyTGvQmRc= X-Google-Smtp-Source: AAOMgpeXgOEYAQv86Mjhu5HunU4v151gBSqJT/InfxKiteFKZVW6uo0MaiJROy6xljw4JCkIUgH4/g== X-Received: by 2002:ac8:43da:: with SMTP id w26-v6mr1588097qtn.137.1531835492173; Tue, 17 Jul 2018 06:51:32 -0700 (PDT) Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161]) by smtp.gmail.com with ESMTPSA id f3-v6sm785548qtf.61.2018.07.17.06.51.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 06:51:31 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au Subject: [PATCH v3 3/9] powerpc/pkeys: key allocation/deallocation must not change pkey registers Date: Tue, 17 Jul 2018 06:51:04 -0700 Message-Id: <1531835470-32691-4-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> References: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fweimer@redhat.com, Ulrich.Weigand@de.ibm.com, linuxram@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Key allocation and deallocation has the side effect of programming the UAMOR/AMR/IAMR registers. This is wrong, since its the responsibility of the application and not that of the kernel, to modify the permission on the key. Do not modify the pkey registers at key allocation/deallocation. This patch also fixes a bug where a sys_pkey_free() resets the UAMOR bits of the key, thus making its permissions unmodifiable from user space. Later if the same key gets reallocated from a different thread this thread will no longer be able to change the permissions on the key. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Ram Pai --- arch/powerpc/include/asm/pkeys.h | 11 ----------- arch/powerpc/mm/pkeys.c | 27 --------------------------- 2 files changed, 0 insertions(+), 38 deletions(-) diff --git a/arch/powerpc/include/asm/pkeys.h b/arch/powerpc/include/asm/pkeys.h index 5ba80cf..3312606 100644 --- a/arch/powerpc/include/asm/pkeys.h +++ b/arch/powerpc/include/asm/pkeys.h @@ -94,8 +94,6 @@ static inline bool mm_pkey_is_allocated(struct mm_struct *mm, int pkey) __mm_pkey_is_allocated(mm, pkey)); } -extern void __arch_activate_pkey(int pkey); -extern void __arch_deactivate_pkey(int pkey); /* * Returns a positive, 5-bit key on success, or -1 on failure. * Relies on the mmap_sem to protect against concurrency in mm_pkey_alloc() and @@ -124,11 +122,6 @@ static inline int mm_pkey_alloc(struct mm_struct *mm) ret = ffz((u32)mm_pkey_allocation_map(mm)); __mm_pkey_allocated(mm, ret); - /* - * Enable the key in the hardware - */ - if (ret > 0) - __arch_activate_pkey(ret); return ret; } @@ -140,10 +133,6 @@ static inline int mm_pkey_free(struct mm_struct *mm, int pkey) if (!mm_pkey_is_allocated(mm, pkey)) return -EINVAL; - /* - * Disable the key in the hardware - */ - __arch_deactivate_pkey(pkey); __mm_pkey_free(mm, pkey); return 0; diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c index 7dc0024..cd0e623 100644 --- a/arch/powerpc/mm/pkeys.c +++ b/arch/powerpc/mm/pkeys.c @@ -218,33 +218,6 @@ static inline void init_iamr(int pkey, u8 init_bits) write_iamr(old_iamr | new_iamr_bits); } -static void pkey_status_change(int pkey, bool enable) -{ - u64 old_uamor; - - /* Reset the AMR and IAMR bits for this key */ - init_amr(pkey, 0x0); - init_iamr(pkey, 0x0); - - /* Enable/disable key */ - old_uamor = read_uamor(); - if (enable) - old_uamor |= (0x3ul << pkeyshift(pkey)); - else - old_uamor &= ~(0x3ul << pkeyshift(pkey)); - write_uamor(old_uamor); -} - -void __arch_activate_pkey(int pkey) -{ - pkey_status_change(pkey, true); -} - -void __arch_deactivate_pkey(int pkey) -{ - pkey_status_change(pkey, false); -} - /* * Set the access rights in AMR IAMR and UAMOR registers for @pkey to that * specified in @init_val. From patchwork Tue Jul 17 13:51:05 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 945117 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41VP7M5c2Nz9rxs for ; Wed, 18 Jul 2018 01:18:39 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="pISxFNkt"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41VP7M3z9bzF3Hc for ; Wed, 18 Jul 2018 01:18:39 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="pISxFNkt"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c0d::243; helo=mail-qt0-x243.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="pISxFNkt"; dkim-atps=neutral Received: from mail-qt0-x243.google.com (mail-qt0-x243.google.com [IPv6:2607:f8b0:400d:c0d::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41VMBv6SC4zF3Hb for ; Tue, 17 Jul 2018 23:51:35 +1000 (AEST) Received: by mail-qt0-x243.google.com with SMTP id h4-v6so888561qtj.7 for ; Tue, 17 Jul 2018 06:51:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=FkMxvyrZ3Wk/urSQCClJ4xF9bIp1dI0MO6IgXTn1OVU=; b=pISxFNktC8t6r4+8kXFU3dGgK2qtA3LhECQS5V0ZrFWhSFz3Bwfq83+wNjB8DO3Yqu QnoNtKyIdgGbchnybXDlHBBqNGnZcwg8IlI7iZu6E7ZEtfwN+LGkxQEkDqM1rDTkAtOt 94JNMhKRjW68qN2Wyv1jRSmlXfA0OKMp7CyhKC22SdXRhY3j3siM66yVhXskt6XcIPfT XmWlHu3I+wChLbWEIvLFRC5c1m0n1BDnvEehn6p8UX4dR44H0w6g35p3dnNy+PE3sIM6 /o8AaBFAzqFwn/qB+PNHS9pxFWogLKqgkdRQxYIRAn84LMA8QqKXGBgj3UYUJQXn3lnF ABaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=FkMxvyrZ3Wk/urSQCClJ4xF9bIp1dI0MO6IgXTn1OVU=; b=FMamoIOdPdoy1z1KEszE5chLga7HL3h70T+nkqjjrhb9PWBKe71JNhmG33acGI4Z3d b3qs3TjxIAZ676WIyY8EMTXraOTIhrfu/DZvaiEdWhMTpApOOQxOmCuZkLCGCA5FgSRA QbkBytNY2JhAovtDEfJgmQhW+XP05riMr6WfZ1eGCcfZrYtQrbmcpN205+Y9fRgHbs2R 5Ot34vksXd9Noz0e3XzfbuwNY64jFLdqUzCW6/fy/SDUmApE1uM0tZpwLd/Gl4XjbD7H gkjZqH5bxKWjOiZ3QBUP1vICpmvJ2ZV9fkoAY4R0OBJREZnWdVbjMYbpB5pE0LzmFhH+ ITJg== X-Gm-Message-State: AOUpUlFBGl7vUzWelnAssyr2KehkDJosp4lN0d6W0b40Ht61hDBYfq6z aOvel6ZXdvqU3qwF+oUEYvc= X-Google-Smtp-Source: AAOMgpeT1ApyrxCj6lFl/3J7M24CfAigtmxaYqpkKTrV601MJ7Tk0evF4iaGH1LRpfs1f4NZiaRlbQ== X-Received: by 2002:a0c:a281:: with SMTP id g1-v6mr1824249qva.60.1531835493922; Tue, 17 Jul 2018 06:51:33 -0700 (PDT) Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161]) by smtp.gmail.com with ESMTPSA id f3-v6sm785548qtf.61.2018.07.17.06.51.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 06:51:33 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au Subject: [PATCH v3 4/9] powerpc/pkeys: Save the pkey registers before fork Date: Tue, 17 Jul 2018 06:51:05 -0700 Message-Id: <1531835470-32691-5-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> References: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fweimer@redhat.com, Ulrich.Weigand@de.ibm.com, linuxram@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" When a thread forks the contents of AMR, IAMR, UAMOR registers in the newly forked thread are not inherited. Save the registers before forking, for content of those registers to be automatically copied into the new thread. Cc: Michael Ellerman Cc: Florian Weimer Cc: Andy Lutomirski Cc: Thiago Jung Bauermann Fixes: cf43d3b26452 ("powerpc: Enable pkey subsystem") Cc: stable@vger.kernel.org # v4.16+ Signed-off-by: Ram Pai --- arch/powerpc/kernel/process.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index 9ef4aea..991d097 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -583,6 +583,7 @@ static void save_all(struct task_struct *tsk) __giveup_spe(tsk); msr_check_and_clear(msr_all_available); + thread_pkey_regs_save(&tsk->thread); } void flush_all_to_thread(struct task_struct *tsk) From patchwork Tue Jul 17 13:51:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 945122 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41VPBf6Drbz9s3Z for ; Wed, 18 Jul 2018 01:21:30 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="D699jh8u"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41VPBf4JkXzF3Hy for ; Wed, 18 Jul 2018 01:21:30 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="D699jh8u"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c0d::244; helo=mail-qt0-x244.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="D699jh8u"; dkim-atps=neutral Received: from mail-qt0-x244.google.com (mail-qt0-x244.google.com [IPv6:2607:f8b0:400d:c0d::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41VMBx3JcrzF3Hd for ; Tue, 17 Jul 2018 23:51:37 +1000 (AEST) Received: by mail-qt0-x244.google.com with SMTP id f18-v6so884769qtp.10 for ; Tue, 17 Jul 2018 06:51:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=sYm7ICP3QHDBT0tqat2SqAHsZJ61+iSaoAfSqSyH8M4=; b=D699jh8u6n9Yo8RQbyWWJ9yTw+wtyyihEiLeojOgI5FuqHGvw/Z7aYoBwR6UCjIvhm 5/Qwf/2C7PqekkwhSWlRSDFxmLK1ZHPWA1xrqlBMhkohIhmVImCUmYYij5JXLCO/cE9q D7ZiGNcVh2TYL12WlmN6gchsV+z/r7YSdBjspQALdx95WyWprHdj+UqCMCA2TUveJPqR Wcsmq8Z6GiiUHWLb3FwJhJ81k12q/0sQF9E8UxC/0ipE79OdO3aMsdXHilTHwVYn1YYO /nn8lgA+6wfDCk6vRvFsGAHY0PKVNOVz9uwkGY5YLkAkXCrLcQqYwERniWod5rJn6hPz 2Mig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=sYm7ICP3QHDBT0tqat2SqAHsZJ61+iSaoAfSqSyH8M4=; b=pNSrvGQ2VDxaXSUaC3NSf8W4cdIqPMd5YuxMCK9guVGy6meAHqVS4LHWh62Do/LyHe N8zJP0n+6hkusr6pu/UTlaE6vau7eBGwF0zXNzgibIENoawkH/tTHjNqcgu6KICIDQiW DMb5H+I9Ihv6JjOqdpEJDRI3qf6HEhWGnMFEO3bJQKvRMCfXAU9u7y+2IVlcu3fj5E6U CMwfPd25ndUoW7JYdHLR91NKHkA0dZW/zsXyBDrP2ANe/gvQCy5Hr8zKFwCqdmuEPT0W jXXJRID9CF2/zNsWD6dsFLoDBQFPR5m32yXxMGSTZnthk9UrYD2ToD8PubGRvonIGSTE 5deQ== X-Gm-Message-State: AOUpUlEyA2IuGwInxCwAFJSrjtLUU+dqepBAQKIMGl2EeIc+/6pI5Cbn Cp03nGHE3yRORDBsEKUCyaA= X-Google-Smtp-Source: AAOMgpfQzGfKhw8QU1Y1p9rKUAbTLLxZXB0Ud56hRpOKeuL5SUwTqUqWD8dQ8WIlSY2ILfAvwQs/UQ== X-Received: by 2002:ac8:27bb:: with SMTP id w56-v6mr1535537qtw.165.1531835495634; Tue, 17 Jul 2018 06:51:35 -0700 (PDT) Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161]) by smtp.gmail.com with ESMTPSA id f3-v6sm785548qtf.61.2018.07.17.06.51.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 06:51:35 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au Subject: [PATCH v3 5/9] powerpc/pkeys: fix calculation of total pkeys. Date: Tue, 17 Jul 2018 06:51:06 -0700 Message-Id: <1531835470-32691-6-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> References: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fweimer@redhat.com, Ulrich.Weigand@de.ibm.com, linuxram@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Total number of pkeys calculation is off by 1. Fix it. Cc: Florian Weimer Cc: Michael Ellerman Cc: Thiago Jung Bauermann Fixes: 4fb158f65ac5 ("powerpc: track allocation status of all pkeys") Cc: stable@vger.kernel.org # v4.16+ Signed-off-by: Ram Pai --- arch/powerpc/mm/pkeys.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c index cd0e623..7db56d8 100644 --- a/arch/powerpc/mm/pkeys.c +++ b/arch/powerpc/mm/pkeys.c @@ -92,7 +92,7 @@ int pkey_initialize(void) * arch-neutral code. */ pkeys_total = min_t(int, pkeys_total, - (ARCH_VM_PKEY_FLAGS >> VM_PKEY_SHIFT)); + ((ARCH_VM_PKEY_FLAGS >> VM_PKEY_SHIFT)+1)); if (!pkey_mmu_enabled() || radix_enabled() || !pkeys_total) static_branch_enable(&pkey_disabled); From patchwork Tue Jul 17 13:51:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 945123 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41VPFX0FnTz9rxs for ; Wed, 18 Jul 2018 01:24:00 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="T+k8FrdC"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41VPFW5jw5zF3Hv for ; Wed, 18 Jul 2018 01:23:59 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="T+k8FrdC"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c0d::242; helo=mail-qt0-x242.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="T+k8FrdC"; dkim-atps=neutral Received: from mail-qt0-x242.google.com (mail-qt0-x242.google.com [IPv6:2607:f8b0:400d:c0d::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41VMBz0BprzF3HZ for ; Tue, 17 Jul 2018 23:51:39 +1000 (AEST) Received: by mail-qt0-x242.google.com with SMTP id b15-v6so883259qtp.11 for ; Tue, 17 Jul 2018 06:51:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=D0vH2HsKrRrIHXmmzvpLFdCXb2K6Aet9oBBGQ3cuup0=; b=T+k8FrdCCRTy86fhK1PqET4nqh6Rq08vNbExIQyRZHScGgERw+lMVjXVLKyeVVwJa3 pyuXEWiHU7KNoDB+n/ByqtW9X3gNwDWi70n37xs7N1k1kWqwz3v1MCu9y8RHCM8aiteg 49bYnJGB6yHl9OEPlMdDaoVl9SI5Ts5UhcqKWaj4NK04cFaqZwX4amIzRi14hLB7I+7b kmsrnlf6TPtVZmWoIPwOMDLLVholMuE0Ub6Yph61m+scnlt90MrT9piEeJngGkbGqO1M y2uMTvAZ1sNlsAvxgK4tAmvt9Niv1gGQ5ROdlNQbE0xrr4g7pVbSzhyrMnVT0Mf8QcXT oXEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=D0vH2HsKrRrIHXmmzvpLFdCXb2K6Aet9oBBGQ3cuup0=; b=NNKPu+p949QFSN6qGL0fg5x5YxWP5X6qGqgd0lLeOLR+PBg7c7CUPjkV+KfI08cP8m umIiKHWzjIqIC8Qph9dClhZ3yF64xmMKcMPZVK1Y1+5X/Iqc25to8Dnyhtym6awZiTHq Q/fLUjlJIKNKSL1NLO9BFSDRL51xJQ8vWZvbom+xCR1pTbr9uKlewutqOzg/gh0Q/32B JE0TZlZP0SUEAycNQ4LeQaZ+kv8ioBoCk4BhwdSf5tP7EyLGpkZcWJWRIes7PbSG5KDt 0zTdDuNlQVqn9uV2w+zr/2WRLA8wx52UccfE+SLQQyPJvIHiMHn9Cq8fSAZbCdXgfDyy SESw== X-Gm-Message-State: AOUpUlFoXGgy5VmHIjFEV4gGbBiBdJmPVEGriXWaE2Pr0EZh88GwUUw8 r8CbeB8tWhckl4PyXh/6hUkgBQ== X-Google-Smtp-Source: AAOMgpdxWlvL118vAJEh00crc1cGx9QJxG7KuBgWb/8NCSQNO33B+yB/0yPjX1MuU3uh7T2y1poubg== X-Received: by 2002:ac8:40d1:: with SMTP id f17-v6mr1561411qtm.96.1531835497145; Tue, 17 Jul 2018 06:51:37 -0700 (PDT) Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161]) by smtp.gmail.com with ESMTPSA id f3-v6sm785548qtf.61.2018.07.17.06.51.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 06:51:36 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au Subject: [PATCH v3 6/9] powerpc/pkeys: Preallocate execute-only key Date: Tue, 17 Jul 2018 06:51:07 -0700 Message-Id: <1531835470-32691-7-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> References: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fweimer@redhat.com, Ulrich.Weigand@de.ibm.com, linuxram@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" execute-only key is allocated dynamically. This is a problem. When a thread implicitly creates a execute-only key, and resets UAMOR for that key, the UAMOR value does not percolate to all the other threads. Any other thread may ignorantly change the permissions on the key. This can cause the key to be not execute-only for that thread. Preallocate the execute-only key and ensure that no thread can change the permission of the key, by resetting the corresponding bit in UAMOR. Cc: Andy Lutomirski Cc: Florian Weimer Cc: Thiago Jung Bauermann Cc: Michael Ellerman Fixes: 5586cf61e108 ("powerpc: introduce execute-only pkey") Cc: stable@vger.kernel.org # v4.16+ Signed-off-by: Ram Pai --- arch/powerpc/mm/pkeys.c | 63 +++++++++++++--------------------------------- 1 files changed, 18 insertions(+), 45 deletions(-) diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c index 7db56d8..5d39a10 100644 --- a/arch/powerpc/mm/pkeys.c +++ b/arch/powerpc/mm/pkeys.c @@ -18,6 +18,7 @@ u64 pkey_amr_mask; /* Bits in AMR not to be touched */ u64 pkey_iamr_mask; /* Bits in AMR not to be touched */ u64 pkey_uamor_mask; /* Bits in UMOR not to be touched */ +int execute_only_key = 2; #define AMR_BITS_PER_PKEY 2 #define AMR_RD_BIT 0x1UL @@ -120,7 +121,8 @@ int pkey_initialize(void) #else os_reserved = 0; #endif - initial_allocation_mask = (0x1 << 0) | (0x1 << 1); + initial_allocation_mask = (0x1 << 0) | (0x1 << 1) | + (0x1 << execute_only_key); /* register mask is in BE format */ pkey_amr_mask = ~0x0ul; @@ -128,9 +130,11 @@ int pkey_initialize(void) pkey_iamr_mask = ~0x0ul; pkey_iamr_mask &= ~(0x3ul << pkeyshift(0)); + pkey_iamr_mask &= ~(0x3ul << pkeyshift(execute_only_key)); pkey_uamor_mask = ~0x0ul; pkey_uamor_mask &= ~(0x3ul << pkeyshift(0)); + pkey_uamor_mask &= ~(0x3ul << pkeyshift(execute_only_key)); /* mark the rest of the keys as reserved and hence unavailable */ for (i = (pkeys_total - os_reserved); i < pkeys_total; i++) { @@ -138,6 +142,17 @@ int pkey_initialize(void) pkey_uamor_mask &= ~(0x3ul << pkeyshift(i)); } + if (unlikely((pkeys_total - os_reserved) <= execute_only_key)) { + /* + * Insufficient number of keys to support + * execute only key. Mark it unavailable. + * Any AMR, UAMOR, IAMR bit set for + * this key is irrelevant since this key + * can never be allocated. + */ + execute_only_key = -1; + } + return 0; } @@ -148,8 +163,7 @@ void pkey_mm_init(struct mm_struct *mm) if (static_branch_likely(&pkey_disabled)) return; mm_pkey_allocation_map(mm) = initial_allocation_mask; - /* -1 means unallocated or invalid */ - mm->context.execute_only_pkey = -1; + mm->context.execute_only_pkey = execute_only_key; } static inline u64 read_amr(void) @@ -301,48 +315,7 @@ static inline bool pkey_allows_readwrite(int pkey) int __execute_only_pkey(struct mm_struct *mm) { - bool need_to_set_mm_pkey = false; - int execute_only_pkey = mm->context.execute_only_pkey; - int ret; - - /* Do we need to assign a pkey for mm's execute-only maps? */ - if (execute_only_pkey == -1) { - /* Go allocate one to use, which might fail */ - execute_only_pkey = mm_pkey_alloc(mm); - if (execute_only_pkey < 0) - return -1; - need_to_set_mm_pkey = true; - } - - /* - * We do not want to go through the relatively costly dance to set AMR - * if we do not need to. Check it first and assume that if the - * execute-only pkey is readwrite-disabled than we do not have to set it - * ourselves. - */ - if (!need_to_set_mm_pkey && !pkey_allows_readwrite(execute_only_pkey)) - return execute_only_pkey; - - /* - * Set up AMR so that it denies access for everything other than - * execution. - */ - ret = __arch_set_user_pkey_access(current, execute_only_pkey, - PKEY_DISABLE_ACCESS | - PKEY_DISABLE_WRITE); - /* - * If the AMR-set operation failed somehow, just return 0 and - * effectively disable execute-only support. - */ - if (ret) { - mm_pkey_free(mm, execute_only_pkey); - return -1; - } - - /* We got one, store it and use it from here on out */ - if (need_to_set_mm_pkey) - mm->context.execute_only_pkey = execute_only_pkey; - return execute_only_pkey; + return mm->context.execute_only_pkey; } static inline bool vma_is_pkey_exec_only(struct vm_area_struct *vma) From patchwork Tue Jul 17 13:51:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 945132 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41VPJV0xNMz9rxs for ; Wed, 18 Jul 2018 01:26:34 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Zkzz6OQb"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41VPJT6WCpzF3Hh for ; Wed, 18 Jul 2018 01:26:33 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Zkzz6OQb"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c0d::243; helo=mail-qt0-x243.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Zkzz6OQb"; dkim-atps=neutral Received: from mail-qt0-x243.google.com (mail-qt0-x243.google.com [IPv6:2607:f8b0:400d:c0d::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41VMC04j5MzF3Hb for ; Tue, 17 Jul 2018 23:51:40 +1000 (AEST) Received: by mail-qt0-x243.google.com with SMTP id e19-v6so886990qtp.8 for ; Tue, 17 Jul 2018 06:51:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Qzf8QVzzzPojCLMYKXT7ddfQF13emk+er7rPSu0JKtQ=; b=Zkzz6OQb3yy4hHlOxkkjnghd3/C3GTjwk9wIgH+DUc4/4NY6BzArbIL5gx27Y5uuQJ /EcdEnP+4Snny0/5yG3OhAYXo5syy4OAl7OQI0wm/DOEivja3dn0y4vvIwln51ADMnok FQRuU1krrYmMIjWccXipu2lqvKT6q/WvXAPsJdkLv/A8QoDPRG3v3VEGpedad78PNgI6 viEi/Vh/g8FjfzpeI2zdFaCV7+vaLqLMDPP7jra+RLh4gOPg2naHyspWmWrg0TzXIBuo 5xFV3MudU24zYTolExoyYT2JrP5/hDgIld9rQ10NmxyDzyn1zaoOhYNle0Qyqc/8aId3 YbgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=Qzf8QVzzzPojCLMYKXT7ddfQF13emk+er7rPSu0JKtQ=; b=FqrxSahuGaSbp2aJFwg51BWdp/iMGbrY5j15Hm8nfWL2YPw01XfLxFR9EL9LAJZcQX xvhkV425svknK5HgsQiaPx7hPO+uDcaG8b8xWIufSHsqfvwKk8uqy/GIBRY22pAD1KP3 nQP7nkfStsKzZ2SnacGwPgsdByKNHiInz4pj6jpZvKJWrMGiCG/awnSHX3ZwvTl6mBXA jQb+XoMMc/zG3K4d6j/F9Y6jwPfFTxazCQJKS1KTSElr0+Rs9ZEzP9Gq1y/NXhhoYlM0 zcuq85Y7X6tvHculeGtJmfrH1lRGJlGJ409ytcWw9qno7tR+K1iFCmG+z3OWm9DNx7fG MnUA== X-Gm-Message-State: AOUpUlHD/DXTQNVc7xHaZJk39SVfK+aifduXL+XjdS43d1iaBp9xITpm rIP+KqlN6SXAp7SadQ55Yr8= X-Google-Smtp-Source: AAOMgpdgHRJ1pmTgv30cMKs3br2TIKYaNTMEdWD2mzKmD/ZP/nuE+V1ZVG2QXoFXd0ux31h5FHTmcw== X-Received: by 2002:ac8:24b9:: with SMTP id s54-v6mr1649161qts.18.1531835498763; Tue, 17 Jul 2018 06:51:38 -0700 (PDT) Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161]) by smtp.gmail.com with ESMTPSA id f3-v6sm785548qtf.61.2018.07.17.06.51.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 06:51:38 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au Subject: [PATCH v3 7/9] powerpc/pkeys: make protection key 0 less special Date: Tue, 17 Jul 2018 06:51:08 -0700 Message-Id: <1531835470-32691-8-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> References: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> MIME-Version: 1.0 X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fweimer@redhat.com, Ulrich.Weigand@de.ibm.com, linuxram@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Applications need the ability to associate an address-range with some key and latter revert to its initial default key. Pkey-0 comes close to providing this function but falls short, because the current implementation disallows applications to explicitly associate pkey-0 to the address range. Lets make pkey-0 less special and treat it almost like any other key. Thus it can be explicitly associated with any address range, and can be freed. This gives the application more flexibility and power. The ability to free pkey-0 must be used responsibily, since pkey-0 is associated with almost all address-range by default. Even with this change pkey-0 continues to be slightly more special from the following point of view. (a) it is implicitly allocated. (b) it is the default key assigned to any address-range. (c) its permissions cannot be modified by userspace. NOTE: (c) is specific to powerpc only. pkey-0 is associated by default with all pages including kernel pages, and pkeys are also active in kernel mode. If any permission is denied on pkey-0, the kernel running in the context of the application will be unable to operate. Tested on powerpc. cc: Thomas Gleixner cc: Dave Hansen cc: Michael Ellermen cc: Ingo Molnar cc: Andrew Morton cc: Thiago Jung Bauermann cc: Michal Suchè°©nek ----------------------------------------------------------------------- History: v4: . introduced PKEY_0 macro. No bug fixes. Code re-arrangement to save a few cycles. v3: . Corrected a comment in arch_set_user_pkey_access(). . Clarified the header, to capture the notion that pkey-0 permissions cannot be modified by userspace on powerpc. -- comment from Thiago v2: . mm_pkey_is_allocated() continued to treat pkey-0 special. fixed it. --- arch/powerpc/include/asm/pkeys.h | 29 +++++++++++++++++++++++------ arch/powerpc/mm/pkeys.c | 19 +++++++++---------- 2 files changed, 32 insertions(+), 16 deletions(-) diff --git a/arch/powerpc/include/asm/pkeys.h b/arch/powerpc/include/asm/pkeys.h index 3312606..92a9962 100644 --- a/arch/powerpc/include/asm/pkeys.h +++ b/arch/powerpc/include/asm/pkeys.h @@ -13,7 +13,10 @@ DECLARE_STATIC_KEY_TRUE(pkey_disabled); extern int pkeys_total; /* total pkeys as per device tree */ -extern u32 initial_allocation_mask; /* bits set for reserved keys */ +extern u32 initial_allocation_mask; /* bits set for the initially allocated keys */ +extern u32 reserved_allocation_mask; /* bits set for reserved keys */ + +#define PKEY_0 0 #define ARCH_VM_PKEY_FLAGS (VM_PKEY_BIT0 | VM_PKEY_BIT1 | VM_PKEY_BIT2 | \ VM_PKEY_BIT3 | VM_PKEY_BIT4) @@ -83,15 +86,19 @@ static inline u16 pte_to_pkey_bits(u64 pteflags) #define __mm_pkey_is_allocated(mm, pkey) \ (mm_pkey_allocation_map(mm) & pkey_alloc_mask(pkey)) -#define __mm_pkey_is_reserved(pkey) (initial_allocation_mask & \ +#define __mm_pkey_is_reserved(pkey) (reserved_allocation_mask & \ pkey_alloc_mask(pkey)) static inline bool mm_pkey_is_allocated(struct mm_struct *mm, int pkey) { - /* A reserved key is never considered as 'explicitly allocated' */ - return ((pkey < arch_max_pkey()) && - !__mm_pkey_is_reserved(pkey) && - __mm_pkey_is_allocated(mm, pkey)); + if (pkey < 0 || pkey >= arch_max_pkey()) + return false; + + /* Reserved keys are never allocated. */ + if (__mm_pkey_is_reserved(pkey)) + return false; + + return __mm_pkey_is_allocated(mm, pkey); } /* @@ -176,6 +183,16 @@ static inline int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, { if (static_branch_likely(&pkey_disabled)) return -EINVAL; + + /* + * userspace should not change pkey-0 permissions. + * pkey-0 is associated with every page in the kernel. + * If userspace denies any permission on pkey-0, the + * kernel cannot operate. + */ + if (pkey == PKEY_0) + return init_val ? -EINVAL : 0; + return __arch_set_user_pkey_access(tsk, pkey, init_val); } diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c index 5d39a10..4860acd 100644 --- a/arch/powerpc/mm/pkeys.c +++ b/arch/powerpc/mm/pkeys.c @@ -14,7 +14,8 @@ bool pkey_execute_disable_supported; int pkeys_total; /* Total pkeys as per device tree */ bool pkeys_devtree_defined; /* pkey property exported by device tree */ -u32 initial_allocation_mask; /* Bits set for reserved keys */ +u32 initial_allocation_mask; /* Bits set for the initially allocated keys */ +u32 reserved_allocation_mask; /* Bits set for reserved keys */ u64 pkey_amr_mask; /* Bits in AMR not to be touched */ u64 pkey_iamr_mask; /* Bits in AMR not to be touched */ u64 pkey_uamor_mask; /* Bits in UMOR not to be touched */ @@ -121,26 +122,27 @@ int pkey_initialize(void) #else os_reserved = 0; #endif - initial_allocation_mask = (0x1 << 0) | (0x1 << 1) | - (0x1 << execute_only_key); + /* Bits are in LE format. */ + reserved_allocation_mask = (0x1 << 1) | (0x1 << execute_only_key); /* register mask is in BE format */ pkey_amr_mask = ~0x0ul; - pkey_amr_mask &= ~(0x3ul << pkeyshift(0)); + pkey_amr_mask &= ~(0x3ul << pkeyshift(PKEY_0)); pkey_iamr_mask = ~0x0ul; - pkey_iamr_mask &= ~(0x3ul << pkeyshift(0)); + pkey_iamr_mask &= ~(0x3ul << pkeyshift(PKEY_0)); pkey_iamr_mask &= ~(0x3ul << pkeyshift(execute_only_key)); pkey_uamor_mask = ~0x0ul; - pkey_uamor_mask &= ~(0x3ul << pkeyshift(0)); + pkey_uamor_mask &= ~(0x3ul << pkeyshift(PKEY_0)); pkey_uamor_mask &= ~(0x3ul << pkeyshift(execute_only_key)); /* mark the rest of the keys as reserved and hence unavailable */ for (i = (pkeys_total - os_reserved); i < pkeys_total; i++) { - initial_allocation_mask |= (0x1 << i); + reserved_allocation_mask |= (0x1 << i); pkey_uamor_mask &= ~(0x3ul << pkeyshift(i)); } + initial_allocation_mask = reserved_allocation_mask | (0x1 << PKEY_0); if (unlikely((pkeys_total - os_reserved) <= execute_only_key)) { /* @@ -359,9 +361,6 @@ static bool pkey_access_permitted(int pkey, bool write, bool execute) int pkey_shift; u64 amr; - if (!pkey) - return true; - if (!is_pkey_enabled(pkey)) return true; From patchwork Tue Jul 17 13:51:09 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 945141 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41VPMK4WcPz9rxs for ; Wed, 18 Jul 2018 01:29:01 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="B8l0M05C"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41VPMK2zhkzF3Hd for ; Wed, 18 Jul 2018 01:29:01 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="B8l0M05C"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c09::242; helo=mail-qk0-x242.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="B8l0M05C"; dkim-atps=neutral Received: from mail-qk0-x242.google.com (mail-qk0-x242.google.com [IPv6:2607:f8b0:400d:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41VMC24M3SzF3Hk for ; Tue, 17 Jul 2018 23:51:42 +1000 (AEST) Received: by mail-qk0-x242.google.com with SMTP id c192-v6so513023qkg.12 for ; Tue, 17 Jul 2018 06:51:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=e30MGFcq0Q8Q3AwztottiGHIIuwRvzcu/aUpAfvNExM=; b=B8l0M05CXUfLi4cH9+ZLpEhIIGtqUcKy68XGV5izekvMnYa6X0L4eOn5l9j54uPSLh u9c+eWEgOVPGjHJ254VvC6tAs7dAn1xm5nkO9QJr1ZOz/l98wZtJ63+5gz5tyTyOHrx0 SijLYoPk5H9At7YjJ0aEk5C5bko8HZAPJz0Q/dBzD7/Tze7bseyMddmMSa+f415kO1zH dMtZkniAXDIabmLk51Z7uTJqQhNTMq1NpgkI89n1RGp1tCm07txVTxNlbEGclHuSAtkQ y1g2ZGED7jXvG51bQi2Hp2oVHNBqU2uUr9UKcUqf7VGnc4h/YeJfMVCQNomETHmpS3n2 PvLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=e30MGFcq0Q8Q3AwztottiGHIIuwRvzcu/aUpAfvNExM=; b=oOj1iiAy6W/bjwSP9jmAUNZpjbIYFFpBvMxxqiRvXxpEKyiniZWSVJp5XWGji/DuB1 foKMZE4T8kdx5XGyWcqxN7BjpsYLAWzNJDtWm0qBXSjWtMMJnc2YZtTZ4RIr4wVpyrd1 0aThSmnRRMVLVoMpjAEOT6bSe4ccdTY2Ub0BIpWskMIl5JG9szPMNkpGB6KVJobHLyQd 7+nvNOABsS7EP90dbvr1kCPYpE8Q3P+MICzP0ArMTH64MaIaGtaETetsOJf0yWHHx/mg AAhFn1FvJ4xqR5r+V6rQiQMI8+44CzmlX5eM4PVDY0Iz46F4z0P0bnuPbOuLJ4v4i+jl mDQw== X-Gm-Message-State: AOUpUlEuzCsCWWXBEf0GMbf8FF1jDkbU7F3odygpMraEdmqlNpgU5Hp6 kQQk49YD6PfnusPLO/NokcM= X-Google-Smtp-Source: AAOMgpdjgSPujpoaTFFampZjB+/hGSAmCU9qFu87mJZGSaTs0wbuMP1p+/BthQ4lcXWC8CbNp5NIPA== X-Received: by 2002:a37:e216:: with SMTP id g22-v6mr1467687qki.61.1531835500623; Tue, 17 Jul 2018 06:51:40 -0700 (PDT) Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161]) by smtp.gmail.com with ESMTPSA id f3-v6sm785548qtf.61.2018.07.17.06.51.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 06:51:40 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au Subject: [PATCH v3 8/9] powerpc/core-pkeys: execute-permission on keys are disabled by default Date: Tue, 17 Jul 2018 06:51:09 -0700 Message-Id: <1531835470-32691-9-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> References: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fweimer@redhat.com, Ulrich.Weigand@de.ibm.com, linuxram@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" Only when the key is allocated, its permission are enabled. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Ram Pai --- tools/testing/selftests/powerpc/ptrace/core-pkey.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/tools/testing/selftests/powerpc/ptrace/core-pkey.c b/tools/testing/selftests/powerpc/ptrace/core-pkey.c index 36bc312..b353d86 100644 --- a/tools/testing/selftests/powerpc/ptrace/core-pkey.c +++ b/tools/testing/selftests/powerpc/ptrace/core-pkey.c @@ -140,6 +140,10 @@ static int child(struct shared_info *info) if (disable_execute) info->iamr |= 1ul << pkeyshift(pkey1); + else + info->iamr &= ~(1ul << pkeyshift(pkey1)); + info->iamr &= ~(1ul << pkeyshift(pkey2) | 1ul << pkeyshift(pkey3)); + info->uamor |= 3ul << pkeyshift(pkey1) | 3ul << pkeyshift(pkey2); From patchwork Tue Jul 17 13:51:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 945152 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41VPQy16KLz9rxs for ; Wed, 18 Jul 2018 01:32:10 +1000 (AEST) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hUm005+u"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 41VPQx6ZD7zF3Ht for ; Wed, 18 Jul 2018 01:32:09 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hUm005+u"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c09::243; helo=mail-qk0-x243.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=us.ibm.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hUm005+u"; dkim-atps=neutral Received: from mail-qk0-x243.google.com (mail-qk0-x243.google.com [IPv6:2607:f8b0:400d:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 41VMC41G5hzF3HZ for ; Tue, 17 Jul 2018 23:51:44 +1000 (AEST) Received: by mail-qk0-x243.google.com with SMTP id c192-v6so513078qkg.12 for ; Tue, 17 Jul 2018 06:51:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=sHniWyvMagBicqWVw+wHOQyg5cnH2dniUPS7KjDYeDc=; b=hUm005+uwEcFAc/99MW0ETV62l4TbzfwRewLxgGBQJL4ALp/IfwkGHXH6G8ZExrNa0 TFws47MxSP4Un+Jz8QQG84j+JvQd0IGxiH9U1BDjuUWUDZ6c/H+APh6YjbUn1CKLm+S/ Kml74hZf0+/wedjrEksNQVnnH7DcOsk1qmDs8fY7nIRAJAIlDoNybsJR4x4jHIF4t3Mu XSIA6cr38g6uMPsr/U9dKWl2DO/ftIrQpFU650hzrCfKPZIkU/f24R+lHgKwiECaUIDV n9Vos9t3sYPVvuGs9Wa6ZhPg7/kwN5wwHw0VIw7XmMRdvXroHH/cqzs6O50vQmCc2nuL vpiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=sHniWyvMagBicqWVw+wHOQyg5cnH2dniUPS7KjDYeDc=; b=EVCPYLFYusENshxozZGeTEfYgu/zhMPpRI5Lv40WjrpLikAlMzv5KEhOAMJX+fzKEt X27lDHOEl/b1A4kS36L8Uwp7RVvV05xE9aYQixub9nCBMtwtCRc5+5bEdHHKlP0cYU4f WVXXKJZc1BTUJj7k3VIu2pFwmYjSifztX71uMKOspDZE8gkHJzg7/NDIaF9tnqX6tZBt BYiALf/1Wmqz6yzsd5e4vkWONRNyWOrTznn17tZshjBCc8a8CW6UQq/4d7MTNIR4K094 hjfZoaZ8XDACotTlwKZRDk6ZpZtGKBirG83uKuisUoGzi8Wh3rRRkEis1zOdNn1FXR2/ qdnQ== X-Gm-Message-State: AOUpUlFauQKxEf47wfYx37dHPvRW5A62xGhtNd+/pSvC5tJsMe/SLpPU UHTsyZA83cPDr6SflltVxBs= X-Google-Smtp-Source: AAOMgpfRMcmMK5bH15r8Qu6l3S9I6j87/EvzbyPaqttz3PAVN7N19sWB/40tiYFSDpv030XUgD648Q== X-Received: by 2002:a37:660f:: with SMTP id a15-v6mr1405241qkc.423.1531835502325; Tue, 17 Jul 2018 06:51:42 -0700 (PDT) Received: from localhost.localdomain (50-39-100-161.bvtn.or.frontiernet.net. [50.39.100.161]) by smtp.gmail.com with ESMTPSA id f3-v6sm785548qtf.61.2018.07.17.06.51.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Jul 2018 06:51:41 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au Subject: [PATCH v3 9/9] powerpc/ptrace-pkeys: execute-permission on keys are disabled by default Date: Tue, 17 Jul 2018 06:51:10 -0700 Message-Id: <1531835470-32691-10-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> References: <1531835470-32691-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: fweimer@redhat.com, Ulrich.Weigand@de.ibm.com, linuxram@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, msuchanek@suse.de, linuxppc-dev@lists.ozlabs.org Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" The test case assumes execute-permissions of unallocated keys are enabled by default. Reviewed-by: Thiago Jung Bauermann Signed-off-by: Ram Pai --- .../testing/selftests/powerpc/ptrace/ptrace-pkey.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c b/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c index 5cf631f..559c6cb 100644 --- a/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c +++ b/tools/testing/selftests/powerpc/ptrace/ptrace-pkey.c @@ -104,6 +104,11 @@ static int child(struct shared_info *info) if (disable_execute) info->expected_iamr |= 1ul << pkeyshift(pkey1); + else + info->expected_iamr &= ~(1ul << pkeyshift(pkey1)); + info->expected_iamr &= ~(1ul << pkeyshift(pkey2) | 1ul << pkeyshift(pkey3)); + + info->expected_uamor |= 3ul << pkeyshift(pkey1) | 3ul << pkeyshift(pkey2);