'Re: [PATCH 1/4] powerpc: Track KUAP state in the PACA'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kernel-hardening
Subject:    Re: [PATCH 1/4] powerpc: Track KUAP state in the PACA
From:       Christophe Leroy <christophe.leroy () c-s ! fr>
Date:       2018-11-28 9:38:08
Message-ID: 48c49b69-0cef-d3dd-a883-c07fe5ef7be0 () c-s ! fr
[Download RAW message or body]

On 11/22/2018 02:04 PM, Russell Currey wrote:
> Necessary for subsequent patches that enable KUAP support for radix.
> Could plausibly be useful for other platforms too, if similar to the
> radix case, reading the register that manages these accesses is
> costly.
> 
> Has the unfortunate downside of another layer of abstraction for
> platforms that implement the locks and unlocks, but this could be
> useful in future for other things too, like counters for benchmarking
> or smartly handling lots of small accesses at once.
> 
> Signed-off-by: Russell Currey <ruscur@russell.cc>

Build failure.

[root@po14163vm linux-powerpc]# make mpc885_ads_defconfig
#
# configuration written to .config
#
[root@po14163vm linux-powerpc]# make
scripts/kconfig/conf  --syncconfig Kconfig
   UPD     include/config/kernel.release
   UPD     include/generated/utsrelease.h
   CC      kernel/bounds.s
   CC      arch/powerpc/kernel/asm-offsets.s
In file included from ./include/linux/uaccess.h:14:0,
                  from ./include/linux/compat.h:19,
                  from arch/powerpc/kernel/asm-offsets.c:16:
./arch/powerpc/include/asm/uaccess.h: In function ‘unlock_user_rd_access':
./arch/powerpc/include/asm/uaccess.h:70:2: error: implicit declaration 
of function ‘get_paca' [-Werror=implicit-function-declaration]
   get_paca()->user_access_allowed = 1;
   ^
./arch/powerpc/include/asm/uaccess.h:70:12: error: invalid type argument 
of ‘->' (have ‘int')
   get_paca()->user_access_allowed = 1;
             ^
./arch/powerpc/include/asm/uaccess.h: In function ‘lock_user_rd_access':
./arch/powerpc/include/asm/uaccess.h:75:12: error: invalid type argument 
of ‘->' (have ‘int')
   get_paca()->user_access_allowed = 0;
             ^
./arch/powerpc/include/asm/uaccess.h: In function ‘unlock_user_wr_access':
./arch/powerpc/include/asm/uaccess.h:80:12: error: invalid type argument 
of ‘->' (have ‘int')
   get_paca()->user_access_allowed = 1;
             ^
./arch/powerpc/include/asm/uaccess.h: In function ‘lock_user_wr_access':
./arch/powerpc/include/asm/uaccess.h:85:12: error: invalid type argument 
of ‘->' (have ‘int')
   get_paca()->user_access_allowed = 0;
             ^
cc1: some warnings being treated as errors
make[1]: *** [arch/powerpc/kernel/asm-offsets.s] Error 1
make: *** [prepare0] Error 2

Christophe

> ---
> this is all because I can't do PACA things from radix.h and I spent
> an hour figuring this out at midnight
> ---
> arch/powerpc/include/asm/nohash/32/pte-8xx.h |  8 +++----
> arch/powerpc/include/asm/paca.h              |  3 +++
> arch/powerpc/include/asm/uaccess.h           | 23 +++++++++++++++++++-
> arch/powerpc/kernel/asm-offsets.c            |  1 +
> 4 files changed, 30 insertions(+), 5 deletions(-)
> 
> diff --git a/arch/powerpc/include/asm/nohash/32/pte-8xx.h \
> b/arch/powerpc/include/asm/nohash/32/pte-8xx.h index f1ec7cf949d5..7bc0955a56e9 \
>                 100644
> --- a/arch/powerpc/include/asm/nohash/32/pte-8xx.h
> +++ b/arch/powerpc/include/asm/nohash/32/pte-8xx.h
> @@ -137,22 +137,22 @@ static inline pte_t pte_mkhuge(pte_t pte)
> #define pte_mkhuge pte_mkhuge
> 
> #ifdef CONFIG_PPC_KUAP
> -static inline void lock_user_wr_access(void)
> +static inline void __lock_user_wr_access(void)
> {
> 	mtspr(SPRN_MD_AP, MD_APG_KUAP);
> }
> 
> -static inline void unlock_user_wr_access(void)
> +static inline void __unlock_user_wr_access(void)
> {
> 	mtspr(SPRN_MD_AP, MD_APG_INIT);
> }
> 
> -static inline void lock_user_rd_access(void)
> +static inline void __lock_user_rd_access(void)
> {
> 	mtspr(SPRN_MD_AP, MD_APG_KUAP);
> }
> 
> -static inline void unlock_user_rd_access(void)
> +static inline void __unlock_user_rd_access(void)
> {
> 	mtspr(SPRN_MD_AP, MD_APG_INIT);
> }
> diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h
> index e843bc5d1a0f..56236f6d8c89 100644
> --- a/arch/powerpc/include/asm/paca.h
> +++ b/arch/powerpc/include/asm/paca.h
> @@ -169,6 +169,9 @@ struct paca_struct {
> 	u64 saved_r1;			/* r1 save for RTAS calls or PM or EE=0 */
> 	u64 saved_msr;			/* MSR saved here by enter_rtas */
> 	u16 trap_save;			/* Used when bad stack is encountered */
> +#ifdef CONFIG_PPC_KUAP
> +	u8 user_access_allowed;		/* can the kernel access user memory? */
> +#endif
> 	u8 irq_soft_mask;		/* mask for irq soft masking */
> 	u8 irq_happened;		/* irq happened while soft-disabled */
> 	u8 io_sync;			/* writel() needs spin_unlock sync */
> diff --git a/arch/powerpc/include/asm/uaccess.h \
> b/arch/powerpc/include/asm/uaccess.h index 2f3625cbfcee..76dae1095f7e 100644
> --- a/arch/powerpc/include/asm/uaccess.h
> +++ b/arch/powerpc/include/asm/uaccess.h
> @@ -63,7 +63,28 @@ static inline int __access_ok(unsigned long addr, unsigned long \
> size, 
> #endif
> 
> -#ifndef CONFIG_PPC_KUAP
> +#ifdef CONFIG_PPC_KUAP
> +static inline void unlock_user_rd_access(void)
> +{
> +	__unlock_user_rd_access();
> +	get_paca()->user_access_allowed = 1;
> +}
> +static inline void lock_user_rd_access(void)
> +{
> +	__lock_user_rd_access();
> +	get_paca()->user_access_allowed = 0;
> +}
> +static inline void unlock_user_wr_access(void)
> +{
> +	__unlock_user_wr_access();
> +	get_paca()->user_access_allowed = 1;
> +}
> +static inline void lock_user_wr_access(void)
> +{
> +	__lock_user_wr_access();
> +	get_paca()->user_access_allowed = 0;
> +}
> +#else
> static inline void unlock_user_rd_access(void) { }
> static inline void lock_user_rd_access(void) { }
> static inline void unlock_user_wr_access(void) { }
> diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c
> index da2f5d011ddb..899e9835b45f 100644
> --- a/arch/powerpc/kernel/asm-offsets.c
> +++ b/arch/powerpc/kernel/asm-offsets.c
> @@ -260,6 +260,7 @@ int main(void)
> 	OFFSET(ACCOUNT_STARTTIME_USER, paca_struct, accounting.starttime_user);
> 	OFFSET(ACCOUNT_USER_TIME, paca_struct, accounting.utime);
> 	OFFSET(ACCOUNT_SYSTEM_TIME, paca_struct, accounting.stime);
> +	OFFSET(PACA_USER_ACCESS_ALLOWED, paca_struct, user_access_allowed);
> 	OFFSET(PACA_TRAP_SAVE, paca_struct, trap_save);
> 	OFFSET(PACA_NAPSTATELOST, paca_struct, nap_state_lost);
> 	OFFSET(PACA_SPRG_VDSO, paca_struct, sprg_vdso);
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic