| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20170721164230.GK5487@ram.oc3035372033.ibm.com>
Date: Fri, 21 Jul 2017 09:42:30 -0700
From: Ram Pai <linuxram@...ibm.com>
To: "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>
Cc: linuxppc-dev@...ts.ozlabs.org, linux-kernel@...r.kernel.org,
linux-arch@...r.kernel.org, linux-mm@...ck.org, x86@...nel.org,
linux-doc@...r.kernel.org, linux-kselftest@...r.kernel.org,
benh@...nel.crashing.org, paulus@...ba.org, mpe@...erman.id.au,
khandual@...ux.vnet.ibm.com, bsingharora@...il.com,
dave.hansen@...el.com, hbabu@...ibm.com, arnd@...db.de,
akpm@...ux-foundation.org, corbet@....net, mingo@...hat.com,
mhocko@...nel.org
Subject: Re: [RFC v6 27/62] powerpc: helper to validate key-access
permissions of a pte
On Fri, Jul 21, 2017 at 12:21:50PM +0530, Aneesh Kumar K.V wrote:
> Ram Pai <linuxram@...ibm.com> writes:
>
> > On Thu, Jul 20, 2017 at 12:12:47PM +0530, Aneesh Kumar K.V wrote:
> >> Ram Pai <linuxram@...ibm.com> writes:
> >>
> >> > helper function that checks if the read/write/execute is allowed
> >> > on the pte.
> >> >
> >> > Signed-off-by: Ram Pai <linuxram@...ibm.com>
> >> > ---
> >> > arch/powerpc/include/asm/book3s/64/pgtable.h | 4 +++
> >> > arch/powerpc/include/asm/pkeys.h | 12 +++++++++
> >> > arch/powerpc/mm/pkeys.c | 33 ++++++++++++++++++++++++++
> >> > 3 files changed, 49 insertions(+), 0 deletions(-)
> >> >
> >> > diff --git a/arch/powerpc/include/asm/book3s/64/pgtable.h b/arch/powerpc/include/asm/book3s/64/pgtable.h
> >> > index 30d7f55..0056e58 100644
> >> > --- a/arch/powerpc/include/asm/book3s/64/pgtable.h
> >> > +++ b/arch/powerpc/include/asm/book3s/64/pgtable.h
> >> > @@ -472,6 +472,10 @@ static inline void write_uamor(u64 value)
> >> > mtspr(SPRN_UAMOR, value);
> >> > }
> >> >
> >> > +#ifdef CONFIG_PPC64_MEMORY_PROTECTION_KEYS
> >> > +extern bool arch_pte_access_permitted(u64 pte, bool write, bool execute);
> >> > +#endif /* CONFIG_PPC64_MEMORY_PROTECTION_KEYS */
> >> > +
> >> > #define __HAVE_ARCH_PTEP_GET_AND_CLEAR
> >> > static inline pte_t ptep_get_and_clear(struct mm_struct *mm,
> >> > unsigned long addr, pte_t *ptep)
> >> > diff --git a/arch/powerpc/include/asm/pkeys.h b/arch/powerpc/include/asm/pkeys.h
> >> > index bbb5d85..7a9aade 100644
> >> > --- a/arch/powerpc/include/asm/pkeys.h
> >> > +++ b/arch/powerpc/include/asm/pkeys.h
> >> > @@ -53,6 +53,18 @@ static inline u64 pte_to_hpte_pkey_bits(u64 pteflags)
> >> > ((pteflags & H_PAGE_PKEY_BIT4) ? HPTE_R_KEY_BIT4 : 0x0UL));
> >> > }
> >> >
> >> > +static inline u16 pte_to_pkey_bits(u64 pteflags)
> >> > +{
> >> > + if (!pkey_inited)
> >> > + return 0x0UL;
> >>
> >> Do we really need that above check ? We should always find it
> >> peky_inited to be set.
> >
> > Yes. there are cases where pkey_inited is not enabled.
> > a) if the MMU is radix.
> That should be be a feature check
>
> > b) if the PAGE size is 4k.
>
> That is a kernel config change
>
> > c) if the device tree says the feature is not available
> > d) if the CPU is of a older generation. P6 and older.
>
> Both feature check.
>
> how about doing something like
>
> static inline u16 pte_to_pkey_bits(u64 pteflags)
> {
> if (!(pteflags & H_PAGE_KEY_MASK))
> return 0x0UL;
This check accomplishes the same thing as the return below.
When (pteflag & H_PAGE_KEY_MASK) is 0,
the code below returns the same 0x0UL.
>
> return (((pteflags & H_PAGE_PKEY_BIT0) ? 0x10 : 0x0UL) |
> ((pteflags & H_PAGE_PKEY_BIT1) ? 0x8 : 0x0UL) |
> ((pteflags & H_PAGE_PKEY_BIT2) ? 0x4 : 0x0UL) |
> ((pteflags & H_PAGE_PKEY_BIT3) ? 0x2 : 0x0UL) |
> ((pteflags & H_PAGE_PKEY_BIT4) ? 0x1 : 0x0UL));
> }
The idea behind
if (!pkey_inited)
return 0x0UL;
was to not interpret the ptebits if we knew they were not initialized
to begin with.
--
Ram Pai
Powered by blists - more mailing lists