lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <a6dbd5284d8700d591614481fda242a25ca5a3b5.camel@russell.cc>
Date:   Tue, 11 Dec 2018 16:25:07 +1100
From:   Russell Currey <ruscur@...sell.cc>
To:     Christophe Leroy <christophe.leroy@....fr>,
        Benjamin Herrenschmidt <benh@...nel.crashing.org>,
        Paul Mackerras <paulus@...ba.org>,
        Michael Ellerman <mpe@...erman.id.au>
Cc:     linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org
Subject: Re: [RFC PATCH v2 11/11] powerpc/book3s32: Implement Kernel
 Userspace Access Protection

On Wed, 2018-11-28 at 09:27 +0000, Christophe Leroy wrote:
> This patch implements Kernel Userspace Access Protection for
> book3s/32.
> 
> Due to limitations of the processor page protection capabilities,
> the protection is only against writing. read protection cannot be
> achieved using page protection.
> 
> In order to provide the protection, Ku and Ks keys are modified in
> Userspace Segment registers, and different PP bits are used to:
> 
> PP01 provides RW for Key 0 and RO for Key 1
> PP10 provides RW for all
> PP11 provides RO for all
> 
> Today PP10 is used for RW pages and PP11 for RO pages. This patch
> modifies page protection to PP01 for RW pages.
> 
> Then segment registers are set to Ku 0 and Ks 1. When kernel needs
> to write to RW pages, the associated segment register is changed to
> Ks 0 in order to allow write access to the kernel.
> 
> In order to avoid having the read all segment registers when
> locking/unlocking the access, some data is kept in the thread_struct
> and saved on stack on exceptions. The field identifies both the
> first unlocked segment and the first segment following the last
> unlocked one. When no segment is unlocked, it contains value 0.
> 
> Signed-off-by: Christophe Leroy <christophe.leroy@....fr>

Hey Christophe, I tried to test this and got a machine check after the
kernel starts init.

Vector: 700 (Program Check) at [ef0b5e70]
    pc: 00000ca4
    lr: b7e1a030
    sp: ef0b5f30
   msr: 81002
  current = 0xef0b8000
    pid   = 1, comm = init

Testing with mac99 model in qemu.

- Russell

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ