| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 Jan 2020 18:14:41 +0000
From: Will Deacon <will@...nel.org>
To: Pavel Tatashin <pasha.tatashin@...een.com>
Cc: jmorris@...ei.org, sashal@...nel.org, linux-kernel@...r.kernel.org,
catalin.marinas@....com, steve.capper@....com,
linux-arm-kernel@...ts.infradead.org, maz@...nel.org,
james.morse@....com, vladimir.murzin@....com, mark.rutland@....com,
tglx@...utronix.de, gregkh@...uxfoundation.org,
allison@...utok.net, info@...ux.net, alexios.zavras@...el.com,
sstabellini@...nel.org, boris.ostrovsky@...cle.com,
jgross@...e.com, stefan@...er.ch, yamada.masahiro@...ionext.com,
xen-devel@...ts.xenproject.org, linux@...linux.org.uk,
andrew.cooper3@...rix.com, julien@....org
Subject: Re: [PATCH v5 3/6] arm64: remove uaccess_ttbr0 asm macros from cache
functions
On Thu, Jan 02, 2020 at 04:13:54PM -0500, Pavel Tatashin wrote:
> We currently duplicate the logic to enable/disable uaccess via TTBR0,
> with C functions and assembly macros. This is a maintenenace burden
> and is liable to lead to subtle bugs, so let's get rid of the assembly
> macros, and always use the C functions. This requires refactoring
> some assembly functions to have a C wrapper.
>
> Signed-off-by: Pavel Tatashin <pasha.tatashin@...een.com>
> ---
> arch/arm64/include/asm/asm-uaccess.h | 22 ----------------
> arch/arm64/include/asm/cacheflush.h | 39 +++++++++++++++++++++++++---
> arch/arm64/mm/cache.S | 36 ++++++++++---------------
> arch/arm64/mm/flush.c | 2 +-
> 4 files changed, 50 insertions(+), 49 deletions(-)
>
> diff --git a/arch/arm64/include/asm/asm-uaccess.h b/arch/arm64/include/asm/asm-uaccess.h
> index f68a0e64482a..fba2a69f7fef 100644
> --- a/arch/arm64/include/asm/asm-uaccess.h
> +++ b/arch/arm64/include/asm/asm-uaccess.h
> @@ -34,28 +34,6 @@
> msr ttbr0_el1, \tmp1 // set the non-PAN TTBR0_EL1
> isb
> .endm
> -
> - .macro uaccess_ttbr0_disable, tmp1, tmp2
> -alternative_if_not ARM64_HAS_PAN
> - save_and_disable_irq \tmp2 // avoid preemption
> - __uaccess_ttbr0_disable \tmp1
> - restore_irq \tmp2
> -alternative_else_nop_endif
> - .endm
> -
> - .macro uaccess_ttbr0_enable, tmp1, tmp2, tmp3
> -alternative_if_not ARM64_HAS_PAN
> - save_and_disable_irq \tmp3 // avoid preemption
> - __uaccess_ttbr0_enable \tmp1, \tmp2
> - restore_irq \tmp3
> -alternative_else_nop_endif
> - .endm
> -#else
> - .macro uaccess_ttbr0_disable, tmp1, tmp2
> - .endm
> -
> - .macro uaccess_ttbr0_enable, tmp1, tmp2, tmp3
> - .endm
> #endif
>
> #endif
> diff --git a/arch/arm64/include/asm/cacheflush.h b/arch/arm64/include/asm/cacheflush.h
> index 665c78e0665a..cb00c61e0bde 100644
> --- a/arch/arm64/include/asm/cacheflush.h
> +++ b/arch/arm64/include/asm/cacheflush.h
> @@ -61,16 +61,49 @@
> * - kaddr - page address
> * - size - region size
> */
> -extern void __flush_icache_range(unsigned long start, unsigned long end);
> -extern int invalidate_icache_range(unsigned long start, unsigned long end);
> +extern void __asm_flush_icache_range(unsigned long start, unsigned long end);
> +extern long __asm_flush_cache_user_range(unsigned long start,
> + unsigned long end);
> +extern int __asm_invalidate_icache_range(unsigned long start,
> + unsigned long end);
> extern void __flush_dcache_area(void *addr, size_t len);
> extern void __inval_dcache_area(void *addr, size_t len);
> extern void __clean_dcache_area_poc(void *addr, size_t len);
> extern void __clean_dcache_area_pop(void *addr, size_t len);
> extern void __clean_dcache_area_pou(void *addr, size_t len);
> -extern long __flush_cache_user_range(unsigned long start, unsigned long end);
> extern void sync_icache_aliases(void *kaddr, unsigned long len);
>
> +static inline long __flush_cache_user_range(unsigned long start,
> + unsigned long end)
> +{
> + int ret;
> +
> + uaccess_ttbr0_enable();
> + ret = __asm_flush_cache_user_range(start, end);
> + uaccess_ttbr0_disable();
> +
> + return ret;
> +}
> +
> +static inline void __flush_icache_range(unsigned long start, unsigned long end)
> +{
> + uaccess_ttbr0_enable();
> + __asm_flush_icache_range(start, end);
> + uaccess_ttbr0_disable();
> +}
Interesting... I don't think we should be enabling uaccess here: the
function has a void return type so we can't communicate failure back to the
caller if we fault, so my feeling is that this should only ever be called on
kernel addresses.
> +
> +static inline int invalidate_icache_range(unsigned long start,
> + unsigned long end)
> +{
> + int ret;
> +
> + uaccess_ttbr0_enable();
> + ret = __asm_invalidate_icache_range(start, end);
> + uaccess_ttbr0_disable();
> +
> + return ret;
> +}
Same here -- I don't think think this is ever called on user addresses.
Can we make the return type void and drop the uaccess toggle?
Will
Powered by blists - more mailing lists