| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e1f310b4-2e23-0fa4-424d-271395824438@csgroup.eu>
Date: Mon, 29 Nov 2021 08:22:22 +0100
From: Christophe Leroy <christophe.leroy@...roup.eu>
To: Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Paul Mackerras <paulus@...ba.org>,
Michael Ellerman <mpe@...erman.id.au>
Cc: linux-kernel@...r.kernel.org, linuxppc-dev@...ts.ozlabs.org
Subject: Re: [PATCH v3 4/4] powerpc/inst: Optimise
copy_inst_from_kernel_nofault()
Le 27/11/2021 à 19:10, Christophe Leroy a écrit :
> copy_inst_from_kernel_nofault() uses copy_from_kernel_nofault() to
> copy one or two 32bits words. This means calling an out-of-line
> function which itself calls back copy_from_kernel_nofault_allowed()
> then performs a generic copy with loops.
>
> Rewrite copy_inst_from_kernel_nofault() to do everything at a
> single place and use __get_kernel_nofault() directly to perform
> single accesses without loops.
>
> Before the patch:
>
> 00000018 <copy_inst_from_kernel_nofault>:
> 18: 94 21 ff e0 stwu r1,-32(r1)
> 1c: 7c 08 02 a6 mflr r0
> 20: 38 a0 00 04 li r5,4
> 24: 93 e1 00 1c stw r31,28(r1)
> 28: 7c 7f 1b 78 mr r31,r3
> 2c: 38 61 00 08 addi r3,r1,8
> 30: 90 01 00 24 stw r0,36(r1)
> 34: 48 00 00 01 bl 34 <copy_inst_from_kernel_nofault+0x1c>
> 34: R_PPC_REL24 copy_from_kernel_nofault
> 38: 2c 03 00 00 cmpwi r3,0
> 3c: 40 82 00 0c bne 48 <copy_inst_from_kernel_nofault+0x30>
> 40: 81 21 00 08 lwz r9,8(r1)
> 44: 91 3f 00 00 stw r9,0(r31)
> 48: 80 01 00 24 lwz r0,36(r1)
> 4c: 83 e1 00 1c lwz r31,28(r1)
> 50: 38 21 00 20 addi r1,r1,32
> 54: 7c 08 03 a6 mtlr r0
> 58: 4e 80 00 20 blr
>
> After the patch:
>
> 00000018 <copy_inst_from_kernel_nofault>:
> 18: 3d 20 b0 00 lis r9,-20480
> 1c: 7c 04 48 40 cmplw r4,r9
> 20: 7c 69 1b 78 mr r9,r3
> 24: 41 80 00 2c blt 50 <copy_inst_from_kernel_nofault+0x38>
> 28: 81 42 04 d0 lwz r10,1232(r2)
> 2c: 39 4a 00 01 addi r10,r10,1
> 30: 91 42 04 d0 stw r10,1232(r2)
> 34: 80 e4 00 00 lwz r7,0(r4)
> 38: 81 42 04 d0 lwz r10,1232(r2)
> 3c: 38 60 00 00 li r3,0
> 40: 39 4a ff ff addi r10,r10,-1
> 44: 91 42 04 d0 stw r10,1232(r2)
> 48: 90 e9 00 00 stw r7,0(r9)
> 4c: 4e 80 00 20 blr
>
> 50: 38 60 ff de li r3,-34
> 54: 4e 80 00 20 blr
> 58: 81 22 04 d0 lwz r9,1232(r2)
> 5c: 38 60 ff f2 li r3,-14
> 60: 39 29 ff ff addi r9,r9,-1
> 64: 91 22 04 d0 stw r9,1232(r2)
> 68: 4e 80 00 20 blr
>
> Signed-off-by: Christophe Leroy <christophe.leroy@...roup.eu>
> ---
> v3: New
> ---
> arch/powerpc/mm/maccess.c | 18 ++++++++++++------
> 1 file changed, 12 insertions(+), 6 deletions(-)
>
> diff --git a/arch/powerpc/mm/maccess.c b/arch/powerpc/mm/maccess.c
> index 5abae96b2b46..90309806f5eb 100644
> --- a/arch/powerpc/mm/maccess.c
> +++ b/arch/powerpc/mm/maccess.c
> @@ -15,16 +15,22 @@ bool copy_from_kernel_nofault_allowed(const void *unsafe_src, size_t size)
> int copy_inst_from_kernel_nofault(ppc_inst_t *inst, u32 *src)
> {
> unsigned int val, suffix;
> - int err;
>
> - err = copy_from_kernel_nofault(&val, src, sizeof(val));
> - if (err)
> - return err;
> + if (unlikely(!is_kernel_addr((unsigned long)src)))
> + return -ERANGE;
> +
> + pagefault_disable();
Allthough generic version of copy_from_kernel_nofault() does it,
disabling pagefault is pointless here because we are accessing kernel
addresses only, so a page fault will always fail via bad_kernel_fault(),
it will never reach the faulthandler_disabled() test.
> + __get_kernel_nofault(&val, src, u32, Efault);
> if (IS_ENABLED(CONFIG_PPC64) && get_op(val) == OP_PREFIX) {
> - err = copy_from_kernel_nofault(&suffix, src + 1, sizeof(suffix));
> + __get_kernel_nofault(&suffix, src + 1, u32, Efault);
> + pagefault_enable();
> *inst = ppc_inst_prefix(val, suffix);
> } else {
> + pagefault_enable();
> *inst = ppc_inst(val);
> }
> - return err;
> + return 0;
> +Efault:
> + pagefault_enable();
> + return -EFAULT;
> }
>
Powered by blists - more mailing lists