From: Dave Hansen <dave@sr71.net>
To: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org, x86@kernel.org, Dave Hansen <dave@sr71.net>,
dave.hansen@linux.intel.com
Subject: [PATCH 12/34] signals, pkeys: notify userspace about protection key faults
Date: Thu, 03 Dec 2015 17:14:41 -0800 [thread overview]
Message-ID: <20151204011441.16B7D06C@viggo.jf.intel.com> (raw)
In-Reply-To: <20151204011424.8A36E365@viggo.jf.intel.com>
From: Dave Hansen <dave.hansen@linux.intel.com>
A protection key fault is very similar to any other access error.
There must be a VMA, etc... We even want to take the same action
(SIGSEGV) that we do with a normal access fault.
However, we do need to let userspace know that something is
different. We do this the same way what we did with SEGV_BNDERR
with Memory Protection eXtensions (MPX): define a new SEGV code:
SEGV_PKUERR.
We add a siginfo field: si_pkey that reveals to userspace which
protection key was set on the PTE that we faulted on. There is
no other easy way for userspace to figure this out. They could
parse smaps but that would be a bit cruel.
We share space with in siginfo with _addr_bnd. #BR faults from
MPX are completely separate from page faults (#PF) that trigger
from protection key violations, so we never need both at the same
time.
Note that _pkey is a 64-bit value. The current hardware only
supports 4-bit protection keys. We do this because there is
_plenty_ of space in _sigfault and it is possible that future
processors would support more than 4 bits of protection keys.
The x86 code to actually fill in the siginfo is in the next
patch.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
---
b/include/uapi/asm-generic/siginfo.h | 17 ++++++++++++-----
b/kernel/signal.c | 4 ++++
2 files changed, 16 insertions(+), 5 deletions(-)
diff -puN include/uapi/asm-generic/siginfo.h~pkeys-09-siginfo-core include/uapi/asm-generic/siginfo.h
--- a/include/uapi/asm-generic/siginfo.h~pkeys-09-siginfo-core 2015-12-03 16:21:23.412570898 -0800
+++ b/include/uapi/asm-generic/siginfo.h 2015-12-03 16:21:23.417571125 -0800
@@ -91,10 +91,15 @@ typedef struct siginfo {
int _trapno; /* TRAP # which caused the signal */
#endif
short _addr_lsb; /* LSB of the reported address */
- struct {
- void __user *_lower;
- void __user *_upper;
- } _addr_bnd;
+ union {
+ /* used when si_code=SEGV_BNDERR */
+ struct {
+ void __user *_lower;
+ void __user *_upper;
+ } _addr_bnd;
+ /* used when si_code=SEGV_PKUERR */
+ u64 _pkey;
+ };
} _sigfault;
/* SIGPOLL */
@@ -137,6 +142,7 @@ typedef struct siginfo {
#define si_addr_lsb _sifields._sigfault._addr_lsb
#define si_lower _sifields._sigfault._addr_bnd._lower
#define si_upper _sifields._sigfault._addr_bnd._upper
+#define si_pkey _sifields._sigfault._pkey
#define si_band _sifields._sigpoll._band
#define si_fd _sifields._sigpoll._fd
#ifdef __ARCH_SIGSYS
@@ -206,7 +212,8 @@ typedef struct siginfo {
#define SEGV_MAPERR (__SI_FAULT|1) /* address not mapped to object */
#define SEGV_ACCERR (__SI_FAULT|2) /* invalid permissions for mapped object */
#define SEGV_BNDERR (__SI_FAULT|3) /* failed address bound checks */
-#define NSIGSEGV 3
+#define SEGV_PKUERR (__SI_FAULT|4) /* failed protection key checks */
+#define NSIGSEGV 4
/*
* SIGBUS si_codes
diff -puN kernel/signal.c~pkeys-09-siginfo-core kernel/signal.c
--- a/kernel/signal.c~pkeys-09-siginfo-core 2015-12-03 16:21:23.414570989 -0800
+++ b/kernel/signal.c 2015-12-03 16:21:23.418571170 -0800
@@ -2709,6 +2709,10 @@ int copy_siginfo_to_user(siginfo_t __use
err |= __put_user(from->si_upper, &to->si_upper);
}
#endif
+#ifdef SEGV_PKUERR
+ if (from->si_signo == SIGSEGV && from->si_code == SEGV_PKUERR)
+ err |= __put_user(from->si_pkey, &to->si_pkey);
+#endif
break;
case __SI_CHLD:
err |= __put_user(from->si_pid, &to->si_pid);
_
WARNING: multiple messages have this Message-ID (diff)
From: Dave Hansen <dave@sr71.net>
To: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org, x86@kernel.org, Dave Hansen <dave@sr71.net>,
dave.hansen@linux.intel.com
Subject: [PATCH 12/34] signals, pkeys: notify userspace about protection key faults
Date: Thu, 03 Dec 2015 17:14:41 -0800 [thread overview]
Message-ID: <20151204011441.16B7D06C@viggo.jf.intel.com> (raw)
In-Reply-To: <20151204011424.8A36E365@viggo.jf.intel.com>
From: Dave Hansen <dave.hansen@linux.intel.com>
A protection key fault is very similar to any other access error.
There must be a VMA, etc... We even want to take the same action
(SIGSEGV) that we do with a normal access fault.
However, we do need to let userspace know that something is
different. We do this the same way what we did with SEGV_BNDERR
with Memory Protection eXtensions (MPX): define a new SEGV code:
SEGV_PKUERR.
We add a siginfo field: si_pkey that reveals to userspace which
protection key was set on the PTE that we faulted on. There is
no other easy way for userspace to figure this out. They could
parse smaps but that would be a bit cruel.
We share space with in siginfo with _addr_bnd. #BR faults from
MPX are completely separate from page faults (#PF) that trigger
from protection key violations, so we never need both at the same
time.
Note that _pkey is a 64-bit value. The current hardware only
supports 4-bit protection keys. We do this because there is
_plenty_ of space in _sigfault and it is possible that future
processors would support more than 4 bits of protection keys.
The x86 code to actually fill in the siginfo is in the next
patch.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
---
b/include/uapi/asm-generic/siginfo.h | 17 ++++++++++++-----
b/kernel/signal.c | 4 ++++
2 files changed, 16 insertions(+), 5 deletions(-)
diff -puN include/uapi/asm-generic/siginfo.h~pkeys-09-siginfo-core include/uapi/asm-generic/siginfo.h
--- a/include/uapi/asm-generic/siginfo.h~pkeys-09-siginfo-core 2015-12-03 16:21:23.412570898 -0800
+++ b/include/uapi/asm-generic/siginfo.h 2015-12-03 16:21:23.417571125 -0800
@@ -91,10 +91,15 @@ typedef struct siginfo {
int _trapno; /* TRAP # which caused the signal */
#endif
short _addr_lsb; /* LSB of the reported address */
- struct {
- void __user *_lower;
- void __user *_upper;
- } _addr_bnd;
+ union {
+ /* used when si_code=SEGV_BNDERR */
+ struct {
+ void __user *_lower;
+ void __user *_upper;
+ } _addr_bnd;
+ /* used when si_code=SEGV_PKUERR */
+ u64 _pkey;
+ };
} _sigfault;
/* SIGPOLL */
@@ -137,6 +142,7 @@ typedef struct siginfo {
#define si_addr_lsb _sifields._sigfault._addr_lsb
#define si_lower _sifields._sigfault._addr_bnd._lower
#define si_upper _sifields._sigfault._addr_bnd._upper
+#define si_pkey _sifields._sigfault._pkey
#define si_band _sifields._sigpoll._band
#define si_fd _sifields._sigpoll._fd
#ifdef __ARCH_SIGSYS
@@ -206,7 +212,8 @@ typedef struct siginfo {
#define SEGV_MAPERR (__SI_FAULT|1) /* address not mapped to object */
#define SEGV_ACCERR (__SI_FAULT|2) /* invalid permissions for mapped object */
#define SEGV_BNDERR (__SI_FAULT|3) /* failed address bound checks */
-#define NSIGSEGV 3
+#define SEGV_PKUERR (__SI_FAULT|4) /* failed protection key checks */
+#define NSIGSEGV 4
/*
* SIGBUS si_codes
diff -puN kernel/signal.c~pkeys-09-siginfo-core kernel/signal.c
--- a/kernel/signal.c~pkeys-09-siginfo-core 2015-12-03 16:21:23.414570989 -0800
+++ b/kernel/signal.c 2015-12-03 16:21:23.418571170 -0800
@@ -2709,6 +2709,10 @@ int copy_siginfo_to_user(siginfo_t __use
err |= __put_user(from->si_upper, &to->si_upper);
}
#endif
+#ifdef SEGV_PKUERR
+ if (from->si_signo == SIGSEGV && from->si_code == SEGV_PKUERR)
+ err |= __put_user(from->si_pkey, &to->si_pkey);
+#endif
break;
case __SI_CHLD:
err |= __put_user(from->si_pid, &to->si_pid);
_
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-12-04 1:14 UTC|newest]
Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-04 1:14 [PATCH 00/34] x86: Memory Protection Keys (v5) Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 01/34] mm, gup: introduce concept of "foreign" get_user_pages() Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 02/34] x86, fpu: add placeholder for Processor Trace XSAVE state Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 03/34] x86, pkeys: Add Kconfig option Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 04/34] x86, pkeys: cpuid bit definition Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 05/34] x86, pkeys: define new CR4 bit Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 06/34] x86, pkeys: add PKRU xsave fields and data structure(s) Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 07/34] x86, pkeys: PTE bits for storing protection key Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 08/34] x86, pkeys: new page fault error code bit: PF_PK Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 09/34] x86, pkeys: store protection in high VMA flags Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 14:17 ` Thomas Gleixner
2015-12-08 14:17 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 10/34] x86, pkeys: arch-specific protection bits Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 15:15 ` [PATCH 10/34] x86, pkeys: arch-specific protection bitsy Thomas Gleixner
2015-12-08 15:15 ` Thomas Gleixner
2015-12-08 16:34 ` Dave Hansen
2015-12-08 16:34 ` Dave Hansen
2015-12-08 17:24 ` Thomas Gleixner
2015-12-08 17:24 ` Thomas Gleixner
2015-12-08 18:06 ` Dave Hansen
2015-12-08 18:29 ` Thomas Gleixner
2015-12-08 18:29 ` Thomas Gleixner
2015-12-08 18:35 ` Thomas Gleixner
2015-12-08 18:35 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 11/34] x86, pkeys: pass VMA down in to fault signal generation code Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` Dave Hansen [this message]
2015-12-04 1:14 ` [PATCH 12/34] signals, pkeys: notify userspace about protection key faults Dave Hansen
2015-12-04 1:14 ` [PATCH 13/34] x86, pkeys: fill in pkey field in siginfo Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 14/34] x86, pkeys: add functions to fetch PKRU Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 15:18 ` Thomas Gleixner
2015-12-08 15:18 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 15/34] mm: factor out VMA fault permission checking Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 17:26 ` Thomas Gleixner
2015-12-08 17:26 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 16/34] x86, mm: simplify get_user_pages() PTE bit handling Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 18:01 ` Thomas Gleixner
2015-12-08 18:01 ` Thomas Gleixner
2015-12-08 18:30 ` Dave Hansen
2015-12-08 18:30 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 17/34] x86, pkeys: check VMAs and PTEs for protection keys Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 18:11 ` Thomas Gleixner
2015-12-08 18:11 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 18/34] mm: add gup flag to indicate "foreign" mm access Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 19/34] x86, pkeys: optimize fault handling in access_error() Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 18:14 ` Thomas Gleixner
2015-12-08 18:14 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 20/34] x86, pkeys: differentiate instruction fetches Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 18:17 ` Thomas Gleixner
2015-12-08 18:17 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 21/34] x86, pkeys: dump PKRU with other kernel registers Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 18:19 ` Thomas Gleixner
2015-12-08 18:19 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 22/34] x86, pkeys: dump PTE pkey in /proc/pid/smaps Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 18:20 ` Thomas Gleixner
2015-12-08 18:20 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 23/34] x86, pkeys: add Kconfig prompt to existing config option Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 18:21 ` Thomas Gleixner
2015-12-08 18:21 ` Thomas Gleixner
2015-12-04 1:14 ` [PATCH 24/34] mm, multi-arch: pass a protection key in to calc_vm_flag_bits() Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-04 1:14 ` [PATCH 25/34] x86, pkeys: add arch_validate_pkey() Dave Hansen
2015-12-04 1:14 ` Dave Hansen
2015-12-08 18:39 ` Thomas Gleixner
2015-12-08 18:39 ` Thomas Gleixner
2015-12-04 1:15 ` [PATCH 26/34] mm: implement new mprotect_key() system call Dave Hansen
2015-12-04 1:15 ` Dave Hansen
2015-12-05 6:50 ` Michael Kerrisk (man-pages)
2015-12-05 6:50 ` Michael Kerrisk (man-pages)
2015-12-05 6:50 ` Michael Kerrisk (man-pages)
2015-12-07 16:44 ` Dave Hansen
2015-12-07 16:44 ` Dave Hansen
2015-12-09 11:08 ` Michael Kerrisk (man-pages)
2015-12-09 11:08 ` Michael Kerrisk (man-pages)
2015-12-09 15:48 ` Dave Hansen
2015-12-09 15:48 ` Dave Hansen
2015-12-09 16:45 ` Michael Kerrisk (man-pages)
2015-12-09 16:45 ` Michael Kerrisk (man-pages)
2015-12-09 16:45 ` Michael Kerrisk (man-pages)
2015-12-09 17:05 ` Dave Hansen
2015-12-09 17:05 ` Dave Hansen
2015-12-09 17:05 ` Dave Hansen
2015-12-11 20:13 ` Michael Kerrisk (man-pages)
2015-12-11 20:13 ` Michael Kerrisk (man-pages)
2015-12-04 1:15 ` [PATCH 27/34] x86, pkeys: make mprotect_key() mask off additional vm_flags Dave Hansen
2015-12-04 1:15 ` Dave Hansen
2015-12-08 18:41 ` Thomas Gleixner
2015-12-08 18:41 ` Thomas Gleixner
2015-12-04 1:15 ` [PATCH 28/34] x86: wire up mprotect_key() system call Dave Hansen
2015-12-04 1:15 ` Dave Hansen
2015-12-08 18:44 ` Thomas Gleixner
2015-12-08 18:44 ` Thomas Gleixner
2015-12-08 18:44 ` Thomas Gleixner
2015-12-08 19:06 ` Dave Hansen
2015-12-08 19:06 ` Dave Hansen
2015-12-08 20:38 ` Thomas Gleixner
2015-12-08 20:38 ` Thomas Gleixner
2015-12-08 20:38 ` Thomas Gleixner
2015-12-04 1:15 ` [PATCH 29/34] x86: separate out LDT init from context init Dave Hansen
2015-12-04 1:15 ` Dave Hansen
2015-12-08 18:45 ` Thomas Gleixner
2015-12-08 18:45 ` Thomas Gleixner
2015-12-04 1:15 ` [PATCH 30/34] x86, fpu: allow setting of XSAVE state Dave Hansen
2015-12-04 1:15 ` Dave Hansen
2015-12-08 18:48 ` Thomas Gleixner
2015-12-08 18:48 ` Thomas Gleixner
2015-12-04 1:15 ` [PATCH 31/34] x86, pkeys: allocation/free syscalls Dave Hansen
2015-12-04 1:15 ` Dave Hansen
2015-12-04 1:15 ` [PATCH 32/34] x86, pkeys: add pkey set/get syscalls Dave Hansen
2015-12-04 1:15 ` Dave Hansen
2015-12-04 1:15 ` [PATCH 33/34] x86, pkeys: actually enable Memory Protection Keys in CPU Dave Hansen
2015-12-04 1:15 ` Dave Hansen
2015-12-04 1:15 ` [PATCH 34/34] x86, pkeys: Documentation Dave Hansen
2015-12-04 1:15 ` Dave Hansen
2015-12-04 23:31 ` [PATCH 00/34] x86: Memory Protection Keys (v5) Andy Lutomirski
2015-12-04 23:31 ` Andy Lutomirski
2015-12-04 23:38 ` Dave Hansen
2015-12-04 23:38 ` Dave Hansen
2015-12-04 23:38 ` Dave Hansen
2015-12-11 20:16 ` Andy Lutomirski
2015-12-11 20:16 ` Andy Lutomirski
2015-12-11 20:16 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151204011441.16B7D06C@viggo.jf.intel.com \
--to=dave@sr71.net \
--cc=dave.hansen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.