From: Dave Hansen <dave@sr71.net> To: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org, x86@kernel.org, Dave Hansen <dave@sr71.net>, dave.hansen@linux.intel.com Subject: [PATCH 12/34] signals, pkeys: notify userspace about protection key faults Date: Thu, 03 Dec 2015 17:14:41 -0800 [thread overview] Message-ID: <20151204011441.16B7D06C@viggo.jf.intel.com> (raw) In-Reply-To: <20151204011424.8A36E365@viggo.jf.intel.com> From: Dave Hansen <dave.hansen@linux.intel.com> A protection key fault is very similar to any other access error. There must be a VMA, etc... We even want to take the same action (SIGSEGV) that we do with a normal access fault. However, we do need to let userspace know that something is different. We do this the same way what we did with SEGV_BNDERR with Memory Protection eXtensions (MPX): define a new SEGV code: SEGV_PKUERR. We add a siginfo field: si_pkey that reveals to userspace which protection key was set on the PTE that we faulted on. There is no other easy way for userspace to figure this out. They could parse smaps but that would be a bit cruel. We share space with in siginfo with _addr_bnd. #BR faults from MPX are completely separate from page faults (#PF) that trigger from protection key violations, so we never need both at the same time. Note that _pkey is a 64-bit value. The current hardware only supports 4-bit protection keys. We do this because there is _plenty_ of space in _sigfault and it is possible that future processors would support more than 4 bits of protection keys. The x86 code to actually fill in the siginfo is in the next patch. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> --- b/include/uapi/asm-generic/siginfo.h | 17 ++++++++++++----- b/kernel/signal.c | 4 ++++ 2 files changed, 16 insertions(+), 5 deletions(-) diff -puN include/uapi/asm-generic/siginfo.h~pkeys-09-siginfo-core include/uapi/asm-generic/siginfo.h --- a/include/uapi/asm-generic/siginfo.h~pkeys-09-siginfo-core 2015-12-03 16:21:23.412570898 -0800 +++ b/include/uapi/asm-generic/siginfo.h 2015-12-03 16:21:23.417571125 -0800 @@ -91,10 +91,15 @@ typedef struct siginfo { int _trapno; /* TRAP # which caused the signal */ #endif short _addr_lsb; /* LSB of the reported address */ - struct { - void __user *_lower; - void __user *_upper; - } _addr_bnd; + union { + /* used when si_code=SEGV_BNDERR */ + struct { + void __user *_lower; + void __user *_upper; + } _addr_bnd; + /* used when si_code=SEGV_PKUERR */ + u64 _pkey; + }; } _sigfault; /* SIGPOLL */ @@ -137,6 +142,7 @@ typedef struct siginfo { #define si_addr_lsb _sifields._sigfault._addr_lsb #define si_lower _sifields._sigfault._addr_bnd._lower #define si_upper _sifields._sigfault._addr_bnd._upper +#define si_pkey _sifields._sigfault._pkey #define si_band _sifields._sigpoll._band #define si_fd _sifields._sigpoll._fd #ifdef __ARCH_SIGSYS @@ -206,7 +212,8 @@ typedef struct siginfo { #define SEGV_MAPERR (__SI_FAULT|1) /* address not mapped to object */ #define SEGV_ACCERR (__SI_FAULT|2) /* invalid permissions for mapped object */ #define SEGV_BNDERR (__SI_FAULT|3) /* failed address bound checks */ -#define NSIGSEGV 3 +#define SEGV_PKUERR (__SI_FAULT|4) /* failed protection key checks */ +#define NSIGSEGV 4 /* * SIGBUS si_codes diff -puN kernel/signal.c~pkeys-09-siginfo-core kernel/signal.c --- a/kernel/signal.c~pkeys-09-siginfo-core 2015-12-03 16:21:23.414570989 -0800 +++ b/kernel/signal.c 2015-12-03 16:21:23.418571170 -0800 @@ -2709,6 +2709,10 @@ int copy_siginfo_to_user(siginfo_t __use err |= __put_user(from->si_upper, &to->si_upper); } #endif +#ifdef SEGV_PKUERR + if (from->si_signo == SIGSEGV && from->si_code == SEGV_PKUERR) + err |= __put_user(from->si_pkey, &to->si_pkey); +#endif break; case __SI_CHLD: err |= __put_user(from->si_pid, &to->si_pid); _
WARNING: multiple messages have this Message-ID (diff)
From: Dave Hansen <dave@sr71.net> To: linux-kernel@vger.kernel.org Cc: linux-mm@kvack.org, x86@kernel.org, Dave Hansen <dave@sr71.net>, dave.hansen@linux.intel.com Subject: [PATCH 12/34] signals, pkeys: notify userspace about protection key faults Date: Thu, 03 Dec 2015 17:14:41 -0800 [thread overview] Message-ID: <20151204011441.16B7D06C@viggo.jf.intel.com> (raw) In-Reply-To: <20151204011424.8A36E365@viggo.jf.intel.com> From: Dave Hansen <dave.hansen@linux.intel.com> A protection key fault is very similar to any other access error. There must be a VMA, etc... We even want to take the same action (SIGSEGV) that we do with a normal access fault. However, we do need to let userspace know that something is different. We do this the same way what we did with SEGV_BNDERR with Memory Protection eXtensions (MPX): define a new SEGV code: SEGV_PKUERR. We add a siginfo field: si_pkey that reveals to userspace which protection key was set on the PTE that we faulted on. There is no other easy way for userspace to figure this out. They could parse smaps but that would be a bit cruel. We share space with in siginfo with _addr_bnd. #BR faults from MPX are completely separate from page faults (#PF) that trigger from protection key violations, so we never need both at the same time. Note that _pkey is a 64-bit value. The current hardware only supports 4-bit protection keys. We do this because there is _plenty_ of space in _sigfault and it is possible that future processors would support more than 4 bits of protection keys. The x86 code to actually fill in the siginfo is in the next patch. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> --- b/include/uapi/asm-generic/siginfo.h | 17 ++++++++++++----- b/kernel/signal.c | 4 ++++ 2 files changed, 16 insertions(+), 5 deletions(-) diff -puN include/uapi/asm-generic/siginfo.h~pkeys-09-siginfo-core include/uapi/asm-generic/siginfo.h --- a/include/uapi/asm-generic/siginfo.h~pkeys-09-siginfo-core 2015-12-03 16:21:23.412570898 -0800 +++ b/include/uapi/asm-generic/siginfo.h 2015-12-03 16:21:23.417571125 -0800 @@ -91,10 +91,15 @@ typedef struct siginfo { int _trapno; /* TRAP # which caused the signal */ #endif short _addr_lsb; /* LSB of the reported address */ - struct { - void __user *_lower; - void __user *_upper; - } _addr_bnd; + union { + /* used when si_code=SEGV_BNDERR */ + struct { + void __user *_lower; + void __user *_upper; + } _addr_bnd; + /* used when si_code=SEGV_PKUERR */ + u64 _pkey; + }; } _sigfault; /* SIGPOLL */ @@ -137,6 +142,7 @@ typedef struct siginfo { #define si_addr_lsb _sifields._sigfault._addr_lsb #define si_lower _sifields._sigfault._addr_bnd._lower #define si_upper _sifields._sigfault._addr_bnd._upper +#define si_pkey _sifields._sigfault._pkey #define si_band _sifields._sigpoll._band #define si_fd _sifields._sigpoll._fd #ifdef __ARCH_SIGSYS @@ -206,7 +212,8 @@ typedef struct siginfo { #define SEGV_MAPERR (__SI_FAULT|1) /* address not mapped to object */ #define SEGV_ACCERR (__SI_FAULT|2) /* invalid permissions for mapped object */ #define SEGV_BNDERR (__SI_FAULT|3) /* failed address bound checks */ -#define NSIGSEGV 3 +#define SEGV_PKUERR (__SI_FAULT|4) /* failed protection key checks */ +#define NSIGSEGV 4 /* * SIGBUS si_codes diff -puN kernel/signal.c~pkeys-09-siginfo-core kernel/signal.c --- a/kernel/signal.c~pkeys-09-siginfo-core 2015-12-03 16:21:23.414570989 -0800 +++ b/kernel/signal.c 2015-12-03 16:21:23.418571170 -0800 @@ -2709,6 +2709,10 @@ int copy_siginfo_to_user(siginfo_t __use err |= __put_user(from->si_upper, &to->si_upper); } #endif +#ifdef SEGV_PKUERR + if (from->si_signo == SIGSEGV && from->si_code == SEGV_PKUERR) + err |= __put_user(from->si_pkey, &to->si_pkey); +#endif break; case __SI_CHLD: err |= __put_user(from->si_pid, &to->si_pid); _ -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-12-04 1:14 UTC|newest] Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-12-04 1:14 [PATCH 00/34] x86: Memory Protection Keys (v5) Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 01/34] mm, gup: introduce concept of "foreign" get_user_pages() Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 02/34] x86, fpu: add placeholder for Processor Trace XSAVE state Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 03/34] x86, pkeys: Add Kconfig option Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 04/34] x86, pkeys: cpuid bit definition Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 05/34] x86, pkeys: define new CR4 bit Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 06/34] x86, pkeys: add PKRU xsave fields and data structure(s) Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 07/34] x86, pkeys: PTE bits for storing protection key Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 08/34] x86, pkeys: new page fault error code bit: PF_PK Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 09/34] x86, pkeys: store protection in high VMA flags Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 14:17 ` Thomas Gleixner 2015-12-08 14:17 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 10/34] x86, pkeys: arch-specific protection bits Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 15:15 ` [PATCH 10/34] x86, pkeys: arch-specific protection bitsy Thomas Gleixner 2015-12-08 15:15 ` Thomas Gleixner 2015-12-08 16:34 ` Dave Hansen 2015-12-08 16:34 ` Dave Hansen 2015-12-08 17:24 ` Thomas Gleixner 2015-12-08 17:24 ` Thomas Gleixner 2015-12-08 18:06 ` Dave Hansen 2015-12-08 18:29 ` Thomas Gleixner 2015-12-08 18:29 ` Thomas Gleixner 2015-12-08 18:35 ` Thomas Gleixner 2015-12-08 18:35 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 11/34] x86, pkeys: pass VMA down in to fault signal generation code Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` Dave Hansen [this message] 2015-12-04 1:14 ` [PATCH 12/34] signals, pkeys: notify userspace about protection key faults Dave Hansen 2015-12-04 1:14 ` [PATCH 13/34] x86, pkeys: fill in pkey field in siginfo Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 14/34] x86, pkeys: add functions to fetch PKRU Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 15:18 ` Thomas Gleixner 2015-12-08 15:18 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 15/34] mm: factor out VMA fault permission checking Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 17:26 ` Thomas Gleixner 2015-12-08 17:26 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 16/34] x86, mm: simplify get_user_pages() PTE bit handling Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 18:01 ` Thomas Gleixner 2015-12-08 18:01 ` Thomas Gleixner 2015-12-08 18:30 ` Dave Hansen 2015-12-08 18:30 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 17/34] x86, pkeys: check VMAs and PTEs for protection keys Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 18:11 ` Thomas Gleixner 2015-12-08 18:11 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 18/34] mm: add gup flag to indicate "foreign" mm access Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 19/34] x86, pkeys: optimize fault handling in access_error() Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 18:14 ` Thomas Gleixner 2015-12-08 18:14 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 20/34] x86, pkeys: differentiate instruction fetches Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 18:17 ` Thomas Gleixner 2015-12-08 18:17 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 21/34] x86, pkeys: dump PKRU with other kernel registers Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 18:19 ` Thomas Gleixner 2015-12-08 18:19 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 22/34] x86, pkeys: dump PTE pkey in /proc/pid/smaps Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 18:20 ` Thomas Gleixner 2015-12-08 18:20 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 23/34] x86, pkeys: add Kconfig prompt to existing config option Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 18:21 ` Thomas Gleixner 2015-12-08 18:21 ` Thomas Gleixner 2015-12-04 1:14 ` [PATCH 24/34] mm, multi-arch: pass a protection key in to calc_vm_flag_bits() Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-04 1:14 ` [PATCH 25/34] x86, pkeys: add arch_validate_pkey() Dave Hansen 2015-12-04 1:14 ` Dave Hansen 2015-12-08 18:39 ` Thomas Gleixner 2015-12-08 18:39 ` Thomas Gleixner 2015-12-04 1:15 ` [PATCH 26/34] mm: implement new mprotect_key() system call Dave Hansen 2015-12-04 1:15 ` Dave Hansen 2015-12-05 6:50 ` Michael Kerrisk (man-pages) 2015-12-05 6:50 ` Michael Kerrisk (man-pages) 2015-12-05 6:50 ` Michael Kerrisk (man-pages) 2015-12-07 16:44 ` Dave Hansen 2015-12-07 16:44 ` Dave Hansen 2015-12-09 11:08 ` Michael Kerrisk (man-pages) 2015-12-09 11:08 ` Michael Kerrisk (man-pages) 2015-12-09 15:48 ` Dave Hansen 2015-12-09 15:48 ` Dave Hansen 2015-12-09 16:45 ` Michael Kerrisk (man-pages) 2015-12-09 16:45 ` Michael Kerrisk (man-pages) 2015-12-09 16:45 ` Michael Kerrisk (man-pages) 2015-12-09 17:05 ` Dave Hansen 2015-12-09 17:05 ` Dave Hansen 2015-12-09 17:05 ` Dave Hansen 2015-12-11 20:13 ` Michael Kerrisk (man-pages) 2015-12-11 20:13 ` Michael Kerrisk (man-pages) 2015-12-04 1:15 ` [PATCH 27/34] x86, pkeys: make mprotect_key() mask off additional vm_flags Dave Hansen 2015-12-04 1:15 ` Dave Hansen 2015-12-08 18:41 ` Thomas Gleixner 2015-12-08 18:41 ` Thomas Gleixner 2015-12-04 1:15 ` [PATCH 28/34] x86: wire up mprotect_key() system call Dave Hansen 2015-12-04 1:15 ` Dave Hansen 2015-12-08 18:44 ` Thomas Gleixner 2015-12-08 18:44 ` Thomas Gleixner 2015-12-08 18:44 ` Thomas Gleixner 2015-12-08 19:06 ` Dave Hansen 2015-12-08 19:06 ` Dave Hansen 2015-12-08 20:38 ` Thomas Gleixner 2015-12-08 20:38 ` Thomas Gleixner 2015-12-08 20:38 ` Thomas Gleixner 2015-12-04 1:15 ` [PATCH 29/34] x86: separate out LDT init from context init Dave Hansen 2015-12-04 1:15 ` Dave Hansen 2015-12-08 18:45 ` Thomas Gleixner 2015-12-08 18:45 ` Thomas Gleixner 2015-12-04 1:15 ` [PATCH 30/34] x86, fpu: allow setting of XSAVE state Dave Hansen 2015-12-04 1:15 ` Dave Hansen 2015-12-08 18:48 ` Thomas Gleixner 2015-12-08 18:48 ` Thomas Gleixner 2015-12-04 1:15 ` [PATCH 31/34] x86, pkeys: allocation/free syscalls Dave Hansen 2015-12-04 1:15 ` Dave Hansen 2015-12-04 1:15 ` [PATCH 32/34] x86, pkeys: add pkey set/get syscalls Dave Hansen 2015-12-04 1:15 ` Dave Hansen 2015-12-04 1:15 ` [PATCH 33/34] x86, pkeys: actually enable Memory Protection Keys in CPU Dave Hansen 2015-12-04 1:15 ` Dave Hansen 2015-12-04 1:15 ` [PATCH 34/34] x86, pkeys: Documentation Dave Hansen 2015-12-04 1:15 ` Dave Hansen 2015-12-04 23:31 ` [PATCH 00/34] x86: Memory Protection Keys (v5) Andy Lutomirski 2015-12-04 23:31 ` Andy Lutomirski 2015-12-04 23:38 ` Dave Hansen 2015-12-04 23:38 ` Dave Hansen 2015-12-04 23:38 ` Dave Hansen 2015-12-11 20:16 ` Andy Lutomirski 2015-12-11 20:16 ` Andy Lutomirski 2015-12-11 20:16 ` Andy Lutomirski
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20151204011441.16B7D06C@viggo.jf.intel.com \ --to=dave@sr71.net \ --cc=dave.hansen@linux.intel.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.