From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751770AbbLHSMI (ORCPT ); Tue, 8 Dec 2015 13:12:08 -0500 Received: from www.linutronix.de ([62.245.132.108]:51509 "EHLO Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750986AbbLHSMH (ORCPT ); Tue, 8 Dec 2015 13:12:07 -0500 Date: Tue, 8 Dec 2015 19:11:18 +0100 (CET) From: Thomas Gleixner To: Dave Hansen cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org, dave.hansen@linux.intel.com Subject: Re: [PATCH 17/34] x86, pkeys: check VMAs and PTEs for protection keys In-Reply-To: <20151204011448.23DC574D@viggo.jf.intel.com> Message-ID: References: <20151204011424.8A36E365@viggo.jf.intel.com> <20151204011448.23DC574D@viggo.jf.intel.com> User-Agent: Alpine 2.11 (DEB 23 2013-08-11) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Linutronix-Spam-Score: -1.0 X-Linutronix-Spam-Level: - X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required, ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001,URIBL_BLOCKED=0.001 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 3 Dec 2015, Dave Hansen wrote: > Today, for normal faults and page table walks, we check the VMA > and/or PTE to ensure that it is compatible with the action. For > instance, if we get a write fault on a non-writeable VMA, we > SIGSEGV. > > We try to do the same thing for protection keys. Basically, we > try to make sure that if a user does this: > > mprotect(ptr, size, PROT_NONE); > *ptr = foo; > > they see the same effects with protection keys when they do this: > > mprotect(ptr, size, PROT_READ|PROT_WRITE); > set_pkey(ptr, size, 4); > wrpkru(0xffffff3f); // access disable pkey 4 > *ptr = foo; > > The state to do that checking is in the VMA, but we also > sometimes have to do it on the page tables only, like when doing > a get_user_pages_fast() where we have no VMA. > > We add two functions and expose them to generic code: > > arch_pte_access_permitted(pte_flags, write) > arch_vma_access_permitted(vma, write) > > These are, of course, backed up in x86 arch code with checks > against the PTE or VMA's protection key. > > But, there are also cases where we do not want to respect > protection keys. When we ptrace(), for instance, we do not want > to apply the tracer's PKRU permissions to the PTEs from the > process being traced. > > Signed-off-by: Dave Hansen Reviewed-by: Thomas Gleixner From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) by kanga.kvack.org (Postfix) with ESMTP id 9D1946B0255 for ; Tue, 8 Dec 2015 13:12:08 -0500 (EST) Received: by wmuu63 with SMTP id u63so191496524wmu.0 for ; Tue, 08 Dec 2015 10:12:08 -0800 (PST) Received: from Galois.linutronix.de (linutronix.de. [2001:470:1f0b:db:abcd:42:0:1]) by mx.google.com with ESMTPS id lh10si5806200wjc.81.2015.12.08.10.12.07 for (version=TLS1_2 cipher=AES128-SHA bits=128/128); Tue, 08 Dec 2015 10:12:07 -0800 (PST) Date: Tue, 8 Dec 2015 19:11:18 +0100 (CET) From: Thomas Gleixner Subject: Re: [PATCH 17/34] x86, pkeys: check VMAs and PTEs for protection keys In-Reply-To: <20151204011448.23DC574D@viggo.jf.intel.com> Message-ID: References: <20151204011424.8A36E365@viggo.jf.intel.com> <20151204011448.23DC574D@viggo.jf.intel.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-linux-mm@kvack.org List-ID: To: Dave Hansen Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org, dave.hansen@linux.intel.com On Thu, 3 Dec 2015, Dave Hansen wrote: > Today, for normal faults and page table walks, we check the VMA > and/or PTE to ensure that it is compatible with the action. For > instance, if we get a write fault on a non-writeable VMA, we > SIGSEGV. > > We try to do the same thing for protection keys. Basically, we > try to make sure that if a user does this: > > mprotect(ptr, size, PROT_NONE); > *ptr = foo; > > they see the same effects with protection keys when they do this: > > mprotect(ptr, size, PROT_READ|PROT_WRITE); > set_pkey(ptr, size, 4); > wrpkru(0xffffff3f); // access disable pkey 4 > *ptr = foo; > > The state to do that checking is in the VMA, but we also > sometimes have to do it on the page tables only, like when doing > a get_user_pages_fast() where we have no VMA. > > We add two functions and expose them to generic code: > > arch_pte_access_permitted(pte_flags, write) > arch_vma_access_permitted(vma, write) > > These are, of course, backed up in x86 arch code with checks > against the PTE or VMA's protection key. > > But, there are also cases where we do not want to respect > protection keys. When we ptrace(), for instance, we do not want > to apply the tracer's PKRU permissions to the PTEs from the > process being traced. > > Signed-off-by: Dave Hansen Reviewed-by: Thomas Gleixner -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org