# git rev-parse -q --verify d02d2129641d6cd22492ddc85e11d112eb0d5a6f^{commit} d02d2129641d6cd22492ddc85e11d112eb0d5a6f already have revision, skipping fetch # git checkout -q -f -B kisskb d02d2129641d6cd22492ddc85e11d112eb0d5a6f # git clean -qxdf # < git log -1 # commit d02d2129641d6cd22492ddc85e11d112eb0d5a6f # Author: Russell Currey # Date: Fri Mar 1 01:49:17 2019 +1100 # # powerpc/64s: Implement KUAP for Radix MMU # # Kernel Userspace Access Prevention utilises a feature of the Radix MMU # which disallows read and write access to userspace addresses. By # utilising this, the kernel is prevented from accessing user data from # outside of trusted paths that perform proper safety checks, such as # copy_{to/from}_user() and friends. # # Userspace access is disabled from early boot and is only enabled when # performing an operation like copy_{to/from}_user(). The register that # controls this (AMR) does not prevent userspace from accessing itself, # so there is no need to save and restore when entering and exiting # userspace. # # This feature has a slight performance impact which I roughly measured # to be 3% slower in the worst case (performing 1GB of 1 byte # read()/write() syscalls), and is gated behind the CONFIG_PPC_KUAP # option for performance-critical builds. # # This feature can be tested by using the lkdtm driver (CONFIG_LKDTM=y) # and performing the following: # # # (echo ACCESS_USERSPACE) > [debugfs]/provoke-crash/DIRECT # # If enabled, this should send SIGSEGV to the thread. # # mpe: Drop the unused paca flags. Zero the UAMOR to be safe. Save the # AMR when we enter the kernel from the kernel and then lock it again. # Restore on the way back to the kernel. This means we handle nesting of # interrupts properly, ie. we are protected inside the page fault # handler caused by a user access. Add paranoid checking of AMR in # switch and syscall return. Add an isync() to prevent_user_access() # # Signed-off-by: Russell Currey # Signed-off-by: Michael Ellerman # < /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux-gcc --version # < /opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux-ld --version # < git log --format=%s --max-count=1 d02d2129641d6cd22492ddc85e11d112eb0d5a6f # < make -s -j 120 ARCH=arm64 O=/kisskb/build/powerpc-next_arm64-defconfig_arm64-gcc5.4 CROSS_COMPILE=/opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux- defconfig # make -s -j 120 ARCH=arm64 O=/kisskb/build/powerpc-next_arm64-defconfig_arm64-gcc5.4 CROSS_COMPILE=/opt/cross/kisskb/br-aarch64-glibc-2016.08-613-ge98b4dd/bin/aarch64-linux- arch/arm64/Makefile:27: ld does not support --fix-cortex-a53-843419; kernel may be susceptible to erratum arch/arm64/Makefile:40: LSE atomics not supported by binutils /kisskb/src/arch/arm64/boot/dts/rockchip/rk3399-gru-kevin.dts:46.9-50.5: Warning (graph_port): /edp-panel/ports: graph port node name should be 'port' /kisskb/src/arch/arm64/boot/dts/rockchip/rk3399-sapphire-excavator.dts:94.9-98.5: Warning (graph_port): /edp-panel/ports: graph port node name should be 'port' /kisskb/src/arch/arm64/boot/dts/rockchip/rk3399-gru-bob.dts:25.9-29.5: Warning (graph_port): /edp-panel/ports: graph port node name should be 'port' In file included from /kisskb/src/include/linux/rwsem.h:16:0, from /kisskb/src/include/linux/notifier.h:15, from /kisskb/src/include/linux/clk.h:17, from /kisskb/src/drivers/tty/serial/sh-sci.c:24: /kisskb/src/drivers/tty/serial/sh-sci.c: In function 'sci_submit_rx': /kisskb/src/include/linux/spinlock.h:279:3: warning: 'flags' may be used uninitialized in this function [-Wmaybe-uninitialized] _raw_spin_unlock_irqrestore(lock, flags); \ ^ /kisskb/src/drivers/tty/serial/sh-sci.c:1338:16: note: 'flags' was declared here unsigned long flags; ^ Completed OK # rm -rf /kisskb/build/powerpc-next_arm64-defconfig_arm64-gcc5.4 # Build took: 0:02:20.917139