# git rev-parse -q --verify dc8b1290efbbe974d9968106a03077823d0863d6^{commit} dc8b1290efbbe974d9968106a03077823d0863d6 already have revision, skipping fetch # git checkout -q -f -B kisskb dc8b1290efbbe974d9968106a03077823d0863d6 # git clean -qxdf # < git log -1 # commit dc8b1290efbbe974d9968106a03077823d0863d6 # Author: Russell Currey # Date: Fri Mar 1 01:49:17 2019 +1100 # # powerpc/64s: Implement KUAP for Radix MMU # # Kernel Userspace Access Prevention utilises a feature of the Radix MMU # which disallows read and write access to userspace addresses. By # utilising this, the kernel is prevented from accessing user data from # outside of trusted paths that perform proper safety checks, such as # copy_{to/from}_user() and friends. # # Userspace access is disabled from early boot and is only enabled when # performing an operation like copy_{to/from}_user(). The register that # controls this (AMR) does not prevent userspace from accessing itself, # so there is no need to save and restore when entering and exiting # userspace. # # This feature has a slight performance impact which I roughly measured # to be 3% slower in the worst case (performing 1GB of 1 byte # read()/write() syscalls), and is gated behind the CONFIG_PPC_KUAP # option for performance-critical builds. # # This feature can be tested by using the lkdtm driver (CONFIG_LKDTM=y) # and performing the following: # # # (echo ACCESS_USERSPACE) > [debugfs]/provoke-crash/DIRECT # # If enabled, this should send SIGSEGV to the thread. # # mpe: # - Drop the unused paca flags. # - Zero the UAMOR to be safe. # - Save the AMR when we enter the kernel from the kernel and then # block user access again if it's not already blocked. # - Restore on the way back to the kernel. # - This means we handle nesting of interrupts properly, ie. we are # protected inside the page fault handler caused by a user access. # - Add paranoid checking of AMR in switch and syscall return. # - Add isync()'s around AMR writes as per the ISA. # - Support selectively disabling read or write, with no support for # nesting. # # Co-authored-by: Michael Ellerman # Signed-off-by: Russell Currey # Signed-off-by: Michael Ellerman # --- # # v5: # - On kernel entry check if the AMR is already blocking user access # and if so don't do the mtspr again (pointed out by Nick). # - Rework the constants to make the asm a bit cleaner and avoid any # hard coded shifts. # - Selectively disable read or write, we don't support nesting and # shouldn't need to (famous last words). # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-gcc --version # < /opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux-ld --version # < git log --format=%s --max-count=1 dc8b1290efbbe974d9968106a03077823d0863d6 # < make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-next_ppc6xx_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- ppc6xx_defconfig # make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-next_ppc6xx_defconfig_powerpc-gcc4.6 CROSS_COMPILE=/opt/cross/kisskb/gcc-4.6.3-nolibc/powerpc-linux/bin/powerpc-linux- /kisskb/src/kernel/cgroup/cgroup-v1.c: In function 'cgroup1_mount': /kisskb/src/kernel/cgroup/cgroup-v1.c:1263:20: warning: 'root' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/kernel/printk/printk.c: In function 'devkmsg_sysctl_set_loglvl': /kisskb/src/kernel/printk/printk.c:186:16: warning: 'old' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/base/regmap/regmap.c: In function 'regmap_raw_read': /kisskb/src/drivers/base/regmap/regmap.c:2594:6: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/base/regmap/regmap.c: In function '_regmap_raw_write': /kisskb/src/drivers/base/regmap/regmap.c:1855:6: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/sound/ppc/awacs.c: In function 'snd_pmac_awacs_init': /kisskb/src/include/sound/control.h:223:2: warning: 'speaker_vol' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/sound/ppc/awacs.c:886:36: note: 'speaker_vol' was declared here /kisskb/src/kernel/trace/trace_dynevent.c: In function 'create_dyn_event': /kisskb/src/kernel/trace/trace_dynevent.c:89:5: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c: In function 'proc_reg_open': /kisskb/src/include/linux/list.h:65:12: warning: 'pdeo' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/proc/inode.c:339:21: note: 'pdeo' was declared here /kisskb/src/drivers/i2c/i2c-core-base.c: In function 'i2c_generic_scl_recovery': /kisskb/src/drivers/i2c/i2c-core-base.c:235:5: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c: In function 'univ8250_release_irq': /kisskb/src/drivers/tty/serial/8250/8250_core.c:247:18: warning: 'i' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/tty/serial/8250/8250_core.c:227:19: note: 'i' was declared here /kisskb/src/net/bridge/br_netlink.c: In function 'br_afspec.isra.28': /kisskb/src/net/bridge/br_netlink.c:652:7: warning: 'err' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/udf/unicode.c: In function 'udf_name_conv_char': /kisskb/src/fs/udf/unicode.c:132:8: warning: 'c' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/fs/nfsd/nfs4xdr.c: In function 'nfsd4_encode_components_esc': /kisskb/src/fs/nfsd/nfs4xdr.c:2076:9: warning: 'str' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/mac80211/mlme.c: In function 'ieee80211_rx_mgmt_beacon': /kisskb/src/net/mac80211/mlme.c:1522:3: warning: 'pwr_level_cisco' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/net/mac80211/mlme.c:1479:6: note: 'pwr_level_cisco' was declared here /kisskb/src/drivers/net/tun.c: In function 'tun_get_user': /kisskb/src/drivers/net/tun.c:1843:30: warning: 'copylen' may be used uninitialized in this function [-Wuninitialized] /kisskb/src/drivers/net/tun.c:1753:46: warning: 'linear' may be used uninitialized in this function [-Wuninitialized] INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa86a5c) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa97140) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) INFO: Uncompressed kernel (size 0xa86a5c) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0xb00000) Image Name: Linux-5.0.0-rc2+ Created: Sat Mar 2 21:30:06 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5064296 Bytes = 4945.60 KiB = 4.83 MiB Load Address: 00b00000 Entry Point: 00b00290 Image Name: Linux-5.0.0-rc2+ Created: Sat Mar 2 21:30:06 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5064202 Bytes = 4945.51 KiB = 4.83 MiB Load Address: 00b00000 Entry Point: 00b00888 Image Name: Linux-5.0.0-rc2+ Created: Sat Mar 2 21:30:06 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5031687 Bytes = 4913.76 KiB = 4.80 MiB Load Address: 00000000 Entry Point: 00000000 Image Name: Linux-5.0.0-rc2+ Created: Sat Mar 2 21:30:06 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5063591 Bytes = 4944.91 KiB = 4.83 MiB Load Address: 00b00000 Entry Point: 00b00290 Image Name: Linux-5.0.0-rc2+ Created: Sat Mar 2 21:30:06 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5064607 Bytes = 4945.91 KiB = 4.83 MiB Load Address: 00b00000 Entry Point: 00b00888 Image Name: Linux-5.0.0-rc2+ Created: Sat Mar 2 21:30:06 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5063608 Bytes = 4944.93 KiB = 4.83 MiB Load Address: 00b00000 Entry Point: 00b00290 Image Name: Linux-5.0.0-rc2+ Created: Sat Mar 2 21:30:06 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5061858 Bytes = 4943.22 KiB = 4.83 MiB Load Address: 00b00000 Entry Point: 00b00290 Image Name: Linux-5.0.0-rc2+ Created: Sat Mar 2 21:30:06 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5063394 Bytes = 4944.72 KiB = 4.83 MiB Load Address: 00b00000 Entry Point: 00b00290 Image Name: Linux-5.0.0-rc2+ Created: Sat Mar 2 21:30:06 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 5062458 Bytes = 4943.81 KiB = 4.83 MiB Load Address: 00b00000 Entry Point: 00b00290 Completed OK # rm -rf /kisskb/build/powerpc-next_ppc6xx_defconfig_powerpc-gcc4.6 # Build took: 0:01:43.612032