# git rev-parse -q --verify dc8b1290efbbe974d9968106a03077823d0863d6^{commit} dc8b1290efbbe974d9968106a03077823d0863d6 already have revision, skipping fetch # git checkout -q -f -B kisskb dc8b1290efbbe974d9968106a03077823d0863d6 # git clean -qxdf # < git log -1 # commit dc8b1290efbbe974d9968106a03077823d0863d6 # Author: Russell Currey # Date: Fri Mar 1 01:49:17 2019 +1100 # # powerpc/64s: Implement KUAP for Radix MMU # # Kernel Userspace Access Prevention utilises a feature of the Radix MMU # which disallows read and write access to userspace addresses. By # utilising this, the kernel is prevented from accessing user data from # outside of trusted paths that perform proper safety checks, such as # copy_{to/from}_user() and friends. # # Userspace access is disabled from early boot and is only enabled when # performing an operation like copy_{to/from}_user(). The register that # controls this (AMR) does not prevent userspace from accessing itself, # so there is no need to save and restore when entering and exiting # userspace. # # This feature has a slight performance impact which I roughly measured # to be 3% slower in the worst case (performing 1GB of 1 byte # read()/write() syscalls), and is gated behind the CONFIG_PPC_KUAP # option for performance-critical builds. # # This feature can be tested by using the lkdtm driver (CONFIG_LKDTM=y) # and performing the following: # # # (echo ACCESS_USERSPACE) > [debugfs]/provoke-crash/DIRECT # # If enabled, this should send SIGSEGV to the thread. # # mpe: # - Drop the unused paca flags. # - Zero the UAMOR to be safe. # - Save the AMR when we enter the kernel from the kernel and then # block user access again if it's not already blocked. # - Restore on the way back to the kernel. # - This means we handle nesting of interrupts properly, ie. we are # protected inside the page fault handler caused by a user access. # - Add paranoid checking of AMR in switch and syscall return. # - Add isync()'s around AMR writes as per the ISA. # - Support selectively disabling read or write, with no support for # nesting. # # Co-authored-by: Michael Ellerman # Signed-off-by: Russell Currey # Signed-off-by: Michael Ellerman # --- # # v5: # - On kernel entry check if the AMR is already blocking user access # and if so don't do the mtspr again (pointed out by Nick). # - Rework the constants to make the asm a bit cleaner and avoid any # hard coded shifts. # - Selectively disable read or write, we don't support nesting and # shouldn't need to (famous last words). # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-gcc --version # < /opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux-ld --version # < git log --format=%s --max-count=1 dc8b1290efbbe974d9968106a03077823d0863d6 # < make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-next_ppc44x_defconfig_powerpc-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- ppc44x_defconfig # make -s -j 120 ARCH=powerpc O=/kisskb/build/powerpc-next_ppc44x_defconfig_powerpc-gcc8 CROSS_COMPILE=/opt/cross/kisskb/korg/gcc-8.1.0-nolibc/powerpc64-linux/bin/powerpc64-linux- /kisskb/src/arch/powerpc/boot/dts/virtex440-ml510.dts:335.37-439.6: Warning (pci_bridge): /plb@0/plbv46-pci@85e00000: node name is not "pci" or "pcie" arch/powerpc/boot/dts/virtex440-ml510.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' /kisskb/src/arch/powerpc/boot/dts/katmai.dts:322.26-361.5: Warning (pci_bridge): /plb/pciex@d00000000: node name is not "pci" or "pcie" /kisskb/src/arch/powerpc/boot/dts/katmai.dts:363.26-402.5: Warning (pci_bridge): /plb/pciex@d20000000: node name is not "pci" or "pcie" /kisskb/src/arch/powerpc/boot/dts/katmai.dts:404.26-443.5: Warning (pci_bridge): /plb/pciex@d40000000: node name is not "pci" or "pcie" arch/powerpc/boot/dts/katmai.dtb: Warning (pci_device_bus_num): Failed prerequisite 'pci_bridge' INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5bb2ec) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) INFO: Uncompressed kernel (size 0x5cba04) overlaps the address of the wrapper(0x400000) INFO: Fixing the link_address of wrapper to (0x600000) Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2906091 Bytes = 2837.98 KiB = 2.77 MiB Load Address: 00000000 Entry Point: 00000000 Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2944381 Bytes = 2875.37 KiB = 2.81 MiB Load Address: 00600000 Entry Point: 006000c4 Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2943800 Bytes = 2874.80 KiB = 2.81 MiB Load Address: 00600000 Entry Point: 006015bc Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2944022 Bytes = 2875.02 KiB = 2.81 MiB Load Address: 00600000 Entry Point: 006015a4 Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2943685 Bytes = 2874.69 KiB = 2.81 MiB Load Address: 00600000 Entry Point: 006001b8 Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2943517 Bytes = 2874.53 KiB = 2.81 MiB Load Address: 00600000 Entry Point: 006015ac Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2943840 Bytes = 2874.84 KiB = 2.81 MiB Load Address: 00600000 Entry Point: 006015ac Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2943765 Bytes = 2874.77 KiB = 2.81 MiB Load Address: 00600000 Entry Point: 0060159c Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2944123 Bytes = 2875.12 KiB = 2.81 MiB Load Address: 00600000 Entry Point: 0060158c Image Name: Linux-5.0.0-rc2-gdc8b1290efbb Created: Sat Mar 2 23:13:24 2019 Image Type: PowerPC Linux Kernel Image (gzip compressed) Data Size: 2944147 Bytes = 2875.14 KiB = 2.81 MiB Load Address: 00600000 Entry Point: 006015ac Completed OK # rm -rf /kisskb/build/powerpc-next_ppc44x_defconfig_powerpc-gcc8 # Build took: 0:00:33.030078