From patchwork Thu Feb 21 09:35:54 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Russell Currey <ruscur@russell.cc>
X-Patchwork-Id: 10823373
Return-Path: 
 <kernel-hardening-return-15319-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9724E1390
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 21 Feb 2019 09:36:42 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 85BF12EDE5
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 21 Feb 2019 09:36:42 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 77B0F3024E; Thu, 21 Feb 2019 09:36:42 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham
	version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 76CC02EDE5
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 21 Feb 2019 09:36:40 +0000 (UTC)
Received: (qmail 23928 invoked by uid 550); 21 Feb 2019 09:36:39 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 23894 invoked from network); 21 Feb 2019 09:36:38 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=russell.cc; h=
	from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding; s=fm1; bh=A9LrUcA7yUDfQQxa0iYRFrWBmX
	V/uacj86aXiqZP6l0=; b=FP1edbOdhIhtkpX1w8vIkLOsOhx3WyMTUwjm4sU9+u
	MArWoyHKvURKIy56R1TlkbQsxkRa/3XqMZxxWpv69SZj0RGoehngoOOvEHAKtayN
	MfZOhzXq+tJF3dOSM7G96fAvaI3KVHzAGxl/u06VWEtEUiJbwqxT8AkVbwCZAgTz
	7W8+VZPu0fei086W4u6igRqJ2rq2qvbr2D3B3G3RPWPtGizXAbNiQkxNnvZF5CMn
	lCKcMz3/XErbPQDpm1w6MnJsrGN1BxKIHc4fuY+tkCOuMvjED3rRzKpDHK1kksD8
	4so4cI5FSFEIYgOBFQkGpIKxr+GLP1Mg1bctfdTyL2Dg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:date:from
	:message-id:mime-version:subject:to:x-me-proxy:x-me-proxy
	:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=A9LrUcA7yUDfQQxa0
	iYRFrWBmXV/uacj86aXiqZP6l0=; b=MhXyh1ca2BMVkh69Qk1mgSjBqzHG+/maj
	ZGjqR4in83dp2S2ZG+Xby58F5xJHpvXys0nDAk6Iy1/y9I5o7836hH3Gt/owx3aA
	xMwTaWPVWLutAgr7ZgW+dxq85OukNsh5m6TeTyaqX10QvLctjSA7G9gUr0i4L46D
	E7mY4QQOjnwvs2U4zxrdIYIIYN/NPABu8pe6yXk5n3I9/B3sHG2A6IWMF4zQFElv
	5F7oEIxZ9qO9latXCWEwm+kKhKtUZL4IE7ZrPQV6jCLLzeukajHkDWgsNGBgqEAF
	B4lkvPXTScmMLp8O9ud7jdyE+r9tGOAkbSAhJK+NLkCWUr6YrB9CQ==
X-ME-Sender: <xms:GHFuXI2vXIHMO9-x5XeJHc5Npy-2Brc_XTPAJK-y9Q-kFRnF9ydVNQ>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgedutddrtdekgddtjeculddtuddrgedtledrtddtmd
    cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen
    uceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffucdludehmdenucfjughrpefhvf
    fufffkofgggfestdekredtredttdenucfhrhhomheptfhushhsvghllhcuvehurhhrvgih
    uceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecuffhomhgrihhnpehoiihlrggssh
    drohhrghenucfkphepuddvvddrleelrdekvddruddtnecurfgrrhgrmhepmhgrihhlfhhr
    ohhmpehruhhstghurhesrhhushhsvghllhdrtggtnecuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:GXFuXNksXLmecDGFU_IbPivKlFb3sjMBjIkqOBDeFatPDGRhWp12_A>
    <xmx:GXFuXOuRnMQLpDZKvua1sObidzc011qdU1tUK44v8B5goiVjby0ZtA>
    <xmx:GXFuXO3Z78gOH-CeezsPwpZqj-38HPgjHhBr199F3nbg6x0X6GINXQ>
    <xmx:GnFuXDnuGYDlLNVISMMxaiHw2FkcsanUu6lPIGK9xBdfEfghZFEPaA>
From: Russell Currey <ruscur@russell.cc>
To: linuxppc-dev@lists.ozlabs.org
Cc: mpe@ellerman.id.au,
	npiggin@gmail.com,
	christophe.leroy@c-s.fr,
	kernel-hardening@lists.openwall.com,
	Russell Currey <ruscur@russell.cc>
Subject: [PATCH 0/7] Kernel Userspace Protection for radix
Date: Thu, 21 Feb 2019 20:35:54 +1100
Message-Id: <20190221093601.27920-1-ruscur@russell.cc>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP

The first three patches of these series are from Christophe's work and are
the bare minimum framework needed to implement the support for radix.

In patch 3, I have removed from Christophe's patch my implementation of
the 64-bit exception handling code, since we don't have an answer for
making nested exceptions work yet.  This is mentioned in the final KUAP
patch.  Regardless, this is still a significant security improvement
and greatly narrows the attack surface.

Here are patches you will want if you want this to work:

http://patchwork.ozlabs.org/patch/1045215/
http://patchwork.ozlabs.org/patch/1045049/
http://patchwork.ozlabs.org/patch/1038568/

(or subsequent revisions, which the latter two will need)

I wouldn't expect this series to be merged without those fixes.

Thanks to Christophe for his great work and to Michael Ellerman for a
ton of feedback as I've worked on this.

Christophe Leroy (3):
  powerpc: Add framework for Kernel Userspace Protection
  powerpc: Add skeleton for Kernel Userspace Execution Prevention
  powerpc/mm: Add a framework for Kernel Userspace Access Protection

Russell Currey (4):
  powerpc/64: Setup KUP on secondary CPUs
  powerpc/mm/radix: Use KUEP API for Radix MMU
  powerpc/lib: Refactor __patch_instruction() to use __put_user_asm()
  powerpc/64s: Implement KUAP for Radix MMU

 .../admin-guide/kernel-parameters.txt         |  4 +-
 .../powerpc/include/asm/book3s/64/kup-radix.h | 36 ++++++++++++++++
 arch/powerpc/include/asm/exception-64e.h      |  3 ++
 arch/powerpc/include/asm/exception-64s.h      |  3 ++
 arch/powerpc/include/asm/futex.h              |  4 ++
 arch/powerpc/include/asm/kup.h                | 42 +++++++++++++++++++
 arch/powerpc/include/asm/mmu.h                |  9 +++-
 arch/powerpc/include/asm/paca.h               |  3 ++
 arch/powerpc/include/asm/processor.h          |  3 ++
 arch/powerpc/include/asm/ptrace.h             |  3 ++
 arch/powerpc/include/asm/reg.h                |  1 +
 arch/powerpc/include/asm/uaccess.h            | 38 +++++++++++++----
 arch/powerpc/kernel/asm-offsets.c             |  7 ++++
 arch/powerpc/kernel/entry_32.S                |  8 +++-
 arch/powerpc/kernel/process.c                 |  3 ++
 arch/powerpc/kernel/setup_64.c                | 10 +++++
 arch/powerpc/lib/checksum_wrappers.c          |  4 ++
 arch/powerpc/lib/code-patching.c              |  4 +-
 arch/powerpc/mm/fault.c                       | 20 ++++++---
 arch/powerpc/mm/init-common.c                 | 26 ++++++++++++
 arch/powerpc/mm/init_32.c                     |  3 ++
 arch/powerpc/mm/pgtable-radix.c               | 28 +++++++++++--
 arch/powerpc/mm/pkeys.c                       |  7 +++-
 arch/powerpc/platforms/Kconfig.cputype        | 26 ++++++++++++
 24 files changed, 271 insertions(+), 24 deletions(-)
 create mode 100644 arch/powerpc/include/asm/book3s/64/kup-radix.h
 create mode 100644 arch/powerpc/include/asm/kup.h