From patchwork Thu Nov 22 14:04:13 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Russell Currey <ruscur@russell.cc>
X-Patchwork-Id: 10694409
Return-Path: 
 <kernel-hardening-return-14504-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id F377A13AD
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 22 Nov 2018 15:29:23 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E15A42C549
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 22 Nov 2018 15:29:23 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id D54682CEAE; Thu, 22 Nov 2018 15:29:23 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 592602C549
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 22 Nov 2018 15:29:22 +0000 (UTC)
Received: (qmail 13576 invoked by uid 550); 22 Nov 2018 15:29:18 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Delivered-To: moderator for kernel-hardening@lists.openwall.com
Received: (qmail 17629 invoked from network); 22 Nov 2018 14:04:24 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:date:from
	:in-reply-to:message-id:mime-version:references:subject:to
	:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; bh=MXrzjh44bxWUE/c6WLXOS7ozsDiz4pdVGW2F0pHHyT0=; b=Ymtgguo0
	nA5dfa7+y+xAFq1ZX5PyOEBkrzfkBJTvno7cayJQ9rp37RMLXBLYitaqH8rnjPDJ
	ETuHHevf5qwOpElhcSFtS9P8rqBuvNU6ed2uS6yIdw1y0wUBq50OsgDRjpcotfhT
	pk0Chs7RX/2S2WztRrlT6I/aghsv9zdqYJCPse+vtWNyBnK/tTW0wPmdZci7DVj+
	ylDdwA5HfQmEp/WhHBqvJmNT3UzU6PWyRR//ndZyXc77wa5tFEHGgsxoTeWG+zOc
	ii9QDuLYeeBeW1932RkZ+jlBW3sBdrI/ZTzmciTBQYHEQ9p3gBCFGDjNrycIWDdy
	38aK+YT3WUVqgA==
X-ME-Sender: <xms:W7f2W8fpctZ54YfOgUvOgdx0rjuaKjV-CiLDFNBj5u0Fdak72FMExQ>
X-ME-Proxy: <xmx:W7f2WyLJZ5NagZav5MK3IPK0dPh22oqOyeiAT4CbSoDVO-8j4Kc46Q>
    <xmx:W7f2W7_9CGuAlqM_XoG2T1ss2xwLWfSCs19aVg44IBKINkAeIS_nxw>
    <xmx:W7f2Wx3C5ktCZstS2syS3fn8hCGf8tHQDbhKgJ6Oocr4ISSQ1hjI6w>
    <xmx:W7f2W6s9PJAURD8NyIb7xysNHpVncYOAIn2SYmP1LnCvdFlGxd7nyw>
    <xmx:W7f2W2K17S4A3wSZ6fNzvt8qMy9FJtcV39l5JAicXK9jktA1Qm8uTw>
    <xmx:W7f2Wxm1TRUDpJmsR5st8Ux2TRpUq6gfx6i8S9kJuQcQC0LNRFx9sw>
From: Russell Currey <ruscur@russell.cc>
To: linuxppc-dev@lists.ozlabs.org
Cc: mpe@ellerman.id.au,
	benh@kernel.crashing.org,
	kernel-hardening@lists.openwall.com,
	christophe.leroy@c-s.fr,
	Russell Currey <ruscur@russell.cc>
Subject: [PATCH 1/4] powerpc: Track KUAP state in the PACA
Date: Fri, 23 Nov 2018 01:04:13 +1100
Message-Id: <20181122140416.3447-2-ruscur@russell.cc>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181122140416.3447-1-ruscur@russell.cc>
References: <20181122140416.3447-1-ruscur@russell.cc>
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP

Necessary for subsequent patches that enable KUAP support for radix.
Could plausibly be useful for other platforms too, if similar to the
radix case, reading the register that manages these accesses is
costly.

Has the unfortunate downside of another layer of abstraction for
platforms that implement the locks and unlocks, but this could be
useful in future for other things too, like counters for benchmarking
or smartly handling lots of small accesses at once.

Signed-off-by: Russell Currey <ruscur@russell.cc>
---
this is all because I can't do PACA things from radix.h and I spent
an hour figuring this out at midnight
---
 arch/powerpc/include/asm/nohash/32/pte-8xx.h |  8 +++----
 arch/powerpc/include/asm/paca.h              |  3 +++
 arch/powerpc/include/asm/uaccess.h           | 23 +++++++++++++++++++-
 arch/powerpc/kernel/asm-offsets.c            |  1 +
 4 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/arch/powerpc/include/asm/nohash/32/pte-8xx.h b/arch/powerpc/include/asm/nohash/32/pte-8xx.h
index f1ec7cf949d5..7bc0955a56e9 100644
--- a/arch/powerpc/include/asm/nohash/32/pte-8xx.h
+++ b/arch/powerpc/include/asm/nohash/32/pte-8xx.h
@@ -137,22 +137,22 @@ static inline pte_t pte_mkhuge(pte_t pte)
 #define pte_mkhuge pte_mkhuge
 
 #ifdef CONFIG_PPC_KUAP
-static inline void lock_user_wr_access(void)
+static inline void __lock_user_wr_access(void)
 {
 	mtspr(SPRN_MD_AP, MD_APG_KUAP);
 }
 
-static inline void unlock_user_wr_access(void)
+static inline void __unlock_user_wr_access(void)
 {
 	mtspr(SPRN_MD_AP, MD_APG_INIT);
 }
 
-static inline void lock_user_rd_access(void)
+static inline void __lock_user_rd_access(void)
 {
 	mtspr(SPRN_MD_AP, MD_APG_KUAP);
 }
 
-static inline void unlock_user_rd_access(void)
+static inline void __unlock_user_rd_access(void)
 {
 	mtspr(SPRN_MD_AP, MD_APG_INIT);
 }
diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h
index e843bc5d1a0f..56236f6d8c89 100644
--- a/arch/powerpc/include/asm/paca.h
+++ b/arch/powerpc/include/asm/paca.h
@@ -169,6 +169,9 @@ struct paca_struct {
 	u64 saved_r1;			/* r1 save for RTAS calls or PM or EE=0 */
 	u64 saved_msr;			/* MSR saved here by enter_rtas */
 	u16 trap_save;			/* Used when bad stack is encountered */
+#ifdef CONFIG_PPC_KUAP
+	u8 user_access_allowed;		/* can the kernel access user memory? */
+#endif
 	u8 irq_soft_mask;		/* mask for irq soft masking */
 	u8 irq_happened;		/* irq happened while soft-disabled */
 	u8 io_sync;			/* writel() needs spin_unlock sync */
diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
index 2f3625cbfcee..76dae1095f7e 100644
--- a/arch/powerpc/include/asm/uaccess.h
+++ b/arch/powerpc/include/asm/uaccess.h
@@ -63,7 +63,28 @@ static inline int __access_ok(unsigned long addr, unsigned long size,
 
 #endif
 
-#ifndef CONFIG_PPC_KUAP
+#ifdef CONFIG_PPC_KUAP
+static inline void unlock_user_rd_access(void)
+{
+	__unlock_user_rd_access();
+	get_paca()->user_access_allowed = 1;
+}
+static inline void lock_user_rd_access(void)
+{
+	__lock_user_rd_access();
+	get_paca()->user_access_allowed = 0;
+}
+static inline void unlock_user_wr_access(void)
+{
+	__unlock_user_wr_access();
+	get_paca()->user_access_allowed = 1;
+}
+static inline void lock_user_wr_access(void)
+{
+	__lock_user_wr_access();
+	get_paca()->user_access_allowed = 0;
+}
+#else
 static inline void unlock_user_rd_access(void) { }
 static inline void lock_user_rd_access(void) { }
 static inline void unlock_user_wr_access(void) { }
diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c
index da2f5d011ddb..899e9835b45f 100644
--- a/arch/powerpc/kernel/asm-offsets.c
+++ b/arch/powerpc/kernel/asm-offsets.c
@@ -260,6 +260,7 @@ int main(void)
 	OFFSET(ACCOUNT_STARTTIME_USER, paca_struct, accounting.starttime_user);
 	OFFSET(ACCOUNT_USER_TIME, paca_struct, accounting.utime);
 	OFFSET(ACCOUNT_SYSTEM_TIME, paca_struct, accounting.stime);
+	OFFSET(PACA_USER_ACCESS_ALLOWED, paca_struct, user_access_allowed);
 	OFFSET(PACA_TRAP_SAVE, paca_struct, trap_save);
 	OFFSET(PACA_NAPSTATELOST, paca_struct, nap_state_lost);
 	OFFSET(PACA_SPRG_VDSO, paca_struct, sprg_vdso);