Commit d61172b4 authored by Dave Hansen's avatar Dave Hansen Committed by Ingo Molnar
Browse files

mm/core, x86/mm/pkeys: Differentiate instruction fetches 



As discussed earlier, we attempt to enforce protection keys in
software.

However, the code checks all faults to ensure that they are not
violating protection key permissions.  It was assumed that all
faults are either write faults where we check PKRU[key].WD (write
disable) or read faults where we check the AD (access disable)
bit.

But, there is a third category of faults for protection keys:
instruction faults.  Instruction faults never run afoul of
protection keys because they do not affect instruction fetches.

So, plumb the PF_INSTR bit down in to the
arch_vma_access_permitted() function where we do the protection
key checks.

We also add a new FAULT_FLAG_INSTRUCTION.  This is because
handle_mm_fault() is not passed the architecture-specific
error_code where we keep PF_INSTR, so we need to encode the
instruction fetch information in to the arch-generic fault
flags.

Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: default avatarThomas Gleixner <tglx@linutronix.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/20160212210224.96928009@viggo.jf.intel.com


Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
parent 07f146f5

arch/powerpc/include/asm/mmu_context.h

+1 −1
Original line number Diff line number Diff line
@@ -149,7 +149,7 @@ static inline void arch_bprm_mm_init(struct mm_struct *mm, 
}



static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,

		bool write, bool foreign)

		bool write, bool execute, bool foreign)

{

	/* by default, allow everything */

	return true;

arch/s390/include/asm/mmu_context.h

+1 −1
Original line number Diff line number Diff line
@@ -131,7 +131,7 @@ static inline void arch_bprm_mm_init(struct mm_struct *mm, 
}



static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,

		bool write, bool foreign)

		bool write, bool execute, bool foreign)

{

	/* by default, allow everything */

	return true;

arch/x86/include/asm/mmu_context.h

+4 −1
Original line number Diff line number Diff line
@@ -323,8 +323,11 @@ static inline bool vma_is_foreign(struct vm_area_struct *vma) 
}



static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,

		bool write, bool foreign)

		bool write, bool execute, bool foreign)

{

	/* pkeys never affect instruction fetches */

	if (execute)

		return true;

	/* allow access if the VMA is not one from this process */

	if (foreign || vma_is_foreign(vma))

		return true;

arch/x86/mm/fault.c

+6 −2
Original line number Diff line number Diff line
@@ -908,7 +908,8 @@ static inline bool bad_area_access_from_pkeys(unsigned long error_code, 
	if (error_code & PF_PK)

		return true;

	/* this checks permission keys on the VMA: */

	if (!arch_vma_access_permitted(vma, (error_code & PF_WRITE), foreign))

	if (!arch_vma_access_permitted(vma, (error_code & PF_WRITE),

				(error_code & PF_INSTR), foreign))

		return true;

	return false;

}
@@ -1112,7 +1113,8 @@ access_error(unsigned long error_code, struct vm_area_struct *vma) 
	 * faults just to hit a PF_PK as soon as we fill in a

	 * page.

	 */

	if (!arch_vma_access_permitted(vma, (error_code & PF_WRITE), foreign))

	if (!arch_vma_access_permitted(vma, (error_code & PF_WRITE),

				(error_code & PF_INSTR), foreign))

		return 1;



	if (error_code & PF_WRITE) {
@@ -1267,6 +1269,8 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code, 


	if (error_code & PF_WRITE)

		flags |= FAULT_FLAG_WRITE;

	if (error_code & PF_INSTR)

		flags |= FAULT_FLAG_INSTRUCTION;



	/*

	 * When running in the kernel we expect faults to occur only to

include/asm-generic/mm_hooks.h

+1 −1
Original line number Diff line number Diff line
@@ -27,7 +27,7 @@ static inline void arch_bprm_mm_init(struct mm_struct *mm, 
}



static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,

		bool write, bool foreign)

		bool write, bool execute, bool foreign)

{

	/* by default, allow everything */

	return true;

CRA Git | Maintained and supported by SUSTech CRA and CCSE