From: Nicholas Piggin <npiggin@gmail.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Michael Ellerman <mpe@ellerman.id.au>,
Paul Mackerras <paulus@samba.org>
Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v1 1/5] powerpc/mm: sanity_check_fault() should work for all, not only BOOK3S
Date: Tue, 08 Sep 2020 18:43:48 +1000 [thread overview]
Message-ID: <1599554359.m174sr2fhg.astroid@bobo.none> (raw)
In-Reply-To: <7baae4086cbb9ffb08c933b065ff7d29dbc03dd6.1596734104.git.christophe.leroy@csgroup.eu>
Excerpts from Christophe Leroy's message of August 7, 2020 3:15 am:
> The verification and message introduced by commit 374f3f5979f9
> ("powerpc/mm/hash: Handle user access of kernel address gracefully")
> applies to all platforms, it should not be limited to BOOK3S.
>
> Make the BOOK3S version of sanity_check_fault() the one for all,
> and bail out earlier if not BOOK3S.
>
> Fixes: 374f3f5979f9 ("powerpc/mm/hash: Handle user access of kernel address gracefully")
> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
> ---
> arch/powerpc/mm/fault.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
> index 925a7231abb3..2efa34d7e644 100644
> --- a/arch/powerpc/mm/fault.c
> +++ b/arch/powerpc/mm/fault.c
> @@ -303,7 +303,6 @@ static inline void cmo_account_page_fault(void)
> static inline void cmo_account_page_fault(void) { }
> #endif /* CONFIG_PPC_SMLPAR */
>
> -#ifdef CONFIG_PPC_BOOK3S
> static void sanity_check_fault(bool is_write, bool is_user,
> unsigned long error_code, unsigned long address)
> {
> @@ -320,6 +319,9 @@ static void sanity_check_fault(bool is_write, bool is_user,
> return;
> }
>
> + if (!IS_ENABLED(CONFIG_PPC_BOOK3S))
> + return;
Seems okay. Why is address == -1 special though? I guess it's because
it may not be an exploit kernel reference but a buggy pointer underflow?
In that case -1 doesn't seem like it would catch very much. Would it be
better to test for high bit set for example ((long)address < 0) ?
Anyway for your patch
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
> +
> /*
> * For hash translation mode, we should never get a
> * PROTFAULT. Any update to pte to reduce access will result in us
> @@ -354,10 +356,6 @@ static void sanity_check_fault(bool is_write, bool is_user,
>
> WARN_ON_ONCE(error_code & DSISR_PROTFAULT);
> }
> -#else
> -static void sanity_check_fault(bool is_write, bool is_user,
> - unsigned long error_code, unsigned long address) { }
> -#endif /* CONFIG_PPC_BOOK3S */
>
> /*
> * Define the correct "is_write" bit in error_code based
> --
> 2.25.0
>
>
WARNING: multiple messages have this Message-ID (diff)
From: Nicholas Piggin <npiggin@gmail.com>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Michael Ellerman <mpe@ellerman.id.au>,
Paul Mackerras <paulus@samba.org>
Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Subject: Re: [PATCH v1 1/5] powerpc/mm: sanity_check_fault() should work for all, not only BOOK3S
Date: Tue, 08 Sep 2020 18:43:48 +1000 [thread overview]
Message-ID: <1599554359.m174sr2fhg.astroid@bobo.none> (raw)
In-Reply-To: <7baae4086cbb9ffb08c933b065ff7d29dbc03dd6.1596734104.git.christophe.leroy@csgroup.eu>
Excerpts from Christophe Leroy's message of August 7, 2020 3:15 am:
> The verification and message introduced by commit 374f3f5979f9
> ("powerpc/mm/hash: Handle user access of kernel address gracefully")
> applies to all platforms, it should not be limited to BOOK3S.
>
> Make the BOOK3S version of sanity_check_fault() the one for all,
> and bail out earlier if not BOOK3S.
>
> Fixes: 374f3f5979f9 ("powerpc/mm/hash: Handle user access of kernel address gracefully")
> Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
> ---
> arch/powerpc/mm/fault.c | 8 +++-----
> 1 file changed, 3 insertions(+), 5 deletions(-)
>
> diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
> index 925a7231abb3..2efa34d7e644 100644
> --- a/arch/powerpc/mm/fault.c
> +++ b/arch/powerpc/mm/fault.c
> @@ -303,7 +303,6 @@ static inline void cmo_account_page_fault(void)
> static inline void cmo_account_page_fault(void) { }
> #endif /* CONFIG_PPC_SMLPAR */
>
> -#ifdef CONFIG_PPC_BOOK3S
> static void sanity_check_fault(bool is_write, bool is_user,
> unsigned long error_code, unsigned long address)
> {
> @@ -320,6 +319,9 @@ static void sanity_check_fault(bool is_write, bool is_user,
> return;
> }
>
> + if (!IS_ENABLED(CONFIG_PPC_BOOK3S))
> + return;
Seems okay. Why is address == -1 special though? I guess it's because
it may not be an exploit kernel reference but a buggy pointer underflow?
In that case -1 doesn't seem like it would catch very much. Would it be
better to test for high bit set for example ((long)address < 0) ?
Anyway for your patch
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
> +
> /*
> * For hash translation mode, we should never get a
> * PROTFAULT. Any update to pte to reduce access will result in us
> @@ -354,10 +356,6 @@ static void sanity_check_fault(bool is_write, bool is_user,
>
> WARN_ON_ONCE(error_code & DSISR_PROTFAULT);
> }
> -#else
> -static void sanity_check_fault(bool is_write, bool is_user,
> - unsigned long error_code, unsigned long address) { }
> -#endif /* CONFIG_PPC_BOOK3S */
>
> /*
> * Define the correct "is_write" bit in error_code based
> --
> 2.25.0
>
>
next prev parent reply other threads:[~2020-09-08 8:45 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-06 17:15 [PATCH v1 1/5] powerpc/mm: sanity_check_fault() should work for all, not only BOOK3S Christophe Leroy
2020-08-06 17:15 ` Christophe Leroy
2020-08-06 17:15 ` [PATCH v1 2/5] powerpc/fault: Unnest definition of page_fault_is_write() and page_fault_is_bad() Christophe Leroy
2020-08-06 17:15 ` Christophe Leroy
2020-09-08 8:44 ` Nicholas Piggin
2020-09-08 8:44 ` Nicholas Piggin
2020-08-06 17:15 ` [PATCH v1 3/5] powerpc/fault: Reorder tests in bad_kernel_fault() Christophe Leroy
2020-08-06 17:15 ` Christophe Leroy
2020-09-08 8:46 ` Nicholas Piggin
2020-09-08 8:46 ` Nicholas Piggin
2020-08-06 17:15 ` [PATCH v1 4/5] powerpc/fault: Avoid heavy search_exception_tables() verification Christophe Leroy
2020-08-06 17:15 ` Christophe Leroy
2020-09-08 8:54 ` Nicholas Piggin
2020-09-08 8:54 ` Nicholas Piggin
2020-09-09 6:04 ` Aneesh Kumar K.V
2020-09-09 6:20 ` Christophe Leroy
2020-09-14 2:23 ` Nicholas Piggin
2020-09-14 2:23 ` Nicholas Piggin
2020-08-06 17:15 ` [PATCH v1 5/5] powerpc/fault: Perform exception fixup in do_page_fault() Christophe Leroy
2020-08-06 17:15 ` Christophe Leroy
2020-08-06 21:07 ` kernel test robot
2020-08-06 21:07 ` kernel test robot
2020-08-06 21:07 ` kernel test robot
2020-09-08 9:13 ` Nicholas Piggin
2020-09-08 9:13 ` Nicholas Piggin
2020-09-08 8:43 ` Nicholas Piggin [this message]
2020-09-08 8:43 ` [PATCH v1 1/5] powerpc/mm: sanity_check_fault() should work for all, not only BOOK3S Nicholas Piggin
2020-09-08 8:56 ` Christophe Leroy
2020-09-08 8:56 ` Christophe Leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1599554359.m174sr2fhg.astroid@bobo.none \
--to=npiggin@gmail.com \
--cc=benh@kernel.crashing.org \
--cc=christophe.leroy@csgroup.eu \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.