From: will.deacon@arm.com (Will Deacon)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH v2 10/10] ARM: software-based priviledged-no-access support
Date: Tue, 25 Aug 2015 17:53:26 +0100 [thread overview]
Message-ID: <20150825165326.GL21300@arm.com> (raw)
In-Reply-To: <E1ZUGMS-0000BG-8B@rmk-PC.arm.linux.org.uk>
Hi Russell,
On Tue, Aug 25, 2015 at 04:42:08PM +0100, Russell King wrote:
> Provide a software-based implementation of the priviledged no access
> support found in ARMv8.1.
>
> Userspace pages are mapped using a different domain number from the
> kernel and IO mappings. If we switch the user domain to "no access"
> when we enter the kernel, we can prevent the kernel from touching
> userspace.
>
> However, the kernel needs to be able to access userspace via the
> various user accessor functions. With the wrapping in the previous
> patch, we can temporarily enable access when the kernel needs user
> access, and re-disable it afterwards.
>
> This allows us to trap non-intended accesses to userspace, eg, caused
> by an inadvertent dereference of the LIST_POISON* values, which, with
> appropriate user mappings setup, can be made to succeed. This in turn
> can allow use-after-free bugs to be further exploited than would
> otherwise be possible.
>
> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
> ---
> arch/arm/Kconfig | 15 +++++++++++++++
> arch/arm/include/asm/assembler.h | 30 ++++++++++++++++++++++++++++++
> arch/arm/include/asm/domain.h | 21 +++++++++++++++++++--
> arch/arm/include/asm/uaccess.h | 14 ++++++++++++++
> arch/arm/kernel/process.c | 24 ++++++++++++++++++------
> arch/arm/lib/csumpartialcopyuser.S | 14 ++++++++++++++
> 6 files changed, 110 insertions(+), 8 deletions(-)
>
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index a750c1425c3a..a898eb72da51 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -1694,6 +1694,21 @@ config HIGHPTE
> bool "Allocate 2nd-level pagetables from highmem"
> depends on HIGHMEM
>
> +config CPU_SW_DOMAIN_PAN
> + bool "Enable use of CPU domains to implement priviledged no-access"
Minor comment, but you've consistently misspelt "privileged".
Anyway, I tried this on my TC2 board running Debian Jessie armhf and,
whilst it boots to a shell on the console, ssh connections appear to
hang on the client before even trying to auth. I don't see anything
like a domain fault and the machine is still responsive on the console.
Disabling this option gets things working again for me.
Note that I *do* see undefined instruction exceptions from sshd
regardless of this patch, however I think they're triggered from
something like libcrypto which is prepared to handle the SIGILL.
FWIW, I'm using your ten patches from this series on top of 4.2-rc8 and
I've put the .config here:
http://www.willdeacon.ukfsn.org/bitbucket/oopsen/pan/pan-tc2.config
Will
next prev parent reply other threads:[~2015-08-25 16:53 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-25 15:40 [PATCH v2 00/10] Prevent list poison values from being mapped by userspace processes Russell King - ARM Linux
2015-08-25 15:41 ` [PATCH v2 01/10] ARM: domains: switch to keeping domain value in register Russell King
2015-08-25 15:41 ` [PATCH v2 02/10] ARM: domains: provide domain_mask() Russell King
2015-08-25 15:41 ` [PATCH v2 03/10] ARM: domains: move initial domain setting value to asm/domains.h Russell King
2015-08-25 15:41 ` [PATCH v2 04/10] ARM: domains: get rid of manager mode for user domain Russell King
2015-08-25 15:41 ` [PATCH v2 05/10] ARM: domains: keep vectors in separate domain Russell King
2015-08-25 15:41 ` [PATCH v2 06/10] ARM: domains: remove DOMAIN_TABLE Russell King
2015-08-25 15:41 ` [PATCH v2 07/10] ARM: mm: improve do_ldrd_abort macro Russell King
2015-08-25 15:41 ` [PATCH v2 08/10] ARM: uaccess: provide uaccess_save_and_enable() and uaccess_restore() Russell King
2015-08-25 15:42 ` [PATCH v2 09/10] ARM: entry: provide uaccess assembly macro hooks Russell King
2015-08-25 15:42 ` [PATCH v2 10/10] ARM: software-based priviledged-no-access support Russell King
2015-08-25 16:53 ` Will Deacon [this message]
2015-08-25 17:07 ` Nicolas Schichan
2015-08-25 17:48 ` Russell King - ARM Linux
2015-08-26 13:36 ` Nicolas Schichan
2015-10-09 8:28 ` Linus Walleij
2015-10-09 10:53 ` Will Deacon
2015-10-09 11:24 ` Russell King - ARM Linux
2015-10-09 12:32 ` Will Deacon
2015-10-12 7:51 ` Linus Walleij
2015-10-23 8:05 ` Linus Walleij
2015-10-23 8:46 ` Russell King - ARM Linux
2015-10-27 17:11 ` Will Deacon
2015-08-25 16:37 ` [PATCH v2 11/10] ARM: fix swp-emulate Russell King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150825165326.GL21300@arm.com \
--to=will.deacon@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.