From: linux@arm.linux.org.uk (Russell King - ARM Linux)
To: linux-arm-kernel@lists.infradead.org
Subject: Prevent list poison values from being mapped by userspace processes
Date: Tue, 25 Aug 2015 09:15:56 +0100 [thread overview]
Message-ID: <20150825081556.GL7557@n2100.arm.linux.org.uk> (raw)
In-Reply-To: <55DB16AF.7090607@freebox.fr>
On Mon, Aug 24, 2015 at 03:05:51PM +0200, Nicolas Schichan wrote:
> I gave your patch serie a try on ARMv5/kirkwood (backported on a v4.1 kernel)
> and at first I got the following panic just after the kernel transitioned
> to userland (with CONFIG_CPU_SW_DOMAIN_PAN=y):
Ah, damn. Thanks for testing. I really need to add some non-ARMv7
platforms to my nightly test rig, but I'm out of physical space to
do that. :p
> I have tracked this to the attempt made by the code in
> arch/arm/mm/abort-ev5t.S to read the fault instruction which in this
> case is in unserspace:
>
> ldreq r3, [r4] @ read aborted ARM instruction
There's going to be many more of these... it may be better if I left
the domain enabled when calling into these handlers, and had every
handler do the turn-off itself when it's ready to do so - there's
no point turning off userspace access only to then immediately
re-enable it.
> With the changes above, userland boots fine and attempts to
> dereference LIST_POISON1 from the kernel results the expected "page
> domain fault".
>
> To test that I mapped LIST_POISON1 from user space via mmap() and
> triggered the fault by reading from /proc/cpu/alignment. I modified the
> code showing /proc/cpu/alignment to access LIST_POISON1. Without your
> patch serie the access to LIST_POISON1 goes through without a hitch.
Great, thanks for the independent testing of its effectiveness.
> Also, when CONFIG_CPU_SW_DOMAIN_PAN is not set, the DACR_INIT constant is
> setup with (domain_val(DOMAIN_USER, DOMAIN_NOACCESS) which will cause the
> kernel to die with a "page domain fault" when running init.
If you don't mind, I'll merge that into the patch adding this so it
doesn't introduce a regression there.
Once I've fixed the abort handler issue, would you mind re-testing
and giving a tested-by attributation please?
--
FTTC broadband for 0.8mile line: currently at 10.5Mbps down 400kbps up
according to speedtest.net.
next prev parent reply other threads:[~2015-08-25 8:15 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-18 21:42 Prevent list poison values from being mapped by userspace processes Jeffrey Vander Stoep
2015-08-21 13:30 ` Russell King - ARM Linux
2015-08-21 13:31 ` [PATCH 1/9] ARM: domains: switch to keeping domain value in register Russell King
2015-08-21 13:31 ` [PATCH 2/9] ARM: domains: provide domain_mask() Russell King
2015-08-21 13:31 ` [PATCH 3/9] ARM: domains: move initial domain setting value to asm/domains.h Russell King
2015-08-21 13:31 ` [PATCH 4/9] ARM: domains: get rid of manager mode for user domain Russell King
2015-08-21 13:31 ` [PATCH 5/9] ARM: domains: keep vectors in separate domain Russell King
2015-08-21 13:31 ` [PATCH 6/9] ARM: domains: remove DOMAIN_TABLE Russell King
2015-08-21 13:31 ` [PATCH 7/9] ARM: uaccess: provide uaccess_save_and_enable() and uaccess_restore() Russell King
2015-08-21 13:31 ` [PATCH 8/9] ARM: entry: provide uaccess assembly macro hooks Russell King
2015-08-27 21:40 ` Stephen Boyd
2015-08-21 13:31 ` [PATCH 9/9] ARM: software-based priviledged-no-access support Russell King
2015-08-25 10:32 ` Geert Uytterhoeven
2015-08-25 10:44 ` Russell King - ARM Linux
2015-08-25 11:21 ` Geert Uytterhoeven
2015-08-25 12:38 ` Russell King - ARM Linux
2015-08-25 12:47 ` Geert Uytterhoeven
2015-08-25 13:55 ` Nicolas Schichan
2015-08-25 14:05 ` Will Deacon
2015-08-21 13:46 ` [PATCH 0/4] Efficiency cleanups Russell King - ARM Linux
2015-08-21 13:48 ` [PATCH 1/4] ARM: uaccess: simplify user access assembly Russell King
2015-08-21 13:48 ` [PATCH 2/4] ARM: entry: get rid of asm_trace_hardirqs_on_cond Russell King
2015-08-21 13:48 ` [PATCH 3/4] ARM: entry: efficiency cleanups Russell King
2015-08-21 13:48 ` [PATCH 4/4] ARM: entry: ensure that IRQs are enabled when calling syscall_trace_exit() Russell King
2015-08-24 14:36 ` [PATCH 0/4] Efficiency cleanups Will Deacon
2015-08-24 15:00 ` Russell King - ARM Linux
2015-08-21 17:32 ` Prevent list poison values from being mapped by userspace processes Catalin Marinas
2015-08-24 12:06 ` Russell King - ARM Linux
2015-08-24 13:05 ` Nicolas Schichan
2015-08-25 8:15 ` Russell King - ARM Linux [this message]
2015-08-25 13:17 ` Nicolas Schichan
2015-08-24 18:06 ` Kees Cook
2015-08-24 18:47 ` Russell King - ARM Linux
2015-08-24 18:51 ` Kees Cook
2015-08-24 19:14 ` Russell King - ARM Linux
2015-08-24 19:22 ` Kees Cook
2015-08-24 19:32 ` Russell King - ARM Linux
2015-08-24 22:01 ` Kees Cook
2015-08-26 20:34 ` Russell King - ARM Linux
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150825081556.GL7557@n2100.arm.linux.org.uk \
--to=linux@arm.linux.org.uk \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).