From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 58D86C47258 for ; Tue, 23 Jan 2024 21:29:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=aNdZKE64YUHSJ/nNgEnhh9AzC/+P9KTzrX/PuPAma8g=; b=tI6bAJwMZYorsC 2Yh1fbm+MxW/dOSuJ+wzmRyQ6PVRjhV+4ADP2xregEAvyE19NzOAM6cGuQO0ip94pmfwyI/Jb8HIP zsKlAikAFNU0Bn7PZi4kKubDJQRypSr1/Dn6gqQ/b/t45taRRvTM+eKKjDjtY78IWatcrjsm68U+8 JHZcJrTe52zdMyXgLKrYoYvN+NRCr0GozxNA2FmOdpZ+KHq5J4cSuXWuFkhZ8kWhnaBaKc4zkJRnh O0N7Q3mAxhabUYKu8m3XZuSjz5Qvm46r2zNFUakQTL/s5g+fN7kiLCwlVPI468eeTF+8/GIvfvwpk AvjWDhB6e1yqhQiZtx3w==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rSOK4-000XKl-25; Tue, 23 Jan 2024 21:28:44 +0000 Received: from pandora.armlinux.org.uk ([2001:4d48:ad52:32c8:5054:ff:fe00:142]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rSOK1-000XJC-1Q for linux-arm-kernel@lists.infradead.org; Tue, 23 Jan 2024 21:28:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=armlinux.org.uk; s=pandora-2019; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=xaySUJx85URNHUwGtjfIqwcFglP95PNyc8egV0szqxU=; b=l0dR53FxT9ciNvFkbJkWCC2Byw bNRptvxvWMqLooiQxo9rnBOu2eUzpNtiE8D8esEN2231KWCWLIpQeSDriS+jvWHCxjnbyT9hv+BZb R85cimZnzREy3PBRBx39y25SbH6Q4///LGZ0SN1z2n1ak3yrK74W0LgTXbRr1eE2FfOL/OjA6OA2s /lQahJjQJFpHdyoZNd64R6mv6q3XyFAcd15k+OtEwtavhNTzD5+Vf/VPn+oH/mKdf59F+EXhQDMZZ l4CfyOe9P7SZs/oodkzHkJYTwBUDnhG1x7Q8Ht6Wy4go1+VHnAVXmp/t+IrDLlQ+46+3qoFAOGkSe bQzFMSmQ==; Received: from shell.armlinux.org.uk ([fd8f:7570:feb6:1:5054:ff:fe00:4ec]:40054) by pandora.armlinux.org.uk with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1rSOJu-00039G-1G; Tue, 23 Jan 2024 21:28:34 +0000 Received: from linux by shell.armlinux.org.uk with local (Exim 4.94.2) (envelope-from ) id 1rSOJu-0002HL-4g; Tue, 23 Jan 2024 21:28:34 +0000 Date: Tue, 23 Jan 2024 21:28:34 +0000 From: "Russell King (Oracle)" To: Linus Walleij Cc: Ard Biesheuvel , Arnd Bergmann , Stefan Wahren , Kees Cook , Geert Uytterhoeven , linux-arm-kernel@lists.infradead.org, Catalin Marinas Subject: Re: [PATCH 0/4] PAN for ARM32 using LPAE Message-ID: References: <20240123-arm32-lpae-pan-v1-0-7ea98a20514c@linaro.org> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20240123-arm32-lpae-pan-v1-0-7ea98a20514c@linaro.org> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20240123_132841_478979_4C66205A X-CRM114-Status: GOOD ( 30.30 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Second posting within seconds? On Tue, Jan 23, 2024 at 10:16:13PM +0100, Linus Walleij wrote: > This is a patch set from Catalin that ended up on the back burner. > > Since LPAE systems, i.e. ARM32 systems with a lot of physical memory, > will be with us for a while more, this is a pretty straight-forward > hardening measure that we should support. > > The last patch explains the mechanism: since PAN using CPU domains > isn't available when using the LPAE MMU tables, we use the split > between the two translation base tables instead: TTBR0 is for > userspace pages and TTBR1 is for kernelspace tables. When executing > in kernelspace: we protect userspace by simply disabling page > walks in TTBR0. > > This was tested by a simple hack in the ELF loader: > > create_elf_tables() > + unsigned char *test; > (...) > if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) > return -EFAULT; > + /* Cause a kernelspace access to userspace memory */ > + test = (char *)u_rand_bytes; > + pr_info("Some byte: %02x\n", *test); > > This tries to read a byte from userspace memory right after the > first unconditional copy_to_user(), a function that carefully > switches access permissions if we're using PAN. > > Without LPAE PAN this will just happily print these bytes from > userspace but with LPAE PAN it will cause a predictable > crash: > > Run /init as init process > Some byte: ac > 8<--- cut here --- > Unable to handle kernel paging request at virtual address 7ec59f6b when read > [7ec59f6b] *pgd=82c3b003, *pmd=82863003, *pte=e00000882f6f5f > Internal error: Oops: 206 [#1] SMP ARM > CPU: 0 PID: 47 Comm: rc.init Not tainted 6.7.0-rc1+ #25 > Hardware name: ARM-Versatile Express > PC is at create_elf_tables+0x13c/0x608 > > Thus we can show that LPAE PAN does its job. > > Changes from Catalins initial patch set: > > - Use IS_ENABLED() to avoid some ifdefs > - Create a uaccess_disabled() for classic CPU domains > and reate a stub uaccess_disabled() for !PAN so we can > always check this. > > Signed-off-by: Linus Walleij > --- > Catalin Marinas (4): > ARM: Add TTBCR_* definitions to pgtable-3level-hwdef.h > ARM: Move asm statements accessing TTBCR into C functions > ARM: Reduce the number of #ifdef CONFIG_CPU_SW_DOMAIN_PAN > ARM: Implement privileged no-access using TTBR0 page table walks disabling > > arch/arm/Kconfig | 22 ++++++++-- > arch/arm/include/asm/assembler.h | 1 + > arch/arm/include/asm/pgtable-3level-hwdef.h | 26 +++++++++++ > arch/arm/include/asm/proc-fns.h | 12 +++++ > arch/arm/include/asm/uaccess-asm.h | 58 ++++++++++++++++++++++-- > arch/arm/include/asm/uaccess.h | 68 ++++++++++++++++++++++++++--- > arch/arm/kernel/suspend.c | 8 ++++ > arch/arm/lib/csumpartialcopyuser.S | 20 ++++++++- > arch/arm/mm/fault.c | 8 ++++ > arch/arm/mm/mmu.c | 7 ++- > 10 files changed, 212 insertions(+), 18 deletions(-) > --- > base-commit: 8615ebf1370a798c403b4495f39de48270ad48f9 > change-id: 20231216-arm32-lpae-pan-56125ab63d63 > > Best regards, > -- > Linus Walleij > > > _______________________________________________ > linux-arm-kernel mailing list > linux-arm-kernel@lists.infradead.org > http://lists.infradead.org/mailman/listinfo/linux-arm-kernel > -- RMK's Patch system: https://www.armlinux.org.uk/developer/patches/ FTTP is here! 80Mbps down 10Mbps up. Decent connectivity at last! _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel