From: Aneesh Kumar K.V Date: Fri, 27 Nov 2020 04:44:17 +0000 (+0530) Subject: powerpc/book3s64/kuap: Restrict access to userspace based on userspace AMR X-Git-Tag: 5.11-rc-smb3-part2~9^2~158 X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=4d6c551e9f548f7675a01eff229d09ab41162a25;p=sfrench%2Fcifs-2.6.git powerpc/book3s64/kuap: Restrict access to userspace based on userspace AMR If an application has configured address protection such that read/write is denied using pkey even the kernel should receive a FAULT on accessing the same. This patch use user AMR value stored in pt_regs.amr to achieve the same. Signed-off-by: Aneesh Kumar K.V Reviewed-by: Sandipan Das Signed-off-by: Michael Ellerman Link: https://lore.kernel.org/r/20201127044424.40686-16-aneesh.kumar@linux.ibm.com --- diff --git a/arch/powerpc/include/asm/book3s/64/kup.h b/arch/powerpc/include/asm/book3s/64/kup.h index f41f6f468002..4fa0760a47a4 100644 --- a/arch/powerpc/include/asm/book3s/64/kup.h +++ b/arch/powerpc/include/asm/book3s/64/kup.h @@ -314,14 +314,20 @@ bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write) static __always_inline void allow_user_access(void __user *to, const void __user *from, unsigned long size, unsigned long dir) { + unsigned long thread_amr = 0; + // This is written so we can resolve to a single case at build time BUILD_BUG_ON(!__builtin_constant_p(dir)); + + if (mmu_has_feature(MMU_FTR_PKEY)) + thread_amr = current_thread_amr(); + if (dir == KUAP_READ) - set_kuap(AMR_KUAP_BLOCK_WRITE); + set_kuap(thread_amr | AMR_KUAP_BLOCK_WRITE); else if (dir == KUAP_WRITE) - set_kuap(AMR_KUAP_BLOCK_READ); + set_kuap(thread_amr | AMR_KUAP_BLOCK_READ); else if (dir == KUAP_READ_WRITE) - set_kuap(0); + set_kuap(thread_amr); else BUILD_BUG(); }