From: will.deacon@arm•com (Will Deacon)
To: linux-arm-kernel@lists•infradead.org
Subject: [PATCH v2 10/10] ARM: software-based priviledged-no-access support
Date: Tue, 25 Aug 2015 17:53:26 +0100 [thread overview]
Message-ID: <20150825165326.GL21300@arm.com> (raw)
In-Reply-To: <E1ZUGMS-0000BG-8B@rmk-PC.arm.linux.org.uk>
Hi Russell,
On Tue, Aug 25, 2015 at 04:42:08PM +0100, Russell King wrote:
> Provide a software-based implementation of the priviledged no access
> support found in ARMv8.1.
>
> Userspace pages are mapped using a different domain number from the
> kernel and IO mappings. If we switch the user domain to "no access"
> when we enter the kernel, we can prevent the kernel from touching
> userspace.
>
> However, the kernel needs to be able to access userspace via the
> various user accessor functions. With the wrapping in the previous
> patch, we can temporarily enable access when the kernel needs user
> access, and re-disable it afterwards.
>
> This allows us to trap non-intended accesses to userspace, eg, caused
> by an inadvertent dereference of the LIST_POISON* values, which, with
> appropriate user mappings setup, can be made to succeed. This in turn
> can allow use-after-free bugs to be further exploited than would
> otherwise be possible.
>
> Signed-off-by: Russell King <rmk+kernel@arm•linux.org.uk>
> ---
> arch/arm/Kconfig | 15 +++++++++++++++
> arch/arm/include/asm/assembler.h | 30 ++++++++++++++++++++++++++++++
> arch/arm/include/asm/domain.h | 21 +++++++++++++++++++--
> arch/arm/include/asm/uaccess.h | 14 ++++++++++++++
> arch/arm/kernel/process.c | 24 ++++++++++++++++++------
> arch/arm/lib/csumpartialcopyuser.S | 14 ++++++++++++++
> 6 files changed, 110 insertions(+), 8 deletions(-)
>
> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
> index a750c1425c3a..a898eb72da51 100644
> --- a/arch/arm/Kconfig
> +++ b/arch/arm/Kconfig
> @@ -1694,6 +1694,21 @@ config HIGHPTE
> bool "Allocate 2nd-level pagetables from highmem"
> depends on HIGHMEM
>
> +config CPU_SW_DOMAIN_PAN
> + bool "Enable use of CPU domains to implement priviledged no-access"
Minor comment, but you've consistently misspelt "privileged".
Anyway, I tried this on my TC2 board running Debian Jessie armhf and,
whilst it boots to a shell on the console, ssh connections appear to
hang on the client before even trying to auth. I don't see anything
like a domain fault and the machine is still responsive on the console.
Disabling this option gets things working again for me.
Note that I *do* see undefined instruction exceptions from sshd
regardless of this patch, however I think they're triggered from
something like libcrypto which is prepared to handle the SIGILL.
FWIW, I'm using your ten patches from this series on top of 4.2-rc8 and
I've put the .config here:
http://www.willdeacon.ukfsn.org/bitbucket/oopsen/pan/pan-tc2.config
Will
next prev parent reply other threads:[~2015-08-25 16:53 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-25 15:40 [PATCH v2 00/10] Prevent list poison values from being mapped by userspace processes Russell King - ARM Linux
2015-08-25 15:41 ` [PATCH v2 01/10] ARM: domains: switch to keeping domain value in register Russell King
2015-08-25 15:41 ` [PATCH v2 02/10] ARM: domains: provide domain_mask() Russell King
2015-08-25 15:41 ` [PATCH v2 03/10] ARM: domains: move initial domain setting value to asm/domains.h Russell King
2015-08-25 15:41 ` [PATCH v2 04/10] ARM: domains: get rid of manager mode for user domain Russell King
2015-08-25 15:41 ` [PATCH v2 05/10] ARM: domains: keep vectors in separate domain Russell King
2015-08-25 15:41 ` [PATCH v2 06/10] ARM: domains: remove DOMAIN_TABLE Russell King
2015-08-25 15:41 ` [PATCH v2 07/10] ARM: mm: improve do_ldrd_abort macro Russell King
2015-08-25 15:41 ` [PATCH v2 08/10] ARM: uaccess: provide uaccess_save_and_enable() and uaccess_restore() Russell King
2015-08-25 15:42 ` [PATCH v2 09/10] ARM: entry: provide uaccess assembly macro hooks Russell King
2015-08-25 15:42 ` [PATCH v2 10/10] ARM: software-based priviledged-no-access support Russell King
2015-08-25 16:53 ` Will Deacon [this message]
2015-08-25 17:07 ` Nicolas Schichan
2015-08-25 17:48 ` Russell King - ARM Linux
2015-08-26 13:36 ` Nicolas Schichan
2015-10-09 8:28 ` Linus Walleij
2015-10-09 10:53 ` Will Deacon
2015-10-09 11:24 ` Russell King - ARM Linux
2015-10-09 12:32 ` Will Deacon
2015-10-12 7:51 ` Linus Walleij
2015-10-23 8:05 ` Linus Walleij
2015-10-23 8:46 ` Russell King - ARM Linux
2015-10-27 17:11 ` Will Deacon
2015-08-25 16:37 ` [PATCH v2 11/10] ARM: fix swp-emulate Russell King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150825165326.GL21300@arm.com \
--to=will.deacon@arm$(echo .)com \
--cc=linux-arm-kernel@lists$(echo .)infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox