Sayali Patil <[email protected]> writes: > On powerpc with PREEMPT_FULL or PREEMPT_LAZY and function tracing enabled, > KUAP warnings can be triggered from the VMX usercopy path under memory > stress workloads. > > KUAP requires that no subfunctions are called once userspace access has > been enabled. The existing VMX copy implementation violates this > requirement by invoking enter_vmx_usercopy() from the assembly path after > userspace access has already been enabled. If preemption occurs > in this window, the AMR state may not be preserved correctly, > leading to unexpected userspace access state and resulting in > KUAP warnings. > > Fix this by restructuring the VMX usercopy flow so that VMX selection > and VMX state management are centralized in raw_copy_tofrom_user(), > which is invoked by the raw_copy_{to,from,in}_user() wrappers. > > The new flow is: > > - raw_copy_{to,from,in}_user() calls raw_copy_tofrom_user() > - raw_copy_tofrom_user() decides whether to use the VMX path > based on size and CPU capability > - Call enter_vmx_usercopy() before enabling userspace access > - Enable userspace access as per the copy direction > and perform the VMX copy > - Disable userspace access as per the copy direction > - Call exit_vmx_usercopy() > - Fall back to the base copy routine if the VMX copy faults > > With this change, the VMX assembly routines no longer perform VMX state > management or call helper functions; they only implement the > copy operations. > The previous feature-section based VMX selection inside > __copy_tofrom_user_power7() is removed, and a dedicated > __copy_tofrom_user_power7_vmx() entry point is introduced. > > This ensures correct KUAP ordering, avoids subfunction calls > while KUAP is unlocked, and eliminates the warnings while preserving > the VMX fast path. > > Fixes: de78a9c42a79 ("powerpc: Add a framework for Kernel Userspace Access > Protection") > Reported-by: Shrikanth Hegde <[email protected]> > Closes: > https://lore.kernel.org/all/[email protected]/ > Suggested-by: Christophe Leroy (CS GROUP) <[email protected]> > Reviewed-by: Christophe Leroy (CS GROUP) <[email protected]> > Co-developed-by: Aboorva Devarajan <[email protected]> > Signed-off-by: Aboorva Devarajan <[email protected]> > Signed-off-by: Sayali Patil <[email protected]> > ---
Thanks Sayali & Christophe for the help on this. I liked the new wrappers which removed the code duplication by calling into a common function call raw_copy_tofrom_user(). The new changes looks good to me too. Please feel free to add: Reviewed-by: Ritesh Harjani (IBM) <[email protected]>
