On 12/11/2018 05:25 AM, Russell Currey wrote:
On Wed, 2018-11-28 at 09:27 +, Christophe Leroy wrote:
This patch implements Kernel Userspace Access Protection for
book3s/32.
Due to limitations of the processor page protection capabilities,
the protection is only against writing. read protection cannot be
achieved using page protection.
In order to provide the protection, Ku and Ks keys are modified in
Userspace Segment registers, and different PP bits are used to:
PP01 provides RW for Key 0 and RO for Key 1
PP10 provides RW for all
PP11 provides RO for all
Today PP10 is used for RW pages and PP11 for RO pages. This patch
modifies page protection to PP01 for RW pages.
Then segment registers are set to Ku 0 and Ks 1. When kernel needs
to write to RW pages, the associated segment register is changed to
Ks 0 in order to allow write access to the kernel.
In order to avoid having the read all segment registers when
locking/unlocking the access, some data is kept in the thread_struct
and saved on stack on exceptions. The field identifies both the
first unlocked segment and the first segment following the last
unlocked one. When no segment is unlocked, it contains value 0.
Signed-off-by: Christophe Leroy
Hey Christophe, I tried to test this and got a machine check after the
kernel starts init.
A program check you mean ?
Vector: 700 (Program Check) at [ef0b5e70]
pc: 0ca4
lr: b7e1a030
sp: ef0b5f30
msr: 81002
current = 0xef0b8000
pid = 1, comm = init
Testing with mac99 model in qemu.
That's pretty surprising. At 0xca4 there is nothing particular for me.
This is a handler for system call. Do you have the same ?
How can this trigger a program check ? According to the MSR, the check
is due to an illegal instruction (bit 12). An we are with MMU off.
cc00 :
cc00: 7d 50 43 a6 mtsprg 0,r10
cc04: 7d 71 43 a6 mtsprg 1,r11
cc08: 7d 40 00 26 mfcrr10
cc0c: 7d 7b 02 a6 mfsrr1 r11
cc10: 71 6b 40 00 andi. r11,r11,16384
cc14: 3d 61 40 00 addis r11,r1,16384
cc18: 41 82 00 14 beq cc2c
cc1c: 7d 73 42 a6 mfsprg r11,3
cc20: 81 6b fb d8 lwz r11,-1064(r11)
cc24: 39 6b 20 00 addir11,r11,8192
cc28: 3d 6b 40 00 addis r11,r11,16384
cc2c: 39 6b ff 40 addir11,r11,-192
cc30: 91 4b 00 a8 stw r10,168(r11)
cc34: 91 8b 00 40 stw r12,64(r11)
cc38: 91 2b 00 34 stw r9,52(r11)
cc3c: 7d 50 42 a6 mfsprg r10,0
cc40: 91 4b 00 38 stw r10,56(r11)
cc44: 7d 91 42 a6 mfsprg r12,1
cc48: 91 8b 00 3c stw r12,60(r11)
cc4c: 7d 48 02 a6 mflrr10
cc50: 91 4b 00 a0 stw r10,160(r11)
cc54: 7d 9a 02 a6 mfsrr0 r12
cc58: 7d 3b 02 a6 mfsrr1 r9
cc5c: 90 2b 00 14 stw r1,20(r11)
cc60: 90 2b 00 00 stw r1,0(r11)
cc64: 3c 2b c0 00 addis r1,r11,-16384
cc68: 39 40 10 02 li r10,4098
cc6c: 7d 40 01 24 mtmsr r10
cc70: 90 0b 00 10 stw r0,16(r11)
cc74: 3d 40 72 65 lis r10,29285
cc78: 39 4a 67 73 addir10,r10,26483
cc7c: 91 4b 00 08 stw r10,8(r11)
cc80: 90 6b 00 1c stw r3,28(r11)
cc84: 90 8b 00 20 stw r4,32(r11)
cc88: 90 ab 00 24 stw r5,36(r11)
cc8c: 90 cb 00 28 stw r6,40(r11)
cc90: 90 eb 00 2c stw r7,44(r11)
cc94: 91 0b 00 30 stw r8,48(r11)
cc98: 39 40 0c 01 li r10,3073
cc9c: 91 4b 00 b0 stw r10,176(r11)
cca0: 39 40 10 32 li r10,4146
cca4: 51 2a 04 20 rlwimi r10,r9,0,16,16
cca8: 48 01 13 5d bl c0012004
Christophe
- Russell
