From patchwork Mon May 21 06:41:52 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 10414029 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5932760365 for ; Mon, 21 May 2018 06:43:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 491E627FA9 for ; Mon, 21 May 2018 06:43:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3D73D283DA; Mon, 21 May 2018 06:43:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 50B7827FA9 for ; Mon, 21 May 2018 06:43:22 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E7B536B026A; Mon, 21 May 2018 02:43:20 -0400 (EDT) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id E51576B026B; Mon, 21 May 2018 02:43:20 -0400 (EDT) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D41846B026C; Mon, 21 May 2018 02:43:20 -0400 (EDT) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl0-f69.google.com (mail-pl0-f69.google.com [209.85.160.69]) by kanga.kvack.org (Postfix) with ESMTP id 9505E6B026A for ; Mon, 21 May 2018 02:43:20 -0400 (EDT) Received: by mail-pl0-f69.google.com with SMTP id i1-v6so9473316pld.11 for ; Sun, 20 May 2018 23:43:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:dkim-signature:subject:to:cc:from:date :message-id:mime-version:content-transfer-encoding; bh=zNAElAhNIOBYK1YNKMOgcb8MepO2t9KAt5PgRCpMsaI=; b=eWHJxZTT3uawad4BYu0qExwnsFbk0ihOAVOwT78+EYmCIhX852Z3r2IOLt/7E5HKLb vTyh4st6D/gYL7HGZdsYURcEkKnzj/s41W3L0YWdAaTIoBfKx7v2JaE7rxgNIb3toc1Y 6wpXGs7WAI7+NXCoHjyzRn0amF97x7eCpzXqhK3LIOiWtShndow4IOxdnj9Ik27lF4el R5MRQFT6rtQxByrFy9dJ6y3INvu/3uPE9opWWw64RX1vV/i4Ix6PH7GuuPq1cmv//VOH IQUx6IuUUhjqTruMu5MJlt2PISfsJ3YyqLqn7urThFStYWpGJoTsSTH5aRyuz1E6cUGe kvFg== X-Gm-Message-State: ALKqPwe8NNDu6G3WoAn+FP41r3DKARvAZoJewU/RIANiKljakTRFzBtX li1sESZOrvdi03b5J2NNxZfovBCAvwOLf0Pi72U3IZwQDVK8yFRoazA72aTi3YtIQJsRh7K5bhg 9q2DuAyhjEfOtd+kRxRiVl/wpFZqU1oKqalmcgp9hOWkyaGRGfVBmsCZ98RmURl0= X-Received: by 2002:a65:4188:: with SMTP id a8-v6mr14816333pgq.118.1526885000242; Sun, 20 May 2018 23:43:20 -0700 (PDT) X-Google-Smtp-Source: AB8JxZr+MgkFGTynskBsE1Cz74k68plta+y+pGpzhgkLYoUTH9Ji3Nv93atJEXX1kTNxVo32dRNS X-Received: by 2002:a65:4188:: with SMTP id a8-v6mr14816315pgq.118.1526884999593; Sun, 20 May 2018 23:43:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526884999; cv=none; d=google.com; s=arc-20160816; b=J/Wq4fC1EXpo4CrfBrFrnUMRXn6BPXp/ynECrlHBCH1uBIS/A1pD7ae0TUlIOdCGW2 JBd+fp6Ujhfxi9XsvemfRxLP5G3sPzCDNkpCIngIe2SDmYSG2jSCujpspM6f/IYtZh8w WYz9qgBSo/U6UEdpZ+GrDnkA6lQixqjYNR+Ipn9EqUSdCUvakOIqxxekJCsuhH+Jng0E yoQj6PRoxxxs3FtsW78Zk91WAXb5ccMfMfeDhDFeF7OmvUKITvj67dgg62TIi9AwG2Ss x8eJaUTIEnjUhK6FCVIcpUjLXNiBEEqRuRb0bbyJAl61fYQ/n22papzbBFzRLTNUR/eU iuHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:from:cc:to :subject:dkim-signature:arc-authentication-results; bh=zNAElAhNIOBYK1YNKMOgcb8MepO2t9KAt5PgRCpMsaI=; b=Bi1/N1bHBanRQ8Bpgnc92PwrMxO7G3PJgzMP2djXDroCZZiQcYenhc6gp3nh8tyexm cIPxyfxjomUBaUlghfKhCG+UKlmOuCpuMv/INfjHZhlBL+HMRtcHv2/+FbOGJpvs7SNe lmPdgi5Tfpxn4eRmrEIuLW8H+aom1a3KDxuEGaO/DS5k2wSlmoQXSUO4CK7immNaeCZ6 XlwRKUp9/Dz6zePZKCqEz8aP/KXy4m0spEMbGySuu1UALTbD/TfliNw1KHfggyRUQz05 hLO3NtCgx5VLdo7a9VoJsj892mnigHd8obvvWztqpwvLefeB5G4vdWnSNXjywNiKwKkh cgFw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0g68E+78; spf=pass (google.com: domain of srs0=nia/=ii=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=SRS0=nia/=II=linuxfoundation.org=gregkh@kernel.org Received: from mail.kernel.org (mail.kernel.org. [198.145.29.99]) by mx.google.com with ESMTPS id a15-v6si14003317pll.412.2018.05.20.23.43.19 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 20 May 2018 23:43:19 -0700 (PDT) Received-SPF: pass (google.com: domain of srs0=nia/=ii=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) client-ip=198.145.29.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=0g68E+78; spf=pass (google.com: domain of srs0=nia/=ii=linuxfoundation.org=gregkh@kernel.org designates 198.145.29.99 as permitted sender) smtp.mailfrom=SRS0=nia/=II=linuxfoundation.org=gregkh@kernel.org Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id AB8FF2086A; Mon, 21 May 2018 06:43:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1526884999; bh=On61SM9AQM4cLBE5GO5CTrqjtAK8QLNpprcMIRCIaYc=; h=Subject:To:Cc:From:Date:From; b=0g68E+78sfnwGT1i+PV4JLfva29luju6AXKSqYXStIHAajgkFDFtawJwpN5kaRF7B ZqWg4AO0r/5CT7N1UG1y+mCnZj6LqiCqk0g7PavPJODm6wYMUk+4FBTjLxNOE9p8l+ UHXWFOdQf01pJQvbBM2gq0vL5idRHK5PFFinll1Q= Subject: Patch "x86/pkeys: Override pkey when moving away from PROT_EXEC" has been added to the 4.16-stable tree To: 20180509171351.084C5A71@viggo.jf.intel.com, akpm@linux-foundation.org, dave.hansen@intel.com, dave.hansen@linux.intel.com, gregkh@linuxfoundation.org, linux-mm@kvack.org, linuxram@us.ibm.com, mingo@kernel.org, mpe@ellerman.id.au, peterz@infradead.org, shakeelb@google.com, shuah@kernel.org, tglx@linutronix.de, torvalds@linux-foundation.org Cc: From: Date: Mon, 21 May 2018 08:41:52 +0200 Message-ID: <1526884912142213@kroah.com> MIME-Version: 1.0 X-stable: commit X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This is a note to let you know that I've just added the patch titled x86/pkeys: Override pkey when moving away from PROT_EXEC to the 4.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: x86-pkeys-override-pkey-when-moving-away-from-prot_exec.patch and it can be found in the queue-4.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. From 0a0b152083cfc44ec1bb599b57b7aab41327f998 Mon Sep 17 00:00:00 2001 From: Dave Hansen Date: Wed, 9 May 2018 10:13:51 -0700 Subject: x86/pkeys: Override pkey when moving away from PROT_EXEC From: Dave Hansen commit 0a0b152083cfc44ec1bb599b57b7aab41327f998 upstream. I got a bug report that the following code (roughly) was causing a SIGSEGV: mprotect(ptr, size, PROT_EXEC); mprotect(ptr, size, PROT_NONE); mprotect(ptr, size, PROT_READ); *ptr = 100; The problem is hit when the mprotect(PROT_EXEC) is implicitly assigned a protection key to the VMA, and made that key ACCESS_DENY|WRITE_DENY. The PROT_NONE mprotect() failed to remove the protection key, and the PROT_NONE-> PROT_READ left the PTE usable, but the pkey still in place and left the memory inaccessible. To fix this, we ensure that we always "override" the pkee at mprotect() if the VMA does not have execute-only permissions, but the VMA has the execute-only pkey. We had a check for PROT_READ/WRITE, but it did not work for PROT_NONE. This entirely removes the PROT_* checks, which ensures that PROT_NONE now works. Reported-by: Shakeel Butt Signed-off-by: Dave Hansen Cc: Andrew Morton Cc: Dave Hansen Cc: Linus Torvalds Cc: Michael Ellermen Cc: Peter Zijlstra Cc: Ram Pai Cc: Shuah Khan Cc: Thomas Gleixner Cc: linux-mm@kvack.org Cc: stable@vger.kernel.org Fixes: 62b5f7d013f ("mm/core, x86/mm/pkeys: Add execute-only protection keys support") Link: http://lkml.kernel.org/r/20180509171351.084C5A71@viggo.jf.intel.com Signed-off-by: Ingo Molnar Signed-off-by: Greg Kroah-Hartman --- arch/x86/include/asm/pkeys.h | 12 +++++++++++- arch/x86/mm/pkeys.c | 21 +++++++++++---------- 2 files changed, 22 insertions(+), 11 deletions(-) Patches currently in stable-queue which might be from dave.hansen@linux.intel.com are queue-4.16/x86-pkeys-override-pkey-when-moving-away-from-prot_exec.patch queue-4.16/x86-pkeys-do-not-special-case-protection-key-0.patch --- a/arch/x86/include/asm/pkeys.h +++ b/arch/x86/include/asm/pkeys.h @@ -2,6 +2,8 @@ #ifndef _ASM_X86_PKEYS_H #define _ASM_X86_PKEYS_H +#define ARCH_DEFAULT_PKEY 0 + #define arch_max_pkey() (boot_cpu_has(X86_FEATURE_OSPKE) ? 16 : 1) extern int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, @@ -15,7 +17,7 @@ extern int __execute_only_pkey(struct mm static inline int execute_only_pkey(struct mm_struct *mm) { if (!boot_cpu_has(X86_FEATURE_OSPKE)) - return 0; + return ARCH_DEFAULT_PKEY; return __execute_only_pkey(mm); } @@ -56,6 +58,14 @@ bool mm_pkey_is_allocated(struct mm_stru return false; if (pkey >= arch_max_pkey()) return false; + /* + * The exec-only pkey is set in the allocation map, but + * is not available to any of the user interfaces like + * mprotect_pkey(). + */ + if (pkey == mm->context.execute_only_pkey) + return false; + return mm_pkey_allocation_map(mm) & (1U << pkey); } --- a/arch/x86/mm/pkeys.c +++ b/arch/x86/mm/pkeys.c @@ -94,26 +94,27 @@ int __arch_override_mprotect_pkey(struct */ if (pkey != -1) return pkey; - /* - * Look for a protection-key-drive execute-only mapping - * which is now being given permissions that are not - * execute-only. Move it back to the default pkey. - */ - if (vma_is_pkey_exec_only(vma) && - (prot & (PROT_READ|PROT_WRITE))) { - return 0; - } + /* * The mapping is execute-only. Go try to get the * execute-only protection key. If we fail to do that, * fall through as if we do not have execute-only - * support. + * support in this mm. */ if (prot == PROT_EXEC) { pkey = execute_only_pkey(vma->vm_mm); if (pkey > 0) return pkey; + } else if (vma_is_pkey_exec_only(vma)) { + /* + * Protections are *not* PROT_EXEC, but the mapping + * is using the exec-only pkey. This mapping was + * PROT_EXEC and will no longer be. Move back to + * the default pkey. + */ + return ARCH_DEFAULT_PKEY; } + /* * This is a vanilla, non-pkey mprotect (or we failed to * setup execute-only), inherit the pkey from the VMA we