Message ID | 20210713053113.4632-9-cmr@linux.ibm.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Use per-CPU temporary mappings for patching on Radix MMU | expand |
Related | show |
Le 13/07/2021 à 07:31, Christopher M. Riedl a écrit : > Code patching on powerpc with a STRICT_KERNEL_RWX uses a userspace > address in a temporary mm on Radix now. Use __put_user() to avoid write > failures due to KUAP when attempting a "hijack" on the patching address. > __put_user() also works with the non-userspace, vmalloc-based patching > address on non-Radix MMUs. It is not really clean to use __put_user() on non user address, allthought it works by change. I think it would be better to do something like if (is_kernel_addr(addr)) copy_to_kernel_nofault(...); else copy_to_user_nofault(...); > > Signed-off-by: Christopher M. Riedl <cmr@linux.ibm.com> > --- > drivers/misc/lkdtm/perms.c | 9 --------- > 1 file changed, 9 deletions(-) > > diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c > index 41e87e5f9cc86..da6a34a0a49fb 100644 > --- a/drivers/misc/lkdtm/perms.c > +++ b/drivers/misc/lkdtm/perms.c > @@ -262,16 +262,7 @@ static inline u32 lkdtm_read_patch_site(void) > /* Returns True if the write succeeds */ > static inline bool lkdtm_try_write(u32 data, u32 *addr) > { > -#ifdef CONFIG_PPC > - __put_kernel_nofault(addr, &data, u32, err); > - return true; > - > -err: > - return false; > -#endif > -#ifdef CONFIG_X86_64 > return !__put_user(data, addr); > -#endif > } > > static int lkdtm_patching_cpu(void *data) >
On Thu Aug 5, 2021 at 4:18 AM CDT, Christophe Leroy wrote: > > > Le 13/07/2021 à 07:31, Christopher M. Riedl a écrit : > > Code patching on powerpc with a STRICT_KERNEL_RWX uses a userspace > > address in a temporary mm on Radix now. Use __put_user() to avoid write > > failures due to KUAP when attempting a "hijack" on the patching address. > > __put_user() also works with the non-userspace, vmalloc-based patching > > address on non-Radix MMUs. > > It is not really clean to use __put_user() on non user address, > allthought it works by change. > > I think it would be better to do something like > > if (is_kernel_addr(addr)) > copy_to_kernel_nofault(...); > else > copy_to_user_nofault(...); > Yes that looks much better. I'll pick this up and try it for the next spin. Thanks! > > > > > > Signed-off-by: Christopher M. Riedl <cmr@linux.ibm.com> > > --- > > drivers/misc/lkdtm/perms.c | 9 --------- > > 1 file changed, 9 deletions(-) > > > > diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c > > index 41e87e5f9cc86..da6a34a0a49fb 100644 > > --- a/drivers/misc/lkdtm/perms.c > > +++ b/drivers/misc/lkdtm/perms.c > > @@ -262,16 +262,7 @@ static inline u32 lkdtm_read_patch_site(void) > > /* Returns True if the write succeeds */ > > static inline bool lkdtm_try_write(u32 data, u32 *addr) > > { > > -#ifdef CONFIG_PPC > > - __put_kernel_nofault(addr, &data, u32, err); > > - return true; > > - > > -err: > > - return false; > > -#endif > > -#ifdef CONFIG_X86_64 > > return !__put_user(data, addr); > > -#endif > > } > > > > static int lkdtm_patching_cpu(void *data) > >
diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 41e87e5f9cc86..da6a34a0a49fb 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -262,16 +262,7 @@ static inline u32 lkdtm_read_patch_site(void) /* Returns True if the write succeeds */ static inline bool lkdtm_try_write(u32 data, u32 *addr) { -#ifdef CONFIG_PPC - __put_kernel_nofault(addr, &data, u32, err); - return true; - -err: - return false; -#endif -#ifdef CONFIG_X86_64 return !__put_user(data, addr); -#endif } static int lkdtm_patching_cpu(void *data)
Code patching on powerpc with a STRICT_KERNEL_RWX uses a userspace address in a temporary mm on Radix now. Use __put_user() to avoid write failures due to KUAP when attempting a "hijack" on the patching address. __put_user() also works with the non-userspace, vmalloc-based patching address on non-Radix MMUs. Signed-off-by: Christopher M. Riedl <cmr@linux.ibm.com> --- drivers/misc/lkdtm/perms.c | 9 --------- 1 file changed, 9 deletions(-)