Re: [RFC PATCH v2 11/11] powerpc/book3s32: Implement Kernel Userspace Access Protection

From: Russell Currey
Date: Tue Dec 11 2018 - 00:28:21 EST

On Wed, 2018-11-28 at 09:27 +0000, Christophe Leroy wrote:
> This patch implements Kernel Userspace Access Protection for
> book3s/32.
> Due to limitations of the processor page protection capabilities,
> the protection is only against writing. read protection cannot be
> achieved using page protection.
> In order to provide the protection, Ku and Ks keys are modified in
> Userspace Segment registers, and different PP bits are used to:
> PP01 provides RW for Key 0 and RO for Key 1
> PP10 provides RW for all
> PP11 provides RO for all
> Today PP10 is used for RW pages and PP11 for RO pages. This patch
> modifies page protection to PP01 for RW pages.
> Then segment registers are set to Ku 0 and Ks 1. When kernel needs
> to write to RW pages, the associated segment register is changed to
> Ks 0 in order to allow write access to the kernel.
> In order to avoid having the read all segment registers when
> locking/unlocking the access, some data is kept in the thread_struct
> and saved on stack on exceptions. The field identifies both the
> first unlocked segment and the first segment following the last
> unlocked one. When no segment is unlocked, it contains value 0.
> Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxx>

Hey Christophe, I tried to test this and got a machine check after the
kernel starts init.

Vector: 700 (Program Check) at [ef0b5e70]
pc: 00000ca4
lr: b7e1a030
sp: ef0b5f30
msr: 81002
current = 0xef0b8000
pid = 1, comm = init

Testing with mac99 model in qemu.

- Russell