From: Dave Hansen <[email protected]> We might not strictly have to make modifictions to access_error() to check the VMA here.
If we do not, we will do this: 1. app sets VMA pkey to K 2. app touches a !present page 3. do_page_fault(), allocates and maps page, sets pte.pkey=K 4. return to userspace 5. touch instruction reexecutes, but triggers PF_PK 6. do PKEY signal What happens with this patch applied: 1. app sets VMA pkey to K 2. app touches a !present page 3. do_page_fault() notices that K is inaccessible 4. do PKEY signal We basically skip the fault that does an allocation. So what this lets us do is protect areas from even being *populated* unless it is accessible according to protection keys. That seems handy to me and makes protection keys work more like an mprotect()'d mapping. Signed-off-by: Dave Hansen <[email protected]> --- b/arch/x86/mm/fault.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff -puN arch/x86/mm/fault.c~pkeys-15-access_error arch/x86/mm/fault.c --- a/arch/x86/mm/fault.c~pkeys-15-access_error 2015-09-28 11:39:48.287289263 -0700 +++ b/arch/x86/mm/fault.c 2015-09-28 11:39:48.290289400 -0700 @@ -904,6 +904,9 @@ static inline bool bad_area_access_from_ return false; if (error_code & PF_PK) return true; + /* this checks permission keys on the VMA: */ + if (!arch_vma_access_permitted(vma, (error_code & PF_WRITE))) + return true; return false; } @@ -1091,6 +1094,13 @@ access_error(unsigned long error_code, s */ if (error_code & PF_PK) return 1; + /* + * Make sure to check the VMA so that we do not perform + * faults just to hit a PF_PK as soon as we fill in a + * page. + */ + if (!arch_vma_access_permitted(vma, (error_code & PF_WRITE))) + return 1; if (error_code & PF_WRITE) { /* write, present and write, not present: */ _ -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
