Re: [PATCH v5 8/8] lkdtm/powerpc: Fix code patching hijack test
On Thu Aug 5, 2021 at 4:18 AM CDT, Christophe Leroy wrote: > > > Le 13/07/2021 à 07:31, Christopher M. Riedl a écrit : > > Code patching on powerpc with a STRICT_KERNEL_RWX uses a userspace > > address in a temporary mm on Radix now. Use __put_user() to avoid write > > failures due to KUAP when attempting a "hijack" on the patching address. > > __put_user() also works with the non-userspace, vmalloc-based patching > > address on non-Radix MMUs. > > It is not really clean to use __put_user() on non user address, > allthought it works by change. > > I think it would be better to do something like > > if (is_kernel_addr(addr)) > copy_to_kernel_nofault(...); > else > copy_to_user_nofault(...); > Yes that looks much better. I'll pick this up and try it for the next spin. Thanks! > > > > > > Signed-off-by: Christopher M. Riedl > > --- > > drivers/misc/lkdtm/perms.c | 9 - > > 1 file changed, 9 deletions(-) > > > > diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c > > index 41e87e5f9cc86..da6a34a0a49fb 100644 > > --- a/drivers/misc/lkdtm/perms.c > > +++ b/drivers/misc/lkdtm/perms.c > > @@ -262,16 +262,7 @@ static inline u32 lkdtm_read_patch_site(void) > > /* Returns True if the write succeeds */ > > static inline bool lkdtm_try_write(u32 data, u32 *addr) > > { > > -#ifdef CONFIG_PPC > > - __put_kernel_nofault(addr, , u32, err); > > - return true; > > - > > -err: > > - return false; > > -#endif > > -#ifdef CONFIG_X86_64 > > return !__put_user(data, addr); > > -#endif > > } > > > > static int lkdtm_patching_cpu(void *data) > >
Re: [PATCH v5 8/8] lkdtm/powerpc: Fix code patching hijack test
Le 13/07/2021 à 07:31, Christopher M. Riedl a écrit : Code patching on powerpc with a STRICT_KERNEL_RWX uses a userspace address in a temporary mm on Radix now. Use __put_user() to avoid write failures due to KUAP when attempting a "hijack" on the patching address. __put_user() also works with the non-userspace, vmalloc-based patching address on non-Radix MMUs. It is not really clean to use __put_user() on non user address, allthought it works by change. I think it would be better to do something like if (is_kernel_addr(addr)) copy_to_kernel_nofault(...); else copy_to_user_nofault(...); Signed-off-by: Christopher M. Riedl --- drivers/misc/lkdtm/perms.c | 9 - 1 file changed, 9 deletions(-) diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 41e87e5f9cc86..da6a34a0a49fb 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -262,16 +262,7 @@ static inline u32 lkdtm_read_patch_site(void) /* Returns True if the write succeeds */ static inline bool lkdtm_try_write(u32 data, u32 *addr) { -#ifdef CONFIG_PPC - __put_kernel_nofault(addr, , u32, err); - return true; - -err: - return false; -#endif -#ifdef CONFIG_X86_64 return !__put_user(data, addr); -#endif } static int lkdtm_patching_cpu(void *data)
[PATCH v5 8/8] lkdtm/powerpc: Fix code patching hijack test
Code patching on powerpc with a STRICT_KERNEL_RWX uses a userspace address in a temporary mm on Radix now. Use __put_user() to avoid write failures due to KUAP when attempting a "hijack" on the patching address. __put_user() also works with the non-userspace, vmalloc-based patching address on non-Radix MMUs. Signed-off-by: Christopher M. Riedl --- drivers/misc/lkdtm/perms.c | 9 - 1 file changed, 9 deletions(-) diff --git a/drivers/misc/lkdtm/perms.c b/drivers/misc/lkdtm/perms.c index 41e87e5f9cc86..da6a34a0a49fb 100644 --- a/drivers/misc/lkdtm/perms.c +++ b/drivers/misc/lkdtm/perms.c @@ -262,16 +262,7 @@ static inline u32 lkdtm_read_patch_site(void) /* Returns True if the write succeeds */ static inline bool lkdtm_try_write(u32 data, u32 *addr) { -#ifdef CONFIG_PPC - __put_kernel_nofault(addr, , u32, err); - return true; - -err: - return false; -#endif -#ifdef CONFIG_X86_64 return !__put_user(data, addr); -#endif } static int lkdtm_patching_cpu(void *data) -- 2.26.1