linux/include/asm-generic
Dave Hansen 1b2ee1266e mm/core: Do not enforce PKEY permissions on remote mm access
We try to enforce protection keys in software the same way that we
do in hardware.  (See long example below).

But, we only want to do this when accessing our *own* process's
memory.  If GDB set PKRU[6].AD=1 (disable access to PKEY 6), then
tried to PTRACE_POKE a target process which just happened to have
some mprotect_pkey(pkey=6) memory, we do *not* want to deny the
debugger access to that memory.  PKRU is fundamentally a
thread-local structure and we do not want to enforce it on access
to _another_ thread's data.

This gets especially tricky when we have workqueues or other
delayed-work mechanisms that might run in a random process's context.
We can check that we only enforce pkeys when operating on our *own* mm,
but delayed work gets performed when a random user context is active.
We might end up with a situation where a delayed-work gup fails when
running randomly under its "own" task but succeeds when running under
another process.  We want to avoid that.

To avoid that, we use the new GUP flag: FOLL_REMOTE and add a
fault flag: FAULT_FLAG_REMOTE.  They indicate that we are
walking an mm which is not guranteed to be the same as
current->mm and should not be subject to protection key
enforcement.

Thanks to Jerome Glisse for pointing out this scenario.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Alexey Kardashevskiy <aik@ozlabs.ru>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Boaz Harrosh <boaz@plexistor.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Dave Chinner <dchinner@redhat.com>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dominik Dingel <dingel@linux.vnet.ibm.com>
Cc: Dominik Vogt <vogt@linux.vnet.ibm.com>
Cc: Eric B Munson <emunson@akamai.com>
Cc: Geliang Tang <geliangtang@163.com>
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Jason Low <jason.low2@hp.com>
Cc: Jerome Marchand <jmarchan@redhat.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Mikulas Patocka <mpatocka@redhat.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Shachar Raindel <raindel@mellanox.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Xie XiuQi <xiexiuqi@huawei.com>
Cc: iommu@lists.linux-foundation.org
Cc: linux-arch@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org
Cc: linux-s390@vger.kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-18 19:46:28 +01:00
..
bitops move count_zeroes.h out of asm-generic 2015-10-15 00:21:07 +02:00
4level-fixup.h mm, asm-generic: define PUD_SHIFT in <asm-generic/4level-fixup.h> 2015-02-11 17:06:03 -08:00
asm-offsets.h asm-generic: Add common asm-offsets.h 2015-06-23 13:35:49 +09:00
atomic64.h atomic: Provide atomic_{or,xor,and} 2015-07-27 14:06:24 +02:00
atomic-long.h atomic: remove all traces of READ_ONCE_CTRL() and atomic*_read_ctrl() 2015-11-03 17:22:17 -08:00
atomic.h atomic, arch: Audit atomic_{read,set}() 2015-09-23 09:54:28 +02:00
audit_change_attr.h audit: Modify a set of system calls in audit class definitions 2014-01-17 17:01:46 -05:00
audit_dir_write.h audit: support the "standard" <asm-generic/unistd.h> 2011-05-04 14:41:28 -04:00
audit_read.h audit: support the "standard" <asm-generic/unistd.h> 2011-05-04 14:41:28 -04:00
audit_signal.h
audit_write.h audit: Modify a set of system calls in audit class definitions 2014-01-17 17:01:46 -05:00
barrier.h asm-generic: implement virt_xxx memory barriers 2016-01-12 20:46:59 +02:00
bitops.h arch: Prepare for smp_mb__{before,after}_atomic() 2014-04-18 11:40:30 +02:00
bitsperlong.h UAPI: (Scripted) Disintegrate include/asm-generic 2012-10-04 18:20:15 +01:00
bug.h bug: Make BUG() always stop the machine 2014-04-07 16:36:10 -07:00
bugs.h
cache.h
cacheflush.h asm-generic/cacheflush.h: flush icache when copying to user pages 2011-05-25 08:39:37 -07:00
checksum.h asm-generic headers: Allow yet more arch overrides in checksum.h 2013-02-11 20:00:33 +05:30
clkdev.h asm-generic: COMMON_CLK defines __clk_{get,put} 2014-09-25 18:00:45 -07:00
cmpxchg-local.h LLVMLinux: Remove warning about returning an uninitialized variable 2014-04-09 13:44:35 -07:00
cmpxchg.h asm-generic: cmpxchg: avoid warnings from macro-ized cmpxchg() implementations 2015-10-15 00:21:13 +02:00
cputime_jiffies.h sched, time: Fix build error with 64 bit cputime_t on 32 bit systems 2014-10-03 05:46:55 +02:00
cputime_nsecs.h cputime: Prevent 32bit overflow in time[val|spec]_to_cputime() 2016-02-02 15:24:38 +01:00
cputime.h cputime: Generic on-demand virtual cputime accounting 2013-01-27 19:23:27 +01:00
current.h
delay.h asm-generic: delay.h fix udelay and ndelay for 8 bit args 2011-07-22 18:45:33 +02:00
device.h
div64.h __div64_32(): make it overridable at compile time 2015-11-16 14:42:12 -05:00
dma-contiguous.h asm-generic: Add dma-contiguous.h 2014-09-22 13:35:51 +02:00
dma.h
early_ioremap.h Merge branch 'akpm' (patches from Andrew) 2015-09-08 17:52:23 -07:00
emergency-restart.h
exec.h Split arch_align_stack() out from asm-generic/system.h 2012-03-28 18:30:03 +01:00
fb.h
fixmap.h mm: provide early_memremap_ro to establish read-only mapping 2015-08-20 12:24:22 +01:00
ftrace.h asm-generic headers: add ftrace.h 2011-03-17 09:19:04 +08:00
futex.h sched/preempt, futex: Disable preemption in UP futex_atomic_cmpxchg_inatomic() explicitly 2015-05-19 08:39:16 +02:00
getorder.h bitops: Add missing parentheses to new get_order macro 2012-02-24 10:39:27 -08:00
gpio.h gpio: remove gpiod_sysfs_set_active_low 2015-05-12 10:46:53 +02:00
hardirq.h Fix IRQ flag handling naming 2010-10-07 14:08:55 +01:00
hugetlb.h mm: Fix generic hugetlb pte check return type. 2013-10-02 20:02:35 -04:00
hw_irq.h
ide_iops.h
int-ll64.h UAPI: (Scripted) Disintegrate include/asm-generic 2012-10-04 18:20:15 +01:00
io-64-nonatomic-hi-lo.h asm-generic: temporarily add back asm-generic/io-64-nonatomic*.h 2015-10-16 12:08:53 +02:00
io-64-nonatomic-lo-hi.h asm-generic: temporarily add back asm-generic/io-64-nonatomic*.h 2015-10-16 12:08:53 +02:00
io.h x86/mm, asm-generic: Add IOMMU ioremap_uc() variant default 2015-07-21 10:47:03 +02:00
ioctl.h include/asm-generic/ioctl.h: fix _IOC_TYPECHECK sparse error 2014-06-06 16:08:13 -07:00
iomap.h x86/mm, asm-generic: Add ioremap_wt() for creating Write-Through mappings 2015-06-07 15:28:56 +02:00
irq_regs.h core: Replace __get_cpu_var with __this_cpu_read if not used for an address. 2010-12-17 15:07:19 +01:00
irq_work.h irq_work: Introduce arch_irq_work_has_interrupt() 2014-09-13 18:38:07 +02:00
irq.h
irqflags.h Fix IRQ flag handling naming 2010-10-07 14:08:55 +01:00
Kbuild.asm UAPI: Set up uapi/asm/Kbuild.asm 2012-10-02 18:01:56 +01:00
kdebug.h asm-generic: kdebug.h: Checkpatch cleanup 2010-10-09 21:51:44 +02:00
kmap_types.h asm-generic: remove km_type definitions 2012-07-24 15:27:30 +08:00
kvm_para.h KVM: add kvm_para_available to asm-generic/kvm_para.h 2013-06-05 13:21:29 +03:00
libata-portmap.h
linkage.h
local64.h atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
local.h atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
mcs_spinlock.h locking/mcs: Allow architecture specific asm files to be used for contended case 2014-02-09 21:18:52 +01:00
memory_model.h mm: add PHYS_PFN, use it in __phys_to_pfn() 2016-01-14 16:00:49 -08:00
mm_hooks.h mm/core: Do not enforce PKEY permissions on remote mm access 2016-02-18 19:46:28 +01:00
mm-arch-hooks.h mm: clean up per architecture MM hook header files 2015-07-17 16:39:53 -07:00
mmu_context.h asm-generic: Remove asm-generic arch_bprm_mm_init() 2014-11-22 21:52:08 +01:00
mmu.h asm-generic/mmu.h: Add support for FDPIC 2012-12-09 23:14:14 +01:00
module.h Make most arch asm/module.h files use asm-generic/module.h 2012-09-28 14:31:03 +09:30
msi.h asm-generic: Add msi.h 2014-11-23 13:01:47 +01:00
mutex-dec.h locking/mutex: Use acquire/release semantics 2015-10-06 17:28:20 +02:00
mutex-null.h arch: Make __mutex_fastpath_lock_retval return whether fastpath succeeded or not 2013-06-26 12:10:55 +02:00
mutex-xchg.h locking/mutex: Use acquire/release semantics 2015-10-06 17:28:20 +02:00
mutex.h
page.h The following changes since commit 3ee72ca992 2012-01-10 17:39:40 -08:00
param.h UAPI: (Scripted) Disintegrate include/asm-generic 2012-10-04 18:20:15 +01:00
parport.h include: remove __dev* attributes. 2013-01-03 15:57:16 -08:00
pci_iomap.h PCI: Add pci_iomap_wc() variants 2015-08-25 09:59:45 +02:00
pci-bridge.h PCI: work around Stratus ftServer broken PCIe hierarchy 2012-04-30 15:21:02 -06:00
pci-dma-compat.h pci: remove pci_dma_supported 2015-11-10 16:32:11 -08:00
pci.h PCI: Remove unused pcibios_select_root() (again) 2015-06-08 07:56:21 -05:00
percpu.h percpu: preffity percpu header files 2014-06-17 19:12:40 -04:00
pgalloc.h
pgtable-nopmd.h
pgtable-nopud.h
pgtable.h mm, dax: convert vmf_insert_pfn_pmd() to pfn_t 2016-01-15 17:56:32 -08:00
preempt.h sched/core: Create preempt_count invariant 2015-10-06 17:08:14 +02:00
ptrace.h asm-generic/ptrace.h: start a common low level ptrace helper 2011-05-26 17:12:36 -07:00
qrwlock_types.h locking/qrwlock: Rename ->lock to ->wait_lock 2015-09-18 09:27:29 +02:00
qrwlock.h locking/qrwlock: Make use of _{acquire|release|relaxed}() atomics 2015-08-12 11:59:06 +02:00
qspinlock_types.h locking/qspinlock: Optimize for smaller NR_CPUS 2015-05-08 12:36:48 +02:00
qspinlock.h locking/qspinlock: Use _acquire/_release() versions of cmpxchg() & xchg() 2015-11-23 10:01:58 +01:00
resource.h asm-generic: remove _STK_LIM_MAX 2014-05-15 00:32:09 +01:00
rtc.h rtc: cmos: century support 2015-09-05 13:19:09 +02:00
rwsem.h locking/rwsem: Use acquire/release semantics 2015-10-06 17:28:24 +02:00
seccomp.h seccomp: allow COMPAT sigreturn overrides 2015-04-17 09:04:09 -04:00
sections.h asm/sections: add helpers to check for section data 2016-01-16 11:17:24 -08:00
segment.h
serial.h
siginfo.h constify copy_siginfo_to_user{,32}() 2013-11-09 00:16:29 -05:00
signal.h unify default ptrace_signal_deliver 2012-11-29 00:01:23 -05:00
simd.h crypto: create generic version of ablk_helper 2013-09-24 06:02:24 +10:00
sizes.h ARM: 7430/1: sizes.h: move from asm-generic to <linux/sizes.h> 2012-06-28 17:14:34 +01:00
spinlock.h
statfs.h UAPI: (Scripted) Disintegrate include/asm-generic 2012-10-04 18:20:15 +01:00
string.h
switch_to.h Split the switch_to() wrapper out of asm-generic/system.h 2012-03-28 18:30:03 +01:00
syscall.h syscall.h: fix doc text for syscall_get_arch() 2014-09-23 16:20:00 -04:00
syscalls.h burying unused conditionals 2013-02-14 09:21:15 -05:00
termios-base.h
termios.h UAPI: (Scripted) Disintegrate include/asm-generic 2012-10-04 18:20:15 +01:00
timex.h
tlb.h treewide: Remove old email address 2015-11-23 09:44:58 +01:00
tlbflush.h BUG: headers with BUG/BUG_ON etc. need linux/bug.h 2012-03-04 17:54:34 -05:00
topology.h
trace_clock.h tracing,x86: Add a TSC trace_clock 2012-11-13 15:48:27 -05:00
uaccess-unaligned.h
uaccess.h asm-generic: {get,put}_user ptr argument evaluate only 1 time 2015-11-08 22:44:42 +09:00
unaligned.h asm-generic: allow generic unaligned access if the arch supports it 2014-05-08 10:22:23 +02:00
unistd.h We get rid of the general module prefix confusion with a binary config option, 2013-05-05 10:58:06 -07:00
user.h asm-generic/user.h: Fix spelling in comment 2011-03-01 15:49:39 +01:00
vga.h
vmlinux.lds.h clocksource / ACPI: Add probing infrastructure for ACPI-based clocksources 2015-10-01 02:18:38 +02:00
vtime.h include/asm-generic/vtime.h: avoid zero-length file 2013-09-30 14:31:02 -07:00
word-at-a-time.h Make asm/word-at-a-time.h available on all architectures 2015-07-08 16:41:55 -04:00
xor.h asm-generic: xor: mark static functions as __maybe_unused 2012-10-03 21:21:06 +02:00