Lines Matching refs:pkey
8 * * how to handle SEGV_PKRU signals and extract pkey-relevant
17 * look for pkey "leaks" where it is still set on a VMA but "freed" back to the kernel
18 * do a plain mprotect() to a mprotect_pkey() area and make sure the pkey sticks
46 #include "pkey-helpers.h"
309 dprintf1("pkey from siginfo: %jx\n", siginfo_pkey);
427 u32 pkey_get(int pkey, unsigned long flags)
434 dprintf1("%s(pkey=%d, flags=%lx) = %x / %d\n",
435 __func__, pkey, flags, 0, 0);
438 shifted_pkru = (pkru >> (pkey * PKRU_BITS_PER_PKEY));
449 int pkey_set(int pkey, unsigned long rights, unsigned long flags)
460 /* mask out bits from pkey in old value: */
461 new_pkru &= ~(mask << (pkey * PKRU_BITS_PER_PKEY));
462 /* OR in new bits for pkey: */
463 new_pkru |= (rights << (pkey * PKRU_BITS_PER_PKEY));
467 dprintf3("%s(pkey=%d, rights=%lx, flags=%lx) = %x pkru now: %x old_pkru: %x\n",
468 __func__, pkey, rights, flags, 0, __rdpkru(), old_pkru);
472 void pkey_disable_set(int pkey, int flags)
480 pkey, flags);
483 pkey_rights = pkey_get(pkey, syscall_flags);
486 pkey, pkey, pkey_rights);
491 ret = pkey_set(pkey, pkey_rights, syscall_flags);
494 shadow_pkru |= flags << (pkey * 2);
495 dprintf1("%s(%d) shadow: 0x%x\n", __func__, pkey, shadow_pkru);
499 pkey_rights = pkey_get(pkey, syscall_flags);
501 pkey, pkey, pkey_rights);
503 dprintf1("%s(%d) pkru: 0x%x\n", __func__, pkey, rdpkru());
507 pkey, flags);
510 void pkey_disable_clear(int pkey, int flags)
514 int pkey_rights = pkey_get(pkey, syscall_flags);
520 pkey, pkey, pkey_rights);
525 ret = pkey_set(pkey, pkey_rights, 0);
527 shadow_pkru &= ~(flags << (pkey * 2));
530 pkey_rights = pkey_get(pkey, syscall_flags);
532 pkey, pkey, pkey_rights);
534 dprintf1("%s(%d) pkru: 0x%x\n", __func__, pkey, rdpkru());
539 void pkey_write_allow(int pkey)
541 pkey_disable_clear(pkey, PKEY_DISABLE_WRITE);
543 void pkey_write_deny(int pkey)
545 pkey_disable_set(pkey, PKEY_DISABLE_WRITE);
547 void pkey_access_allow(int pkey)
549 pkey_disable_clear(pkey, PKEY_DISABLE_ACCESS);
551 void pkey_access_deny(int pkey)
553 pkey_disable_set(pkey, PKEY_DISABLE_ACCESS);
557 unsigned long pkey)
561 dprintf2("%s(0x%p, %zx, prot=%lx, pkey=%lx)\n", __func__,
562 ptr, size, orig_prot, pkey);
565 sret = syscall(SYS_mprotect_key, ptr, size, orig_prot, pkey);
619 int sys_pkey_free(unsigned long pkey)
621 int ret = syscall(SYS_pkey_free, pkey);
622 dprintf1("%s(pkey=%ld) syscall ret: %d\n", __func__, pkey, ret);
627 * I had a bug where pkey bits could be set by mprotect() but
629 * and clears on the vma and pte pkey bits.
672 unsigned long pkey)
679 ret = sys_mprotect_pkey(ptr, size, orig_prot, pkey);
680 dprintf1("sys_mprotect_pkey(%p, %zx, prot=0x%lx, pkey=%ld) ret: %d\n",
681 ptr, size, orig_prot, pkey, ret);
691 pkey_assert(pkey < NR_PKEYS);
693 ret = sys_mprotect_pkey(ptr, size, orig_prot, pkey);
694 dprintf1("mprotect_pkey(%p, %zx, prot=0x%lx, pkey=%ld) ret: %d\n",
695 ptr, size, orig_prot, pkey, ret);
771 void *malloc_pkey_with_mprotect(long size, int prot, u16 pkey)
777 dprintf1("doing %s(size=%ld, prot=0x%x, pkey=%d)\n", __func__,
778 size, prot, pkey);
779 pkey_assert(pkey < NR_PKEYS);
782 ret = mprotect_pkey((void *)ptr, PAGE_SIZE, prot, pkey);
787 dprintf1("%s() for pkey %d @ %p\n", __func__, pkey, ptr);
791 void *malloc_pkey_anon_huge(long size, int prot, u16 pkey)
796 dprintf1("doing %s(size=%ld, prot=0x%x, pkey=%d)\n", __func__,
797 size, prot, pkey);
806 mprotect_pkey(ptr, size, prot, pkey);
817 dprintf1("mmap()'d thp for pkey %d @ %p\n", pkey, ptr);
863 void *malloc_pkey_hugetlb(long size, int prot, u16 pkey)
871 dprintf1("doing %s(%ld, %x, %x)\n", __func__, size, prot, pkey);
873 pkey_assert(pkey < NR_PKEYS);
876 mprotect_pkey(ptr, size, prot, pkey);
880 dprintf1("mmap()'d hugetlbfs for pkey %d @ %p\n", pkey, ptr);
884 void *malloc_pkey_mmap_dax(long size, int prot, u16 pkey)
889 dprintf1("doing %s(size=%ld, prot=0x%x, pkey=%d)\n", __func__,
890 size, prot, pkey);
891 pkey_assert(pkey < NR_PKEYS);
898 mprotect_pkey(ptr, size, prot, pkey);
902 dprintf1("mmap()'d for pkey %d @ %p\n", pkey, ptr);
907 void *(*pkey_malloc[])(long size, int prot, u16 pkey) = {
918 void *malloc_pkey(long size, int prot, u16 pkey)
924 pkey_assert(pkey < NR_PKEYS);
929 ret = pkey_malloc[malloc_type](size, prot, pkey);
943 dprintf3("%s(%ld, prot=%x, pkey=%x) returning: %p\n", __func__,
944 size, prot, pkey, ret);
949 void expected_pk_fault(int pkey)
953 dprintf2("%s(%d): last_si_pkey: %d\n", __func__, pkey, last_si_pkey);
955 pkey_assert(last_si_pkey == pkey);
1015 void test_read_of_write_disabled_region(int *ptr, u16 pkey)
1019 dprintf1("disabling write access to PKEY[1], doing read\n");
1020 pkey_write_deny(pkey);
1025 void test_read_of_access_disabled_region(int *ptr, u16 pkey)
1029 dprintf1("disabling access to PKEY[%02d], doing read @ %p\n", pkey, ptr);
1031 pkey_access_deny(pkey);
1034 expected_pk_fault(pkey);
1036 void test_write_of_write_disabled_region(int *ptr, u16 pkey)
1038 dprintf1("disabling write access to PKEY[%02d], doing write\n", pkey);
1039 pkey_write_deny(pkey);
1041 expected_pk_fault(pkey);
1043 void test_write_of_access_disabled_region(int *ptr, u16 pkey)
1045 dprintf1("disabling access to PKEY[%02d], doing write\n", pkey);
1046 pkey_access_deny(pkey);
1048 expected_pk_fault(pkey);
1050 void test_kernel_write_of_access_disabled_region(int *ptr, u16 pkey)
1055 dprintf1("disabling access to PKEY[%02d], "
1056 "having kernel read() to buffer\n", pkey);
1057 pkey_access_deny(pkey);
1062 void test_kernel_write_of_write_disabled_region(int *ptr, u16 pkey)
1067 pkey_write_deny(pkey);
1075 void test_kernel_gup_of_access_disabled_region(int *ptr, u16 pkey)
1084 dprintf1("disabling access to PKEY[%02d], "
1085 "having kernel vmsplice from buffer\n", pkey);
1086 pkey_access_deny(pkey);
1097 void test_kernel_gup_write_to_write_disabled_region(int *ptr, u16 pkey)
1103 dprintf1("disabling write to PKEY[%02d], "
1104 "doing futex gunk in buffer\n", pkey);
1106 pkey_write_deny(pkey);
1114 /* Assumes that all pkeys other than 'pkey' are unallocated */
1115 void test_pkey_syscalls_on_non_allocated_pkey(int *ptr, u16 pkey)
1120 /* Note: 0 is the default pkey, so don't mess with it */
1122 if (pkey == i)
1125 dprintf1("trying get/set/free to non-allocated pkey: %2d\n", i);
1137 /* Assumes that all pkeys other than 'pkey' are unallocated */
1138 void test_pkey_syscalls_bad_args(int *ptr, u16 pkey)
1143 /* pass a known-invalid pkey in: */
1148 /* Assumes that all pkeys other than 'pkey' are unallocated */
1149 void test_pkey_alloc_exhaust(int *ptr, u16 pkey)
1165 dprintf2("%s() failed to allocate pkey after %d tries\n",
1196 void test_ptrace_of_child(int *ptr, u16 pkey)
1232 pkey_access_deny(pkey);
1233 pkey_write_deny(pkey);
1242 * Try to access the pkey-protected "ptr" via ptrace:
1249 expected_pk_fault(pkey);
1252 * Try to access the NON-pkey-protected "plain_ptr" via ptrace:
1272 void test_executing_on_unreadable_memory(int *ptr, u16 pkey)
1292 ret = mprotect_pkey(p1, PAGE_SIZE, PROT_EXEC, (u64)pkey);
1294 pkey_access_deny(pkey);
1306 expected_pk_fault(pkey);
1309 void test_mprotect_pkey_on_unsupported_cpu(int *ptr, u16 pkey)
1319 sret = syscall(SYS_mprotect_key, ptr, size, PROT_READ, pkey);
1323 void (*pkey_tests[])(int *ptr, u16 pkey) = {
1345 int pkey;
1352 pkey = alloc_random_pkey();
1353 dprintf1("test %d starting with pkey: %d\n", test_nr, pkey);
1354 ptr = malloc_pkey(PAGE_SIZE, prot, pkey);
1356 pkey_tests[test_nr](ptr, pkey);
1359 sys_pkey_free(pkey);
1390 printf("running PKEY tests for unsupported CPU/OS\n");
