linux-hardened/security/tomoyo
Dave Hansen 1e9877902d mm/gup: Introduce get_user_pages_remote()
For protection keys, we need to understand whether protections
should be enforced in software or not.  In general, we enforce
protections when working on our own task, but not when on others.
We call these "current" and "remote" operations.

This patch introduces a new get_user_pages() variant:

        get_user_pages_remote()

Which is a replacement for when get_user_pages() is called on
non-current tsk/mm.

We also introduce a new gup flag: FOLL_REMOTE which can be used
for the "__" gup variants to get this new behavior.

The uprobes is_trap_at_addr() location holds mmap_sem and
calls get_user_pages(current->mm) on an instruction address.  This
makes it a pretty unique gup caller.  Being an instruction access
and also really originating from the kernel (vs. the app), I opted
to consider this a 'remote' access where protection keys will not
be enforced.

Without protection keys, this patch should not change any behavior.

Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Dave Hansen <dave@sr71.net>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Rik van Riel <riel@redhat.com>
Cc: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: jack@suse.cz
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/20160212210154.3F0E51EA@viggo.jf.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-16 10:04:09 +01:00
..
policy tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
.gitignore tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
audit.c tomoyo: Use sensible time interface 2014-06-12 16:18:45 +02:00
common.c tomoyo: Use sensible time interface 2014-06-12 16:18:45 +02:00
common.h switch security_inode_getattr() to struct path * 2015-04-11 22:24:32 -04:00
condition.c VFS: security/: d_backing_inode() annotations 2015-04-15 15:06:56 -04:00
domain.c mm/gup: Introduce get_user_pages_remote() 2016-02-16 10:04:09 +01:00
environ.c TOMOYO: Add environment variable name restriction support. 2011-09-14 08:27:05 +10:00
file.c switch security_inode_getattr() to struct path * 2015-04-11 22:24:32 -04:00
gc.c TOMOYO: Fix quota and garbage collector. 2011-10-12 12:15:20 +11:00
group.c TOMOYO: Add socket operation restriction support. 2011-09-14 08:27:05 +10:00
Kconfig tomoyo: Use bin2c to generate builtin-policy.h 2015-04-07 21:27:45 +02:00
load_policy.c usermodehelper: use UMH_WAIT_PROC consistently 2012-03-23 16:58:41 -07:00
Makefile tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
memory.c TOMOYO: Remove tomoyo_policy_memory_lock spinlock. 2011-09-26 10:46:22 +10:00
mount.c consitify do_mount() arguments 2012-10-11 20:02:04 -04:00
network.c TOMOYO: Add socket operation restriction support. 2011-09-14 08:27:05 +10:00
realpath.c VFS: security/: d_backing_inode() annotations 2015-04-15 15:06:56 -04:00
securityfs_if.c convert a bunch of open-coded instances of memdup_user_nul() 2016-01-04 10:26:58 -05:00
tomoyo.c LSM: Switch to lists of hooks 2015-05-12 15:00:41 +10:00
util.c tomoyo: reduce mmap_sem hold for mm->exe_file 2015-04-17 09:04:11 -04:00