From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org
Subject: [PATCH v3 19/22] powerpc/kuap: Wire-up KUAP on 40x
Date: Tue, 19 Oct 2021 09:29:30 +0200 [thread overview]
Message-ID: <aaefa91897ddc42ac11019dc0e1d1a525bd08e90.1634627931.git.christophe.leroy@csgroup.eu> (raw)
In-Reply-To: <cover.1634627931.git.christophe.leroy@csgroup.eu>
This adds KUAP support to 40x. This is done by checking
the content of SPRN_PID at the time user pgtable is loaded.
40x doesn't have KUEP, but KUAP implies KUEP because when the
PID doesn't match the page's PID, the page cannot be read nor
executed.
So KUEP is now automatically selected when KUAP is selected and
disabled when KUAP is disabled.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/kernel/head_40x.S | 8 ++++++++
arch/powerpc/mm/nohash/kup.c | 2 ++
arch/powerpc/platforms/Kconfig.cputype | 7 +++++--
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/head_40x.S b/arch/powerpc/kernel/head_40x.S
index 7d72ee5ab387..87d322dbed94 100644
--- a/arch/powerpc/kernel/head_40x.S
+++ b/arch/powerpc/kernel/head_40x.S
@@ -297,6 +297,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt)
3:
mfspr r11,SPRN_SPRG_THREAD
lwz r11,PGDIR(r11)
+#ifdef CONFIG_PPC_KUAP
+ rlwinm. r9, r9, 0, 0xff
+ beq 5f /* Kuap fault */
+#endif
4:
tophys(r11, r11)
rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
@@ -377,6 +381,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt)
3:
mfspr r11,SPRN_SPRG_THREAD
lwz r11,PGDIR(r11)
+#ifdef CONFIG_PPC_KUAP
+ rlwinm. r9, r9, 0, 0xff
+ beq 5f /* Kuap fault */
+#endif
4:
tophys(r11, r11)
rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
diff --git a/arch/powerpc/mm/nohash/kup.c b/arch/powerpc/mm/nohash/kup.c
index eaea52231dd6..552becf90e97 100644
--- a/arch/powerpc/mm/nohash/kup.c
+++ b/arch/powerpc/mm/nohash/kup.c
@@ -19,6 +19,8 @@ EXPORT_SYMBOL(disable_kuap_key);
void setup_kuap(bool disabled)
{
if (disabled) {
+ if (IS_ENABLED(CONFIG_40x))
+ disable_kuep = true;
if (smp_processor_id() == boot_cpuid)
static_branch_enable(&disable_kuap_key);
return;
diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index e989eeca4c7e..3ea415bcf9b8 100644
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -54,6 +54,9 @@ config 40x
select PPC_UDBG_16550
select 4xx_SOC
select HAVE_PCI
+ select PPC_HAVE_KUAP
+ select PPC_HAVE_KUEP
+ select PPC_KUEP if PPC_KUAP
config 44x
bool "AMCC 44x, 46x or 47x"
@@ -401,9 +404,9 @@ config PPC_HAVE_KUEP
bool
config PPC_KUEP
- bool "Kernel Userspace Execution Prevention"
+ bool "Kernel Userspace Execution Prevention" if !40x
depends on PPC_HAVE_KUEP
- default y
+ default y if !40x
help
Enable support for Kernel Userspace Execution Prevention (KUEP)
--
2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>
Cc: linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org
Subject: [PATCH v3 19/22] powerpc/kuap: Wire-up KUAP on 40x
Date: Tue, 19 Oct 2021 09:29:30 +0200 [thread overview]
Message-ID: <aaefa91897ddc42ac11019dc0e1d1a525bd08e90.1634627931.git.christophe.leroy@csgroup.eu> (raw)
In-Reply-To: <cover.1634627931.git.christophe.leroy@csgroup.eu>
This adds KUAP support to 40x. This is done by checking
the content of SPRN_PID at the time user pgtable is loaded.
40x doesn't have KUEP, but KUAP implies KUEP because when the
PID doesn't match the page's PID, the page cannot be read nor
executed.
So KUEP is now automatically selected when KUAP is selected and
disabled when KUAP is disabled.
Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
---
arch/powerpc/kernel/head_40x.S | 8 ++++++++
arch/powerpc/mm/nohash/kup.c | 2 ++
arch/powerpc/platforms/Kconfig.cputype | 7 +++++--
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/head_40x.S b/arch/powerpc/kernel/head_40x.S
index 7d72ee5ab387..87d322dbed94 100644
--- a/arch/powerpc/kernel/head_40x.S
+++ b/arch/powerpc/kernel/head_40x.S
@@ -297,6 +297,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt)
3:
mfspr r11,SPRN_SPRG_THREAD
lwz r11,PGDIR(r11)
+#ifdef CONFIG_PPC_KUAP
+ rlwinm. r9, r9, 0, 0xff
+ beq 5f /* Kuap fault */
+#endif
4:
tophys(r11, r11)
rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
@@ -377,6 +381,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt)
3:
mfspr r11,SPRN_SPRG_THREAD
lwz r11,PGDIR(r11)
+#ifdef CONFIG_PPC_KUAP
+ rlwinm. r9, r9, 0, 0xff
+ beq 5f /* Kuap fault */
+#endif
4:
tophys(r11, r11)
rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
diff --git a/arch/powerpc/mm/nohash/kup.c b/arch/powerpc/mm/nohash/kup.c
index eaea52231dd6..552becf90e97 100644
--- a/arch/powerpc/mm/nohash/kup.c
+++ b/arch/powerpc/mm/nohash/kup.c
@@ -19,6 +19,8 @@ EXPORT_SYMBOL(disable_kuap_key);
void setup_kuap(bool disabled)
{
if (disabled) {
+ if (IS_ENABLED(CONFIG_40x))
+ disable_kuep = true;
if (smp_processor_id() == boot_cpuid)
static_branch_enable(&disable_kuap_key);
return;
diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index e989eeca4c7e..3ea415bcf9b8 100644
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -54,6 +54,9 @@ config 40x
select PPC_UDBG_16550
select 4xx_SOC
select HAVE_PCI
+ select PPC_HAVE_KUAP
+ select PPC_HAVE_KUEP
+ select PPC_KUEP if PPC_KUAP
config 44x
bool "AMCC 44x, 46x or 47x"
@@ -401,9 +404,9 @@ config PPC_HAVE_KUEP
bool
config PPC_KUEP
- bool "Kernel Userspace Execution Prevention"
+ bool "Kernel Userspace Execution Prevention" if !40x
depends on PPC_HAVE_KUEP
- default y
+ default y if !40x
help
Enable support for Kernel Userspace Execution Prevention (KUEP)
--
2.31.1
next prev parent reply other threads:[~2021-10-19 7:30 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-19 7:29 [PATCH v3 00/22] powerpc: Add KUAP support for BOOKE and 40x Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 01/22] Revert "powerpc: Inline setup_kup()" Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 02/22] powerpc/8xx: Activate KUEP at all time Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 03/22] powerpc/44x: " Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 04/22] powerpc/book3e: " Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 05/22] powerpc/32s: Remove capability to disable KUEP at boottime Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 06/22] powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 07/22] powerpc/32s: Save content of sr0 to avoid 'mfsr' Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 08/22] powerpc/kuep: Remove 'nosmep' boot time parameter except for book3s/64 Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 09/22] powerpc/kuap: Add a generic intermediate layer Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 10/22] powerpc/kuap: Check KUAP activation in generic functions Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 11/22] powerpc/kuap: Remove __kuap_assert_locked() Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 12/22] powerpc/kuap: Add kuap_lock() Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 13/22] powerpc/nohash: Move setup_kuap out of 8xx.c Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 14/22] powerpc/config: Add CONFIG_BOOKE_OR_40x Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 15/22] powerpc/kuap: Prepare for supporting KUAP on BOOK3E/64 Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 16/22] powerpc/kuap: Make PPC_KUAP_DEBUG depend on PPC_KUAP only Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 17/22] powerpc: Add KUAP support for BOOKE and 40x Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 18/22] powerpc/kuap: Wire-up KUAP on 44x Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy [this message]
2021-10-19 7:29 ` [PATCH v3 19/22] powerpc/kuap: Wire-up KUAP on 40x Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 20/22] powerpc/kuap: Wire-up KUAP on 85xx in 32 bits mode Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 21/22] powerpc/kuap: Wire-up KUAP on book3e/64 Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-10-19 7:29 ` [PATCH v3 22/22] powerpc: Remove CONFIG_PPC_HAVE_KUAP and CONFIG_PPC_HAVE_KUEP Christophe Leroy
2021-10-19 7:29 ` Christophe Leroy
2021-12-15 0:24 ` [PATCH v3 00/22] powerpc: Add KUAP support for BOOKE and 40x Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aaefa91897ddc42ac11019dc0e1d1a525bd08e90.1634627931.git.christophe.leroy@csgroup.eu \
--to=christophe.leroy@csgroup.eu \
--cc=benh@kernel.crashing.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.