From: Russell Currey <ruscur@russell.cc>
To: linuxppc-dev@lists.ozlabs.org
Cc: kernel-hardening@lists.openwall.com, Russell Currey <ruscur@russell.cc>
Subject: [PATCH 3/4] powerpc/mm/radix: Use KUEP API for Radix MMU
Date: Fri, 23 Nov 2018 01:04:15 +1100 [thread overview]
Message-ID: <20181122140416.3447-4-ruscur@russell.cc> (raw)
In-Reply-To: <20181122140416.3447-1-ruscur@russell.cc>
Execution protection already exists on radix, this just refactors
the radix init to provide the KUEP setup function instead.
Thus, the only functional change is that it can now be disabled.
Signed-off-by: Russell Currey <ruscur@russell.cc>
---
arch/powerpc/mm/pgtable-radix.c | 9 ++++++---
arch/powerpc/platforms/Kconfig.cputype | 1 +
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c
index 931156069a81..f08a459b4255 100644
--- a/arch/powerpc/mm/pgtable-radix.c
+++ b/arch/powerpc/mm/pgtable-radix.c
@@ -535,8 +535,13 @@ static void radix_init_amor(void)
mtspr(SPRN_AMOR, (3ul << 62));
}
-static void radix_init_iamr(void)
+void setup_kuep(bool disabled)
{
+ if (disabled)
+ return;
+
+ pr_warn("Activating Kernel Userspace Execution Prevention\n");
+
/*
* Radix always uses key0 of the IAMR to determine if an access is
* allowed. We set bit 0 (IBM bit 1) of key0, to prevent instruction
@@ -605,7 +610,6 @@ void __init radix__early_init_mmu(void)
memblock_set_current_limit(MEMBLOCK_ALLOC_ANYWHERE);
- radix_init_iamr();
radix_init_pgtable();
/* Switch to the guard PID before turning on MMU */
radix__switch_mmu_context(NULL, &init_mm);
@@ -627,7 +631,6 @@ void radix__early_init_mmu_secondary(void)
__pa(partition_tb) | (PATB_SIZE_SHIFT - 12));
radix_init_amor();
}
- radix_init_iamr();
radix__switch_mmu_context(NULL, &init_mm);
if (cpu_has_feature(CPU_FTR_HVMODE))
diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index a20669a9ec13..e6831d0ec159 100644
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -334,6 +334,7 @@ config PPC_RADIX_MMU
bool "Radix MMU Support"
depends on PPC_BOOK3S_64
select ARCH_HAS_GIGANTIC_PAGE if (MEMORY_ISOLATION && COMPACTION) || CMA
+ select PPC_HAVE_KUEP
default y
help
Enable support for the Power ISA 3.0 Radix style MMU. Currently this
--
2.19.1
WARNING: multiple messages have this Message-ID (diff)
From: Russell Currey <ruscur@russell.cc>
To: linuxppc-dev@lists.ozlabs.org
Cc: mpe@ellerman.id.au, benh@kernel.crashing.org,
kernel-hardening@lists.openwall.com, christophe.leroy@c-s.fr,
Russell Currey <ruscur@russell.cc>
Subject: [PATCH 3/4] powerpc/mm/radix: Use KUEP API for Radix MMU
Date: Fri, 23 Nov 2018 01:04:15 +1100 [thread overview]
Message-ID: <20181122140416.3447-4-ruscur@russell.cc> (raw)
In-Reply-To: <20181122140416.3447-1-ruscur@russell.cc>
Execution protection already exists on radix, this just refactors
the radix init to provide the KUEP setup function instead.
Thus, the only functional change is that it can now be disabled.
Signed-off-by: Russell Currey <ruscur@russell.cc>
---
arch/powerpc/mm/pgtable-radix.c | 9 ++++++---
arch/powerpc/platforms/Kconfig.cputype | 1 +
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c
index 931156069a81..f08a459b4255 100644
--- a/arch/powerpc/mm/pgtable-radix.c
+++ b/arch/powerpc/mm/pgtable-radix.c
@@ -535,8 +535,13 @@ static void radix_init_amor(void)
mtspr(SPRN_AMOR, (3ul << 62));
}
-static void radix_init_iamr(void)
+void setup_kuep(bool disabled)
{
+ if (disabled)
+ return;
+
+ pr_warn("Activating Kernel Userspace Execution Prevention\n");
+
/*
* Radix always uses key0 of the IAMR to determine if an access is
* allowed. We set bit 0 (IBM bit 1) of key0, to prevent instruction
@@ -605,7 +610,6 @@ void __init radix__early_init_mmu(void)
memblock_set_current_limit(MEMBLOCK_ALLOC_ANYWHERE);
- radix_init_iamr();
radix_init_pgtable();
/* Switch to the guard PID before turning on MMU */
radix__switch_mmu_context(NULL, &init_mm);
@@ -627,7 +631,6 @@ void radix__early_init_mmu_secondary(void)
__pa(partition_tb) | (PATB_SIZE_SHIFT - 12));
radix_init_amor();
}
- radix_init_iamr();
radix__switch_mmu_context(NULL, &init_mm);
if (cpu_has_feature(CPU_FTR_HVMODE))
diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index a20669a9ec13..e6831d0ec159 100644
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -334,6 +334,7 @@ config PPC_RADIX_MMU
bool "Radix MMU Support"
depends on PPC_BOOK3S_64
select ARCH_HAS_GIGANTIC_PAGE if (MEMORY_ISOLATION && COMPACTION) || CMA
+ select PPC_HAVE_KUEP
default y
help
Enable support for the Power ISA 3.0 Radix style MMU. Currently this
--
2.19.1
next prev parent reply other threads:[~2018-11-22 14:16 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-22 14:04 [PATCH 0/4] Kernel Userspace Protection for Radix MMU Russell Currey
2018-11-22 14:04 ` Russell Currey
2018-11-22 14:04 ` [PATCH 1/4] powerpc: Track KUAP state in the PACA Russell Currey
2018-11-22 14:04 ` Russell Currey
2018-11-28 9:38 ` Christophe Leroy
2018-11-28 9:38 ` Christophe Leroy
2018-11-22 14:04 ` [PATCH 2/4] powerpc/64: Setup KUP before feature fixups Russell Currey
2018-11-22 14:04 ` Russell Currey
2018-11-28 9:38 ` Christophe Leroy
2018-11-28 9:38 ` Christophe Leroy
2018-11-22 14:04 ` Russell Currey [this message]
2018-11-22 14:04 ` [PATCH 3/4] powerpc/mm/radix: Use KUEP API for Radix MMU Russell Currey
2018-11-22 14:04 ` [PATCH 4/4] powerpc/64s: Implement KUAP " Russell Currey
2018-11-22 14:04 ` Russell Currey
2018-11-28 9:39 ` Christophe Leroy
2018-11-28 9:39 ` Christophe Leroy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181122140416.3447-4-ruscur@russell.cc \
--to=ruscur@russell.cc \
--cc=kernel-hardening@lists.openwall.com \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.