Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp99037pxj; Thu, 3 Jun 2021 01:43:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBKuVEB/TE1n0Tgl2aOqXkBB+pKYvux4CBs5YnwpJN7t2rVmYA3HOWjFwr6GBCBzzt3Cn3 X-Received: by 2002:a17:906:944a:: with SMTP id z10mr14892768ejx.224.1622709834945; Thu, 03 Jun 2021 01:43:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622709834; cv=none; d=google.com; s=arc-20160816; b=gCLdcs4q3SJkRX3/WzvEmpZgA8b074nDPUJ4gAF5g0o9xekEw69bPdQqYd/oZ79PX+ iB5973LOkIYrLC5G71RIHIshRhdf0UgKLV14m/c9Pex/fT4CTnZ8PNeMjE0EeSf316zl vfF0gdUMFJJOfUTCeKELykfzpULgMcGEEk0ZXx2IDcRB8YhBCFnXP4sIYlqcVEtl3hNQ bpBJOepF1ejcywrx+TPx9uQv1JVq/LKHcn0VNloXanRRYlNVtsum2EJYKrb7tKMs+G/1 46LK63C2eb3fUGVnjvsMEFPdMqesweLgH47DXJ478PBRH2Zo1GiAv+XnO5R0Nt6w458H LxoA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:date:cc:to:subject:from:references:in-reply-to :message-id; bh=X4MXHRIhcTsx2K/9dsbvyuNlYjzGu15q3gPforHyxNs=; b=ayAA5SfSp70Z3OV3rMQQTshmBQ77Auxj986RaDexprpXwnozwnoEU4hv22C7MJ9R5i hvahPRafc3bPYYGoNljVUqA50xvk1Flu6sK+QlQJD4de1LU3caUvEgkFHUgcuswO0tMy EQ8SPtEsicVA+g8dzII+gWPYV1N+CwSPHDX95IdwwMURWWrcI2GRnlB0PX/aScuC2WAC 5QSE7KmWhCSj4PuMWApIpWvUUlOPwWjV34XL9BdkPyLypC1QyfcKO5FECD4I+/TbO/0z l03KgoeMrq/F3ncswC1Fkuxn0TrIRIYidUy4qCzKF6CpCJjw+j1V7w7YqC/kyDN+bh5y LOyw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m18si1784899edd.534.2021.06.03.01.43.32; Thu, 03 Jun 2021 01:43:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229973AbhFCIno (ORCPT + 99 others); Thu, 3 Jun 2021 04:43:44 -0400 Received: from pegase1.c-s.fr ([93.17.236.30]:31268 "EHLO pegase1.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229957AbhFCIno (ORCPT ); Thu, 3 Jun 2021 04:43:44 -0400 Received: from localhost (mailhub3.si.c-s.fr [192.168.12.233]) by localhost (Postfix) with ESMTP id 4FwfWs1NQrzBC5Z; Thu, 3 Jun 2021 10:41:45 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V4EBwsJlEyvK; Thu, 3 Jun 2021 10:41:45 +0200 (CEST) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 4FwfWr4QP3zBC5j; Thu, 3 Jun 2021 10:41:44 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 8524A8B84A; Thu, 3 Jun 2021 10:41:44 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 4Vp1RjwRe-SV; Thu, 3 Jun 2021 10:41:44 +0200 (CEST) Received: from po15610vm.idsi0.si.c-s.fr (unknown [192.168.4.90]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 1FCFA8B767; Thu, 3 Jun 2021 10:41:44 +0200 (CEST) Received: by po15610vm.idsi0.si.c-s.fr (Postfix, from userid 0) id E23A164BD2; Thu, 3 Jun 2021 08:41:43 +0000 (UTC) Message-Id: In-Reply-To: References: From: Christophe Leroy Subject: [PATCH v2 08/12] powerpc/32s: Allow disabling KUAP at boot time To: Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Date: Thu, 3 Jun 2021 08:41:43 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org PPC64 uses MMU features to enable/disable KUAP at boot time. But feature fixups are applied way too early on PPC32. Now that all KUAP related actions are in C following the conversion of KUAP initial setup and context switch in C, static branches can be used to enable/disable KUAP. Signed-off-by: Christophe Leroy --- arch/powerpc/include/asm/book3s/32/kup.h | 27 +++++++++++++++++++++++- arch/powerpc/mm/book3s32/kuap.c | 11 ++++++---- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/32/kup.h b/arch/powerpc/include/asm/book3s/32/kup.h index 2854d970dabe..68fbe28c6d7e 100644 --- a/arch/powerpc/include/asm/book3s/32/kup.h +++ b/arch/powerpc/include/asm/book3s/32/kup.h @@ -9,11 +9,12 @@ #include +extern struct static_key_false disable_kuap_key; extern struct static_key_false disable_kuep_key; static __always_inline bool kuap_is_disabled(void) { - return !IS_ENABLED(CONFIG_PPC_KUAP); + return !IS_ENABLED(CONFIG_PPC_KUAP) || static_branch_unlikely(&disable_kuap_key); } static __always_inline bool kuep_is_disabled(void) @@ -62,6 +63,9 @@ static inline void kuap_save_and_lock(struct pt_regs *regs) u32 addr = kuap & 0xf0000000; u32 end = kuap << 28; + if (kuap_is_disabled()) + return; + regs->kuap = kuap; if (unlikely(!kuap)) return; @@ -79,6 +83,9 @@ static inline void kuap_kernel_restore(struct pt_regs *regs, unsigned long kuap) u32 addr = regs->kuap & 0xf0000000; u32 end = regs->kuap << 28; + if (kuap_is_disabled()) + return; + current->thread.kuap = regs->kuap; if (unlikely(regs->kuap == kuap)) @@ -91,6 +98,9 @@ static inline unsigned long kuap_get_and_assert_locked(void) { unsigned long kuap = current->thread.kuap; + if (kuap_is_disabled()) + return 0; + WARN_ON_ONCE(IS_ENABLED(CONFIG_PPC_KUAP_DEBUG) && kuap != 0); return kuap; @@ -106,6 +116,9 @@ static __always_inline void allow_user_access(void __user *to, const void __user { u32 addr, end; + if (kuap_is_disabled()) + return; + BUILD_BUG_ON(!__builtin_constant_p(dir)); BUILD_BUG_ON(dir & ~KUAP_READ_WRITE); @@ -128,6 +141,9 @@ static __always_inline void prevent_user_access(void __user *to, const void __us { u32 addr, end; + if (kuap_is_disabled()) + return; + BUILD_BUG_ON(!__builtin_constant_p(dir)); if (dir & KUAP_CURRENT_WRITE) { @@ -159,6 +175,9 @@ static inline unsigned long prevent_user_access_return(void) unsigned long end = flags << 28; void __user *to = (__force void __user *)addr; + if (kuap_is_disabled()) + return 0; + if (flags) prevent_user_access(to, to, end - addr, KUAP_READ_WRITE); @@ -171,6 +190,9 @@ static inline void restore_user_access(unsigned long flags) unsigned long end = flags << 28; void __user *to = (__force void __user *)addr; + if (kuap_is_disabled()) + return; + if (flags) allow_user_access(to, to, end - addr, KUAP_READ_WRITE); } @@ -181,6 +203,9 @@ bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write) unsigned long begin = regs->kuap & 0xf0000000; unsigned long end = regs->kuap << 28; + if (kuap_is_disabled()) + return false; + return is_write && (address < begin || address >= end); } diff --git a/arch/powerpc/mm/book3s32/kuap.c b/arch/powerpc/mm/book3s32/kuap.c index 5533ed92ab3d..a4ce6cdc28e5 100644 --- a/arch/powerpc/mm/book3s32/kuap.c +++ b/arch/powerpc/mm/book3s32/kuap.c @@ -3,15 +3,18 @@ #include #include +struct static_key_false disable_kuap_key; + void __init setup_kuap(bool disabled) { - kuap_update_sr(mfsr(0) | SR_KS, 0, TASK_SIZE); + if (!disabled) + kuap_update_sr(mfsr(0) | SR_KS, 0, TASK_SIZE); if (smp_processor_id() != boot_cpuid) return; - pr_info("Activating Kernel Userspace Access Protection\n"); - if (disabled) - pr_warn("KUAP cannot be disabled yet on 6xx when compiled in\n"); + static_branch_enable(&disable_kuap_key); + else + pr_info("Activating Kernel Userspace Access Protection\n"); } -- 2.25.0