Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp99229pxj; Thu, 3 Jun 2021 01:44:22 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz2Odd8P7rfvmgXkdtC/InsfCB7W2VL1m78/3R0exSl31JQUDdXFV96Q51dW+NgAn8RNARx X-Received: by 2002:a05:6402:175b:: with SMTP id v27mr5209685edx.61.1622709862269; Thu, 03 Jun 2021 01:44:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1622709862; cv=none; d=google.com; s=arc-20160816; b=T8DGkM+9yS0iU2IcTP8btmOvVUOmtWDJiyTbXUm9Pk5jBIoYkwbJrBolY1fmvCK6Nn F5Zsmh0ikOaPIz9XAgvepwRaJ8fPZDjYgFvoTFKsI4hFz1AH4ANjFeweIZugWmGWBPLU yccjs1uwcaMvvwJib1AFCQGDxvTizbEFORreEyTNP87n9goqYP1q9HajG1viyQhx+2+N kN5KlaNF2nI+8LvYgk2Uf8mIKn4PDMVtxkP/h9v77yHP5q+D0A7P4aVESTpIQcEds4v6 HIwFbR9eGO8zXWPMgeVrI11ApRQZ+ClN5uEzHe9JRIIogWINTwbiKOZA5wXW3g9nNwP8 fAvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:date:cc:to:subject:from:references:in-reply-to :message-id; bh=hlpmVnvBb7LJ9XGRVA7zRlMK+FQrdBVun3mPTB3zWmE=; b=hQGcD2qIZBqJzOJFxnK4ARbNmu5LxwYrwVodGOXzIemDg94jdRKdsC97Ovyj6qz/ZT 6lzucc9pJKx9Er/jCFZm+NPArlo5CAq0agRi6QPZFU9kNYEnZ2yzuDbE1wMVn4YIckNL 9GVcniTOR5Mn3lWYUFgqq4mkuEm+jM3YlUmFNOlw6mSKJs/czBzs5Wvo9oz3yHuFjN1x LnDUtphUAZHxF6EZiP2e0fSMSnS6QzeOH1py8Wit/20jDv84ZzGJyqRmkjGzjZ09HsGL NtSvb+yaq/fVn16/cn3fN02VSl1CYKZSyi6ekNW53bWUU6m1zkjM4530TjsBUmsFBP7n Dw3w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h8si1864424edz.253.2021.06.03.01.43.59; Thu, 03 Jun 2021 01:44:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229958AbhFCIni (ORCPT + 99 others); Thu, 3 Jun 2021 04:43:38 -0400 Received: from pegase1.c-s.fr ([93.17.236.30]:7043 "EHLO pegase1.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229957AbhFCInh (ORCPT ); Thu, 3 Jun 2021 04:43:37 -0400 Received: from localhost (mailhub3.si.c-s.fr [192.168.12.233]) by localhost (Postfix) with ESMTP id 4FwfWq3wCGzBC5t; Thu, 3 Jun 2021 10:41:43 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from pegase1.c-s.fr ([192.168.12.234]) by localhost (pegase1.c-s.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KGifkoVJYrlT; Thu, 3 Jun 2021 10:41:43 +0200 (CEST) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase1.c-s.fr (Postfix) with ESMTP id 4FwfWq32frzBC5Z; Thu, 3 Jun 2021 10:41:43 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 4DAA98B848; Thu, 3 Jun 2021 10:41:43 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id ItFa-XmzSvDZ; Thu, 3 Jun 2021 10:41:43 +0200 (CEST) Received: from po15610vm.idsi0.si.c-s.fr (unknown [192.168.4.90]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 0BD838B767; Thu, 3 Jun 2021 10:41:43 +0200 (CEST) Received: by po15610vm.idsi0.si.c-s.fr (Postfix, from userid 0) id DB86964BD2; Thu, 3 Jun 2021 08:41:42 +0000 (UTC) Message-Id: <7745a2c3a08ec46302920a3f48d1cb9b5469dbbb.1622708530.git.christophe.leroy@csgroup.eu> In-Reply-To: References: From: Christophe Leroy Subject: [PATCH v2 07/12] powerpc/32s: Allow disabling KUEP at boot time To: Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman Cc: linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Date: Thu, 3 Jun 2021 08:41:42 +0000 (UTC) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org PPC64 uses MMU features to enable/disable KUEP at boot time. But feature fixups are applied way too early on PPC32. Now that all KUEP related actions are in C following the conversion of KUEP initial setup and context switch in C, static branches can be used to enable/disable KUEP. Signed-off-by: Christophe Leroy --- arch/powerpc/include/asm/book3s/32/kup.h | 6 +++++- arch/powerpc/mm/book3s32/kuep.c | 11 +++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/32/kup.h b/arch/powerpc/include/asm/book3s/32/kup.h index 618ffc8e4ee9..2854d970dabe 100644 --- a/arch/powerpc/include/asm/book3s/32/kup.h +++ b/arch/powerpc/include/asm/book3s/32/kup.h @@ -7,6 +7,10 @@ #ifndef __ASSEMBLY__ +#include + +extern struct static_key_false disable_kuep_key; + static __always_inline bool kuap_is_disabled(void) { return !IS_ENABLED(CONFIG_PPC_KUAP); @@ -14,7 +18,7 @@ static __always_inline bool kuap_is_disabled(void) static __always_inline bool kuep_is_disabled(void) { - return !IS_ENABLED(CONFIG_PPC_KUEP); + return !IS_ENABLED(CONFIG_PPC_KUEP) || static_branch_unlikely(&disable_kuep_key); } static inline void kuep_lock(void) diff --git a/arch/powerpc/mm/book3s32/kuep.c b/arch/powerpc/mm/book3s32/kuep.c index 3147e2edcf63..3f6eb6e23fca 100644 --- a/arch/powerpc/mm/book3s32/kuep.c +++ b/arch/powerpc/mm/book3s32/kuep.c @@ -3,15 +3,18 @@ #include #include +struct static_key_false disable_kuep_key; + void __init setup_kuep(bool disabled) { - kuep_lock(); + if (!disabled) + kuep_lock(); if (smp_processor_id() != boot_cpuid) return; - pr_info("Activating Kernel Userspace Execution Prevention\n"); - if (disabled) - pr_warn("KUEP cannot be disabled yet on 6xx when compiled in\n"); + static_branch_enable(&disable_kuep_key); + else + pr_info("Activating Kernel Userspace Execution Prevention\n"); } -- 2.25.0