Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp198531pxb; Tue, 19 Oct 2021 00:34:49 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx3m04WH/ot2bMy6dxUrzZ2R9sKnkW8Wkk3dLbFwFWXx/hxo44VA36ZIY/DH+VeIQqLOyUp X-Received: by 2002:a17:906:fb19:: with SMTP id lz25mr37613530ejb.406.1634628889732; Tue, 19 Oct 2021 00:34:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634628889; cv=none; d=google.com; s=arc-20160816; b=Y/wDZIKaHbnSHiQ3qomVpCeBRBZG21lo+egR93wPhwpFDXtF3ri7WLPU5+pNRFS+eN NO3mWh7oDO/KML11/6GKXfZdaM2C8L7JmexdoOBRMU+rDjYUawrEdlrpksjzzht4wrwQ CM2nADq05P2ZINzMbMvyoEPei/8rFgX4QLVLQGvhAqMAhpcGftMVPu4vnoTUaE+VVBEV k0CX6jalVCVf30l0xTtPw2BPP3ec8ofyuspkD75PWb7PjWodBEC70JkudknQIfdlvqfz 2VpCik/B2TSmo4e4UFUmkifQt3jM1DG/z1lgkQOLXtjlHGFKGui46m9hboSs962U4vbx JtNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=RS0dthKXsliKRyW8aLgt59Ii81B//Hc8tDNvlVuXxdg=; b=O/YNFvOmeX0RWsnWVDMQPVcLWBW309Cg5opX+2zG3m4duQ8iyzE+mkDXohWgG+Hoqi VLeAySFom4LtwWoYDkFTKeMU6Pp4d7rkLVSUP/yeSvlmf46ocwgN9xrr0fWDdHknRvpQ HIIZLzIC/mCDDexpPuRxvAGFDolJwi2sBXV+m26gWXAmFIskA2lrn0EPEWWa5dICBGk0 cGRDiKhX0+qAX4WFYELI1Keg3T8WweexSKf28ecHs0Xg+Jo5TNJfroONx4gCtXWfhEQy 8SdEuym74OKs9AuzRPKMxoPPDTOyhh6abfXzJTIF4Uzlmrpo72PeUXtGwLtgBz15+a4W RFtA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m8si22955177eda.236.2021.10.19.00.34.26; Tue, 19 Oct 2021 00:34:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234595AbhJSHc3 (ORCPT + 99 others); Tue, 19 Oct 2021 03:32:29 -0400 Received: from pegase2.c-s.fr ([93.17.235.10]:59985 "EHLO pegase2.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234555AbhJSHcW (ORCPT ); Tue, 19 Oct 2021 03:32:22 -0400 Received: from localhost (mailhub3.si.c-s.fr [172.26.127.67]) by localhost (Postfix) with ESMTP id 4HYQPK6fdWz9sSs; Tue, 19 Oct 2021 09:29:57 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from pegase2.c-s.fr ([172.26.127.65]) by localhost (pegase2.c-s.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NNGsfHxtrcVu; Tue, 19 Oct 2021 09:29:57 +0200 (CEST) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase2.c-s.fr (Postfix) with ESMTP id 4HYQP71WBlz9sSB; Tue, 19 Oct 2021 09:29:47 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 1DC498B774; Tue, 19 Oct 2021 09:29:47 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id W4Q0S6JCujtc; Tue, 19 Oct 2021 09:29:47 +0200 (CEST) Received: from PO20335.IDSI0.si.c-s.fr (unknown [192.168.203.71]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 358F78B780; Tue, 19 Oct 2021 09:29:46 +0200 (CEST) Received: from PO20335.IDSI0.si.c-s.fr (localhost [127.0.0.1]) by PO20335.IDSI0.si.c-s.fr (8.16.1/8.16.1) with ESMTPS id 19J7Tc0o3188406 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 19 Oct 2021 09:29:38 +0200 Received: (from chleroy@localhost) by PO20335.IDSI0.si.c-s.fr (8.16.1/8.16.1/Submit) id 19J7TcMM3188405; Tue, 19 Oct 2021 09:29:38 +0200 X-Authentication-Warning: PO20335.IDSI0.si.c-s.fr: chleroy set sender to christophe.leroy@csgroup.eu using -f From: Christophe Leroy To: Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman Cc: Christophe Leroy , linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Subject: [PATCH v3 02/22] powerpc/8xx: Activate KUEP at all time Date: Tue, 19 Oct 2021 09:29:13 +0200 Message-Id: <2129e86944323ffe9ed07fffbeafdfd2e363690a.1634627931.git.christophe.leroy@csgroup.eu> X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1634628570; l=2690; s=20211009; h=from:subject:message-id; bh=5Hcdv8SHIZckvsLT7lpELb/CUd26NlE7taSteKwUXZA=; b=NgJ8+OxHimFcWO7poaSvDync6cdDnVZrgCezl2Kz2YCPL9LQ/wxXZw9xrL367SftBVdsb1ibyqNv nga1NqMLA6TDQFW4C3AN9Suf6NNLtludWcJXxKX9i8P9KEBgkL64 X-Developer-Key: i=christophe.leroy@csgroup.eu; a=ed25519; pk=HIzTzUj91asvincQGOFx6+ZF5AoUuP9GdOtQChs7Mm0= Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On the 8xx, there is absolutely no runtime impact with KUEP. Protection against execution of user code in kernel mode is set up at boot time by configuring the groups with contain all user pages as having swapped protection rights, in extenso EX for user and NA for supervisor. Configure KUEP at startup and force selection of CONFIG_PPC_KUEP. Signed-off-by: Christophe Leroy --- arch/powerpc/include/asm/nohash/32/mmu-8xx.h | 6 ++---- arch/powerpc/mm/nohash/8xx.c | 5 ----- arch/powerpc/platforms/Kconfig.cputype | 1 + 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/arch/powerpc/include/asm/nohash/32/mmu-8xx.h b/arch/powerpc/include/asm/nohash/32/mmu-8xx.h index 997cec973406..0e93a4728c9e 100644 --- a/arch/powerpc/include/asm/nohash/32/mmu-8xx.h +++ b/arch/powerpc/include/asm/nohash/32/mmu-8xx.h @@ -39,12 +39,10 @@ * 0 => Kernel => 11 (all accesses performed according as user iaw page definition) * 1 => Kernel+Accessed => 01 (all accesses performed according to page definition) * 2 => User => 11 (all accesses performed according as user iaw page definition) - * 3 => User+Accessed => 00 (all accesses performed as supervisor iaw page definition) for INIT - * => 10 (all accesses performed according to swaped page definition) for KUEP + * 3 => User+Accessed => 10 (all accesses performed according to swaped page definition) for KUEP * 4-15 => Not Used */ -#define MI_APG_INIT 0xdc000000 -#define MI_APG_KUEP 0xde000000 +#define MI_APG_INIT 0xde000000 /* The effective page number register. When read, contains the information * about the last instruction TLB miss. When MI_RPN is written, bits in diff --git a/arch/powerpc/mm/nohash/8xx.c b/arch/powerpc/mm/nohash/8xx.c index baa1f8a40af8..e878e8124ee6 100644 --- a/arch/powerpc/mm/nohash/8xx.c +++ b/arch/powerpc/mm/nohash/8xx.c @@ -215,12 +215,7 @@ void __init setup_initial_memory_limit(phys_addr_t first_memblock_base, #ifdef CONFIG_PPC_KUEP void setup_kuep(bool disabled) { - if (disabled) - return; - pr_info("Activating Kernel Userspace Execution Prevention\n"); - - mtspr(SPRN_MI_AP, MI_APG_KUEP); } #endif diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype index a208997ade88..66650ec1c7e6 100644 --- a/arch/powerpc/platforms/Kconfig.cputype +++ b/arch/powerpc/platforms/Kconfig.cputype @@ -43,6 +43,7 @@ config PPC_8xx select ARCH_SUPPORTS_HUGETLBFS select FSL_SOC select PPC_HAVE_KUEP + select PPC_KUEP select PPC_HAVE_KUAP select HAVE_ARCH_VMAP_STACK select HUGETLBFS -- 2.31.1