Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp199240pxb; Tue, 19 Oct 2021 00:36:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzo64l/lXgQGjZKlJjdHXzqBA9VZXiGu7emKiX38rfrlzLt6QLOjNyQBD67K+fvVh6DPcN7 X-Received: by 2002:a17:907:2bec:: with SMTP id gv44mr35089706ejc.523.1634628961518; Tue, 19 Oct 2021 00:36:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1634628961; cv=none; d=google.com; s=arc-20160816; b=SzDNf1JuKr/d0aNJrV9ZXBHhwm+mrAACUvNKWG1Il2M9n2ikEiW+LRxGcuEF7MFqzx Kafcgvvd3aU4wqGEaazgK7n3YsX7COHygm17ds93qqatQeXXPs6W5EQLjDl7SHXaDh9V nN/YTcm+gDRQqxbCcbkUJUXZOTlPaHXLdc6i7Uevz8xXYiAm9wE7Zpty/p5mNzD5VPNb FS0RTrR/8lon/KGVp51S+TmZLZsy/8durlQDb/kB8EK+nODj2iRoU5obEjC7exSc9/oH BRm4+bkXCHc1LuwV8cE2TdDPxSSpdIZf+SeBkvqPYEeOiGiXVXUTzrZEveWDn7SSXbDA 0bcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=q3LGdiX31tBWoSOCYNhtWdo6Lj7ornQirNzapVrZUsE=; b=wj4s96Q4Mc4a7q91Kit2YKNvMi/hXZHQPHwtE0hT77V+crG4H4OV9AqXpJYRO3kTDg 6IsXmMXOMi0a5x+mnb2XkHW0B2XbVN6gWMYeyyfODq1emxcuEBRx2ndQQeb65EsX3MxK FiXB3wPgj1EuAUOICFxbjOuLELiLFOsf9eLgD/gmff9arhsyGNtIrp0Mt9bzrdhF4Yjx i31djE6kqZJrhx7k4jNK8YM1x7IUV+1Qb7muWnwy1Qwh0atja41YKD1yG370aW+oWxPv k7Q5IInAhx7aDvNKzvOYRFxbPXtbLsHM/5MrLGt3UF1VlWopU2QNZ5MKbC1GcEx9v44T bHDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c6si737687ede.201.2021.10.19.00.35.38; Tue, 19 Oct 2021 00:36:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234576AbhJSHdD (ORCPT + 99 others); Tue, 19 Oct 2021 03:33:03 -0400 Received: from pegase2.c-s.fr ([93.17.235.10]:59985 "EHLO pegase2.c-s.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234604AbhJSHc7 (ORCPT ); Tue, 19 Oct 2021 03:32:59 -0400 Received: from localhost (mailhub3.si.c-s.fr [172.26.127.67]) by localhost (Postfix) with ESMTP id 4HYQPT1bhwz9sSy; Tue, 19 Oct 2021 09:30:05 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from pegase2.c-s.fr ([172.26.127.65]) by localhost (pegase2.c-s.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VpZCWy4vA14R; Tue, 19 Oct 2021 09:30:05 +0200 (CEST) Received: from messagerie.si.c-s.fr (messagerie.si.c-s.fr [192.168.25.192]) by pegase2.c-s.fr (Postfix) with ESMTP id 4HYQP76jrzz9sT5; Tue, 19 Oct 2021 09:29:47 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by messagerie.si.c-s.fr (Postfix) with ESMTP id D89788B77A; Tue, 19 Oct 2021 09:29:47 +0200 (CEST) X-Virus-Scanned: amavisd-new at c-s.fr Received: from messagerie.si.c-s.fr ([127.0.0.1]) by localhost (messagerie.si.c-s.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id geo6tS1kxhkX; Tue, 19 Oct 2021 09:29:47 +0200 (CEST) Received: from PO20335.IDSI0.si.c-s.fr (unknown [192.168.203.71]) by messagerie.si.c-s.fr (Postfix) with ESMTP id 49C4D8B775; Tue, 19 Oct 2021 09:29:47 +0200 (CEST) Received: from PO20335.IDSI0.si.c-s.fr (localhost [127.0.0.1]) by PO20335.IDSI0.si.c-s.fr (8.16.1/8.16.1) with ESMTPS id 19J7TexR3188474 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Tue, 19 Oct 2021 09:29:41 +0200 Received: (from chleroy@localhost) by PO20335.IDSI0.si.c-s.fr (8.16.1/8.16.1/Submit) id 19J7TenP3188473; Tue, 19 Oct 2021 09:29:40 +0200 X-Authentication-Warning: PO20335.IDSI0.si.c-s.fr: chleroy set sender to christophe.leroy@csgroup.eu using -f From: Christophe Leroy To: Benjamin Herrenschmidt , Paul Mackerras , Michael Ellerman Cc: Christophe Leroy , linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org Subject: [PATCH v3 19/22] powerpc/kuap: Wire-up KUAP on 40x Date: Tue, 19 Oct 2021 09:29:30 +0200 Message-Id: X-Mailer: git-send-email 2.31.1 In-Reply-To: References: MIME-Version: 1.0 X-Developer-Signature: v=1; a=ed25519-sha256; t=1634628571; l=2653; s=20211009; h=from:subject:message-id; bh=lokrLs3DZDqJaYcqtprZW1ISKkGum5yW6sw3BWrgy7s=; b=+QZqSDpvSNmtGimfYAfH/kpLL/FdrUbaLObbbdD+Px9juRcFRY7ppsYvnKwWn1rzi7wGOetm305n 9AmtxPYqAro3vaOLyuQLK1AYNTLRY3vW0s3Ic8emKPEoJ6G3rF8w X-Developer-Key: i=christophe.leroy@csgroup.eu; a=ed25519; pk=HIzTzUj91asvincQGOFx6+ZF5AoUuP9GdOtQChs7Mm0= Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This adds KUAP support to 40x. This is done by checking the content of SPRN_PID at the time user pgtable is loaded. 40x doesn't have KUEP, but KUAP implies KUEP because when the PID doesn't match the page's PID, the page cannot be read nor executed. So KUEP is now automatically selected when KUAP is selected and disabled when KUAP is disabled. Signed-off-by: Christophe Leroy --- arch/powerpc/kernel/head_40x.S | 8 ++++++++ arch/powerpc/mm/nohash/kup.c | 2 ++ arch/powerpc/platforms/Kconfig.cputype | 7 +++++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/kernel/head_40x.S b/arch/powerpc/kernel/head_40x.S index 7d72ee5ab387..87d322dbed94 100644 --- a/arch/powerpc/kernel/head_40x.S +++ b/arch/powerpc/kernel/head_40x.S @@ -297,6 +297,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt) 3: mfspr r11,SPRN_SPRG_THREAD lwz r11,PGDIR(r11) +#ifdef CONFIG_PPC_KUAP + rlwinm. r9, r9, 0, 0xff + beq 5f /* Kuap fault */ +#endif 4: tophys(r11, r11) rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */ @@ -377,6 +381,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt) 3: mfspr r11,SPRN_SPRG_THREAD lwz r11,PGDIR(r11) +#ifdef CONFIG_PPC_KUAP + rlwinm. r9, r9, 0, 0xff + beq 5f /* Kuap fault */ +#endif 4: tophys(r11, r11) rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */ diff --git a/arch/powerpc/mm/nohash/kup.c b/arch/powerpc/mm/nohash/kup.c index eaea52231dd6..552becf90e97 100644 --- a/arch/powerpc/mm/nohash/kup.c +++ b/arch/powerpc/mm/nohash/kup.c @@ -19,6 +19,8 @@ EXPORT_SYMBOL(disable_kuap_key); void setup_kuap(bool disabled) { if (disabled) { + if (IS_ENABLED(CONFIG_40x)) + disable_kuep = true; if (smp_processor_id() == boot_cpuid) static_branch_enable(&disable_kuap_key); return; diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype index e989eeca4c7e..3ea415bcf9b8 100644 --- a/arch/powerpc/platforms/Kconfig.cputype +++ b/arch/powerpc/platforms/Kconfig.cputype @@ -54,6 +54,9 @@ config 40x select PPC_UDBG_16550 select 4xx_SOC select HAVE_PCI + select PPC_HAVE_KUAP + select PPC_HAVE_KUEP + select PPC_KUEP if PPC_KUAP config 44x bool "AMCC 44x, 46x or 47x" @@ -401,9 +404,9 @@ config PPC_HAVE_KUEP bool config PPC_KUEP - bool "Kernel Userspace Execution Prevention" + bool "Kernel Userspace Execution Prevention" if !40x depends on PPC_HAVE_KUEP - default y + default y if !40x help Enable support for Kernel Userspace Execution Prevention (KUEP) -- 2.31.1