Received: by 10.223.164.202 with SMTP id h10csp17282wrb; Mon, 6 Nov 2017 01:39:18 -0800 (PST) X-Google-Smtp-Source: ABhQp+QYw+hUYDt0kDvWFVfI3H4YF+i43gttFMzVNNvaWM2EATMpsyT/Ljl6RbVNXaU12W9XNOGo X-Received: by 10.98.182.15 with SMTP id j15mr16082687pff.47.1509961158593; Mon, 06 Nov 2017 01:39:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1509961158; cv=none; d=google.com; s=arc-20160816; b=kr3c90A3rUKnCRz6ne1GZQnJb3UZEAPpWJyRc2LyiFVyB6yoGh5m+CgtEGhcm7fZKQ Cy1Ngakw6KcqcS8SLs7rKxblYucuL7O3CQ0EF/lKeQJtX4XEZ4GZ6joebvh2vCMQcXKN vh3cpbpL7N3L/iqpJmlfkgmSbTO0ZS1WY7oeAD0UIMXMdu7TGSUyKPj6b4QWWUP8ucwv bCZ/y+j8TMmOlyI6I4aS0OK7/SnNIk9uribsKChbVzdSLaD/BxNPY+JqJIfVXqTIKV67 0T31sasjejGMdOW7U+y4GiA8m4OpY6v6u2FiuBRT1lD09OrM21LKfg7cv9h9TjEsPxzx WpxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=4wGT81IyHrl/Fru34JWsTzC/02R+E/sRN0EOjwOfmvk=; b=cnWLh3ewGzMWc/j8Pug0gmAGpTC9BXO5Vmd4EEmn+8OmdQDBwBEMbOK49N+Ngjqvow tbbF8CliWEV5Qd0xdqrT7ePAF2T2g3gdCuXkBSqHSxY80uud6aIatkKrONlWWw9BaOJo nhTJ9pG4p4l1sidwVOrctNwSA1PhQI/R5EbZ380HTIwXvEfK/OVhVfPECs3NVhkFAEzz owtPLbZ4Zzq8b2bsABiw9pVLdx0kg3ZqsKmJ3SIbun5qvj6bhFeml8Ccye8rQIf/KxWb kIjVsF6qjMxlSwX7kmifutZsxpwz2Bno5sAAlT3d+7PsQnIm9I0wxhYJiesdeygcacVF TDJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=htl8PzzH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 3si9893489pli.734.2017.11.06.01.39.05; Mon, 06 Nov 2017 01:39:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=htl8PzzH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752340AbdKFJhW (ORCPT + 98 others); Mon, 6 Nov 2017 04:37:22 -0500 Received: from mail-qt0-f195.google.com ([209.85.216.195]:47388 "EHLO mail-qt0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751959AbdKFI6v (ORCPT ); Mon, 6 Nov 2017 03:58:51 -0500 Received: by mail-qt0-f195.google.com with SMTP id z50so10006750qtj.4; Mon, 06 Nov 2017 00:58:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=4wGT81IyHrl/Fru34JWsTzC/02R+E/sRN0EOjwOfmvk=; b=htl8PzzHnWd5EL/tim9Vrs57xXyXLqsqJCQMjdDsXkhCbt5aMf5JmR1SKEu3F9uzAT op51hY+myPQv2fEVQVzrOFZbYUQYZoxPxciZWJ9ZZE6lMYg3pH+Bg7VemzVB502EK1rM +xnqsmcO/CY9dMwpJLx2kD9vccgfyJoQ702kZoRaIPfIL8HCpg2SuzS2ah3Fm1zRxP/Q KRrC45/jKtyEVdTaMqlZsL1mGPMmErLdZBIxT/Y2o3tFI3KrlPktBcbiG4DyhU+ehzrG mlQsW3icgPRZ8+NDCSAuMnTBsh5c0mUmcvP24pVFdOkkIQY4aiNHnsGjirdPnERnoBiE h9aA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=4wGT81IyHrl/Fru34JWsTzC/02R+E/sRN0EOjwOfmvk=; b=ZEU8u5VH99A03f2CdPmP4AanyBzlO8YvZ3d84SdzQgFcLh1mIzF3Zpnjk0toh7Jugl b1xqbCPYnHkuz+PNfyCK6cxB0Z4Dij9HyIbDGAEhTNuijkRwYTbvAG9JmGykJ0y2x+PW HfaJtm2nFE1GZ0kFHnGXkB0EthQz1mi6kwb+RBYrIpBAxYQOcg3nefeTBi4jqjwi8Wpb 7Qqzs5GNFlF4UmuX5SujMc7wqyhLSgrToPH5pLbB0G3oU3GqdVV4dDfC58lgpTrtoYia 60Urn5qnR3OVjqOqn+DyHwrkJaBEGu09uBYNdj9505Y6398sZuYUHqfBr8elAeNPR1WX iOZA== X-Gm-Message-State: AMCzsaXrZ2PQEUSTmlJmQbdc329BXVziSw4HN7hCUGDCm57fmM+PwRne 001SNhZx8vY3EcKG6QUmMfs= X-Received: by 10.200.26.90 with SMTP id q26mr23144009qtk.109.1509958730429; Mon, 06 Nov 2017 00:58:50 -0800 (PST) Received: from localhost.localdomain (50-39-103-96.bvtn.or.frontiernet.net. [50.39.103.96]) by smtp.gmail.com with ESMTPSA id r26sm8001094qki.42.2017.11.06.00.58.47 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 06 Nov 2017 00:58:50 -0800 (PST) From: Ram Pai To: mpe@ellerman.id.au, mingo@redhat.com, akpm@linux-foundation.org, corbet@lwn.net, arnd@arndb.de Cc: linuxppc-dev@lists.ozlabs.org, linux-mm@kvack.org, x86@kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, dave.hansen@intel.com, benh@kernel.crashing.org, paulus@samba.org, khandual@linux.vnet.ibm.com, aneesh.kumar@linux.vnet.ibm.com, bsingharora@gmail.com, hbabu@us.ibm.com, mhocko@kernel.org, bauerman@linux.vnet.ibm.com, ebiederm@xmission.com, linuxram@us.ibm.com Subject: [PATCH v9 11/51] powerpc: introduce execute-only pkey Date: Mon, 6 Nov 2017 00:57:03 -0800 Message-Id: <1509958663-18737-12-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1509958663-18737-1-git-send-email-linuxram@us.ibm.com> References: <1509958663-18737-1-git-send-email-linuxram@us.ibm.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch provides the implementation of execute-only pkey. The architecture-independent layer expects the arch-dependent layer, to support the ability to create and enable a special key which has execute-only permission. Acked-by: Balbir Singh Signed-off-by: Ram Pai --- arch/powerpc/include/asm/book3s/64/mmu.h | 1 + arch/powerpc/include/asm/pkeys.h | 8 ++++- arch/powerpc/mm/pkeys.c | 56 ++++++++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 1 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/mmu.h b/arch/powerpc/include/asm/book3s/64/mmu.h index df17fbc..44dbc91 100644 --- a/arch/powerpc/include/asm/book3s/64/mmu.h +++ b/arch/powerpc/include/asm/book3s/64/mmu.h @@ -116,6 +116,7 @@ struct patb_entry { * bit unset -> key available for allocation */ u32 pkey_allocation_map; + s16 execute_only_pkey; /* key holding execute-only protection */ #endif } mm_context_t; diff --git a/arch/powerpc/include/asm/pkeys.h b/arch/powerpc/include/asm/pkeys.h index 0b2d9f0..20d1f0e 100644 --- a/arch/powerpc/include/asm/pkeys.h +++ b/arch/powerpc/include/asm/pkeys.h @@ -128,9 +128,13 @@ static inline int mm_pkey_free(struct mm_struct *mm, int pkey) * Try to dedicate one of the protection keys to be used as an * execute-only protection key. */ +extern int __execute_only_pkey(struct mm_struct *mm); static inline int execute_only_pkey(struct mm_struct *mm) { - return 0; + if (static_branch_likely(&pkey_disabled)) + return -1; + + return __execute_only_pkey(mm); } static inline int arch_override_mprotect_pkey(struct vm_area_struct *vma, @@ -154,6 +158,8 @@ static inline void pkey_mm_init(struct mm_struct *mm) if (static_branch_likely(&pkey_disabled)) return; mm_pkey_allocation_map(mm) = initial_allocation_mask; + /* -1 means unallocated or invalid */ + mm->context.execute_only_pkey = -1; } extern void thread_pkey_regs_save(struct thread_struct *thread); diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c index 469f370..5da94fe 100644 --- a/arch/powerpc/mm/pkeys.c +++ b/arch/powerpc/mm/pkeys.c @@ -247,3 +247,59 @@ void thread_pkey_regs_init(struct thread_struct *thread) write_iamr(read_iamr() & pkey_iamr_mask); write_uamor(read_uamor() & pkey_amr_uamor_mask); } + +static inline bool pkey_allows_readwrite(int pkey) +{ + int pkey_shift = pkeyshift(pkey); + + if (!is_pkey_enabled(pkey)) + return true; + + return !(read_amr() & ((AMR_RD_BIT|AMR_WR_BIT) << pkey_shift)); +} + +int __execute_only_pkey(struct mm_struct *mm) +{ + bool need_to_set_mm_pkey = false; + int execute_only_pkey = mm->context.execute_only_pkey; + int ret; + + /* Do we need to assign a pkey for mm's execute-only maps? */ + if (execute_only_pkey == -1) { + /* Go allocate one to use, which might fail */ + execute_only_pkey = mm_pkey_alloc(mm); + if (execute_only_pkey < 0) + return -1; + need_to_set_mm_pkey = true; + } + + /* + * We do not want to go through the relatively costly dance to set AMR + * if we do not need to. Check it first and assume that if the + * execute-only pkey is readwrite-disabled than we do not have to set it + * ourselves. + */ + if (!need_to_set_mm_pkey && !pkey_allows_readwrite(execute_only_pkey)) + return execute_only_pkey; + + /* + * Set up AMR so that it denies access for everything other than + * execution. + */ + ret = __arch_set_user_pkey_access(current, execute_only_pkey, + PKEY_DISABLE_ACCESS | + PKEY_DISABLE_WRITE); + /* + * If the AMR-set operation failed somehow, just return 0 and + * effectively disable execute-only support. + */ + if (ret) { + mm_pkey_free(mm, execute_only_pkey); + return -1; + } + + /* We got one, store it and use it from here on out */ + if (need_to_set_mm_pkey) + mm->context.execute_only_pkey = execute_only_pkey; + return execute_only_pkey; +} -- 1.7.1 From 1583309598365649608@xxx Mon Nov 06 09:48:18 +0000 2017 X-GM-THRID: 1583309598365649608 X-Gmail-Labels: Inbox,Category Promotions,HistoricalUnread