Commit fcf9bb6d authored by Christophe Leroy's avatar Christophe Leroy Committed by Michael Ellerman
Browse files

powerpc/kuap: Wire-up KUAP on 40x 



This adds KUAP support to 40x. This is done by checking
the content of SPRN_PID at the time user pgtable is loaded.

40x doesn't have KUEP, but KUAP implies KUEP because when the
PID doesn't match the page's PID, the page cannot be read nor
executed.

So KUEP is now automatically selected when KUAP is selected and
disabled when KUAP is disabled.

Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/aaefa91897ddc42ac11019dc0e1d1a525bd08e90.1634627931.git.christophe.leroy@csgroup.eu
parent f6fad4fb

arch/powerpc/kernel/head_40x.S

+8 −0
Original line number Original line Diff line number Diff line
@@ -298,6 +298,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt) 
3:

3:

	mfspr	r11,SPRN_SPRG_THREAD

	mfspr	r11,SPRN_SPRG_THREAD

	lwz	r11,PGDIR(r11)

	lwz	r11,PGDIR(r11)

#ifdef CONFIG_PPC_KUAP

	rlwinm.	r9, r9, 0, 0xff

	beq	5f			/* Kuap fault */

#endif

4:

4:

	tophys(r11, r11)

	tophys(r11, r11)

	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */

	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */
@@ -378,6 +382,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt) 
3:

3:

	mfspr	r11,SPRN_SPRG_THREAD

	mfspr	r11,SPRN_SPRG_THREAD

	lwz	r11,PGDIR(r11)

	lwz	r11,PGDIR(r11)

#ifdef CONFIG_PPC_KUAP

	rlwinm.	r9, r9, 0, 0xff

	beq	5f			/* Kuap fault */

#endif

4:

4:

	tophys(r11, r11)

	tophys(r11, r11)

	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */

	rlwimi	r11, r10, 12, 20, 29	/* Create L1 (pgdir/pmd) address */

arch/powerpc/mm/nohash/kup.c

+2 −0
Original line number Original line Diff line number Diff line
@@ -19,6 +19,8 @@ EXPORT_SYMBOL(disable_kuap_key); 
void setup_kuap(bool disabled)

void setup_kuap(bool disabled)

{

{

	if (disabled) {

	if (disabled) {

		if (IS_ENABLED(CONFIG_40x))

			disable_kuep = true;

		if (smp_processor_id() == boot_cpuid)

		if (smp_processor_id() == boot_cpuid)

			static_branch_enable(&disable_kuap_key);

			static_branch_enable(&disable_kuap_key);

		return;

		return;

arch/powerpc/platforms/Kconfig.cputype

+5 −2
Original line number Original line Diff line number Diff line
@@ -54,6 +54,9 @@ config 40x 
	select PPC_UDBG_16550

	select PPC_UDBG_16550

	select 4xx_SOC

	select 4xx_SOC

	select HAVE_PCI

	select HAVE_PCI

	select PPC_HAVE_KUAP

	select PPC_HAVE_KUEP

	select PPC_KUEP if PPC_KUAP





config 44x

config 44x

	bool "AMCC 44x, 46x or 47x"

	bool "AMCC 44x, 46x or 47x"
@@ -425,9 +428,9 @@ config PPC_HAVE_KUEP 
	bool

	bool





config PPC_KUEP

config PPC_KUEP

	bool "Kernel Userspace Execution Prevention"

	bool "Kernel Userspace Execution Prevention" if !40x

	depends on PPC_HAVE_KUEP

	depends on PPC_HAVE_KUEP

	default y

	default y if !40x

	help

	help

	  Enable support for Kernel Userspace Execution Prevention (KUEP)

	  Enable support for Kernel Userspace Execution Prevention (KUEP)