From patchwork Thu Nov 22 14:04:15 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Russell Currey <ruscur@russell.cc>
X-Patchwork-Id: 10694413
Return-Path: 
 <kernel-hardening-return-14506-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E527514BD
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 22 Nov 2018 15:29:40 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D2A852C549
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 22 Nov 2018 15:29:40 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C6CEF2CEAE; Thu, 22 Nov 2018 15:29:40 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 0395E2C549
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 22 Nov 2018 15:29:39 +0000 (UTC)
Received: (qmail 15755 invoked by uid 550); 22 Nov 2018 15:29:32 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Delivered-To: moderator for kernel-hardening@lists.openwall.com
Received: (qmail 17821 invoked from network); 22 Nov 2018 14:04:31 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:date:from
	:in-reply-to:message-id:mime-version:references:subject:to
	:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm1; bh=+owCQ/BgGKcmfDfjWjzum1ZzRQ3m2sjfxrqTBYasJMg=; b=mMTNnWp3
	Bwx9ouhe+EpM8J+UtooXXSEgkUyUi9TcVySsfwV5k+kLWtCALS4XHekWd5r+bC2V
	MrLWsdsd24fkoA0DIryobwBXtv2XFJAxgiQhOXI0zdLAiN5UlhRv/l+Y6odRfFM+
	86W7ZS5FX+EHpqxl1v9+Y/sUGYfd0IwHDM2Jt3NTv9UPQGMZsxZEoUDPibb9qD/w
	I8JRJQtJjback7wmKMtDlCGY3+Tu+5AHJBLrHMAgV+d1qESTPl2Ml7617EniFctV
	JZcqmFgNsdHyia6ukYCnUJ0QpJY/xadiMH/zw6Q5FYHmWhUer8N/6Sonj3hw4cMY
	J4fYOLWuPj0riQ==
X-ME-Sender: <xms:Yrf2W4xtwIpKAsVMHqHj7mRzYjputSFjw-zZewqfT13vnNfTBxdGxw>
X-ME-Proxy: <xmx:Yrf2W_w2XE94jc3gyS_-5JXQL_qMJa4OlLARs6ce2jWrNZGWlBPOKQ>
    <xmx:Yrf2W71kdb5qEMV9YuZG5QcCWhxF3rOKbRRqkS6e9fRNT17BX0bJBw>
    <xmx:Yrf2W2cympX76VNBHitAiXTYGJ9EBy5wFnPgpiHv9r3zkRZkVTuOlg>
    <xmx:Yrf2WwWRn0dL3pMhUGLM3d_rhsihSur82pSeqhoHugrS1ngT3RKbTg>
    <xmx:Yrf2W-9RDGk4Ujguvlvb8qGKBNXA4BMFx3n_kv3lQc86neWPGzOcag>
    <xmx:Yrf2W-St0g89C46JznitADUf4imyvr38USa9yLipW3ftUilF6N-4Rg>
From: Russell Currey <ruscur@russell.cc>
To: linuxppc-dev@lists.ozlabs.org
Cc: mpe@ellerman.id.au,
	benh@kernel.crashing.org,
	kernel-hardening@lists.openwall.com,
	christophe.leroy@c-s.fr,
	Russell Currey <ruscur@russell.cc>
Subject: [PATCH 3/4] powerpc/mm/radix: Use KUEP API for Radix MMU
Date: Fri, 23 Nov 2018 01:04:15 +1100
Message-Id: <20181122140416.3447-4-ruscur@russell.cc>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181122140416.3447-1-ruscur@russell.cc>
References: <20181122140416.3447-1-ruscur@russell.cc>
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP

Execution protection already exists on radix, this just refactors
the radix init to provide the KUEP setup function instead.

Thus, the only functional change is that it can now be disabled.

Signed-off-by: Russell Currey <ruscur@russell.cc>
---
 arch/powerpc/mm/pgtable-radix.c        | 9 ++++++---
 arch/powerpc/platforms/Kconfig.cputype | 1 +
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c
index 931156069a81..f08a459b4255 100644
--- a/arch/powerpc/mm/pgtable-radix.c
+++ b/arch/powerpc/mm/pgtable-radix.c
@@ -535,8 +535,13 @@ static void radix_init_amor(void)
 	mtspr(SPRN_AMOR, (3ul << 62));
 }
 
-static void radix_init_iamr(void)
+void setup_kuep(bool disabled)
 {
+	if (disabled)
+		return;
+
+	pr_warn("Activating Kernel Userspace Execution Prevention\n");
+
 	/*
 	 * Radix always uses key0 of the IAMR to determine if an access is
 	 * allowed. We set bit 0 (IBM bit 1) of key0, to prevent instruction
@@ -605,7 +610,6 @@ void __init radix__early_init_mmu(void)
 
 	memblock_set_current_limit(MEMBLOCK_ALLOC_ANYWHERE);
 
-	radix_init_iamr();
 	radix_init_pgtable();
 	/* Switch to the guard PID before turning on MMU */
 	radix__switch_mmu_context(NULL, &init_mm);
@@ -627,7 +631,6 @@ void radix__early_init_mmu_secondary(void)
 		      __pa(partition_tb) | (PATB_SIZE_SHIFT - 12));
 		radix_init_amor();
 	}
-	radix_init_iamr();
 
 	radix__switch_mmu_context(NULL, &init_mm);
 	if (cpu_has_feature(CPU_FTR_HVMODE))
diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index a20669a9ec13..e6831d0ec159 100644
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -334,6 +334,7 @@ config PPC_RADIX_MMU
 	bool "Radix MMU Support"
 	depends on PPC_BOOK3S_64
 	select ARCH_HAS_GIGANTIC_PAGE if (MEMORY_ISOLATION && COMPACTION) || CMA
+	select PPC_HAVE_KUEP
 	default y
 	help
 	  Enable support for the Power ISA 3.0 Radix style MMU. Currently this