From patchwork Thu Feb 21 09:35:55 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Russell Currey <ruscur@russell.cc>
X-Patchwork-Id: 10823375
Return-Path: 
 <kernel-hardening-return-15320-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
 [172.30.200.125])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CE60A1399
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 21 Feb 2019 09:36:48 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B89202EDE5
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 21 Feb 2019 09:36:48 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id A9D0E3024E; Thu, 21 Feb 2019 09:36:48 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham
	version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id C757E2EDE5
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
 Thu, 21 Feb 2019 09:36:47 +0000 (UTC)
Received: (qmail 24102 invoked by uid 550); 21 Feb 2019 09:36:40 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 23929 invoked from network); 21 Feb 2019 09:36:39 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=russell.cc; h=
	from:to:cc:subject:date:message-id:in-reply-to:references
	:mime-version:content-transfer-encoding; s=fm1; bh=1P63kGbsVFuBa
	K0rcVbu5M1YQbbnh/BjZjuVOGJYTNI=; b=mZrKumfVa2+7bNZwSu1mrxL7Ni1Cm
	xOBglVrEyzV+vMoIC++PFLxpCNqM+H4yyczyg1K9vHD2F610zTkF6DlG5zssDJQ5
	opVTP1RMv+Qb4YnHTJVqZVE9kSksxtIoqGGKFnDUyPjWJCQKe4piKSzdcSNCTYUd
	SCmx88QZLvMxX3H5IBY0lvVu/W1wq5bPsnl3G+iaPmsnjfeVGQo0p4UgLWjHTvpw
	bJz46Vx+QuAvAIdLstudNIgdi4+8b/FGQCUnWWPUIR9mGwuSJp1QKlsOP1JREAiP
	lymEJ1V9eZZhZn7JNUdouH7QFSjcPPbJvLh2lvbWrKSzIFeDAVJYr+5Ag==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:date:from
	:in-reply-to:message-id:mime-version:references:subject:to
	:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=
	fm2; bh=1P63kGbsVFuBaK0rcVbu5M1YQbbnh/BjZjuVOGJYTNI=; b=aele8Py0
	V5KPOLwis9IYSxZVdGLAJxumr6YDqFbDPAH1RrrtceUwnSLRlKKyNmbjxnBKcQgX
	pOAbzjsNR3Ep3ucPZUfkn+Ee0Sdopc65yQsaCgoHzxQE2u+stJ2jIawdY0ZnLZ/Q
	J6Zr+yDsqO+wBy+UbEESruoryC3dQ1Fff1hqFij+TpLEUOiPIa7b9FfPsmm9Bg2z
	jksYEKrPNbxVs1MkonGMQPQQCZcabMKgAIYKydvn2QtOKENlSh311SGiGBRGRacl
	knWcD4SXm9E8IZ3RNj0KSITx9FYM7n0rbllxug6CIqjgBoTH58bRZgvB91sdVMIT
	Dg11OuvHyCdN+w==
X-ME-Sender: <xms:G3FuXGsLBSO5zUB8N_IMQWo4Q73dGhOvOYdotiF-rGnQA-MHhoJV-g>
X-ME-Proxy-Cause: 
 gggruggvucftvghtrhhoucdtuddrgedutddrtdekgddtjeculddtuddrgedtledrtddtmd
    cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen
    uceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffucdlfedtmdenucfjughrpefhvf
    fufffkofgjfhgggfestdekredtredttdenucfhrhhomheptfhushhsvghllhcuvehurhhr
    vgihuceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecukfhppeduvddvrdelledrke
    dvrddutdenucfrrghrrghmpehmrghilhhfrhhomheprhhushgtuhhrsehruhhsshgvlhhl
    rdgttgenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:G3FuXHJMD1ed43XO0X_pNvLdiwwo66oBzblMdcS2mv7SWTgiVk2qNQ>
    <xmx:G3FuXFaWhd9-8XapSPemx1maF5mSH9ZCODvSd72qtPvlUrUhLrKF3A>
    <xmx:G3FuXBcVPEmOBEJm0TurGyshZN3KawzEb5RX7GmPHsJuytAQ_mLgJw>
    <xmx:G3FuXEmm5lOQ54zr3X5wdnA-vEqyX7Pmh8e2O96iIZal3Y9O5hWX6g>
From: Russell Currey <ruscur@russell.cc>
To: linuxppc-dev@lists.ozlabs.org
Cc: mpe@ellerman.id.au,
	npiggin@gmail.com,
	christophe.leroy@c-s.fr,
	kernel-hardening@lists.openwall.com,
	Russell Currey <ruscur@russell.cc>
Subject: [PATCH 1/7] powerpc: Add framework for Kernel Userspace Protection
Date: Thu, 21 Feb 2019 20:35:55 +1100
Message-Id: <20190221093601.27920-2-ruscur@russell.cc>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190221093601.27920-1-ruscur@russell.cc>
References: <20190221093601.27920-1-ruscur@russell.cc>
MIME-Version: 1.0
X-Virus-Scanned: ClamAV using ClamSMTP

From: Christophe Leroy <christophe.leroy@c-s.fr>

This patch adds a skeleton for Kernel Userspace Protection
functionnalities like Kernel Userspace Access Protection and
Kernel Userspace Execution Prevention

The subsequent implementation of KUAP for radix makes use of a MMU
feature in order to patch out assembly when KUAP is disabled or
unsupported.  This won't work unless there's an entry point for
KUP support before the feature magic happens, so for PPC64
setup_kup() is called early in setup.

On PPC32, feature_fixup is done too early to allow the same.

Suggested-by: Russell Currey <ruscur@russell.cc>
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
---
 arch/powerpc/include/asm/kup.h | 11 +++++++++++
 arch/powerpc/kernel/setup_64.c |  7 +++++++
 arch/powerpc/mm/init-common.c  |  5 +++++
 arch/powerpc/mm/init_32.c      |  3 +++
 4 files changed, 26 insertions(+)
 create mode 100644 arch/powerpc/include/asm/kup.h

diff --git a/arch/powerpc/include/asm/kup.h b/arch/powerpc/include/asm/kup.h
new file mode 100644
index 000000000000..7a88b8b9b54d
--- /dev/null
+++ b/arch/powerpc/include/asm/kup.h
@@ -0,0 +1,11 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _ASM_POWERPC_KUP_H_
+#define _ASM_POWERPC_KUP_H_
+
+#ifndef __ASSEMBLY__
+
+void setup_kup(void);
+
+#endif /* !__ASSEMBLY__ */
+
+#endif /* _ASM_POWERPC_KUP_H_ */
diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c
index 236c1151a3a7..771f280a6bf6 100644
--- a/arch/powerpc/kernel/setup_64.c
+++ b/arch/powerpc/kernel/setup_64.c
@@ -68,6 +68,7 @@
 #include <asm/cputhreads.h>
 #include <asm/hw_irq.h>
 #include <asm/feature-fixups.h>
+#include <asm/kup.h>
 
 #include "setup.h"
 
@@ -331,6 +332,12 @@ void __init early_setup(unsigned long dt_ptr)
 	 */
 	configure_exceptions();
 
+	/*
+	 * Configure Kernel Userspace Protection. This needs to happen before
+	 * feature fixups for platforms that implement this using features.
+	 */
+	setup_kup();
+
 	/* Apply all the dynamic patching */
 	apply_feature_fixups();
 	setup_feature_keys();
diff --git a/arch/powerpc/mm/init-common.c b/arch/powerpc/mm/init-common.c
index 1e6910eb70ed..36d28e872289 100644
--- a/arch/powerpc/mm/init-common.c
+++ b/arch/powerpc/mm/init-common.c
@@ -24,6 +24,11 @@
 #include <linux/string.h>
 #include <asm/pgalloc.h>
 #include <asm/pgtable.h>
+#include <asm/kup.h>
+
+void __init setup_kup(void)
+{
+}
 
 #define CTOR(shift) static void ctor_##shift(void *addr) \
 {							\
diff --git a/arch/powerpc/mm/init_32.c b/arch/powerpc/mm/init_32.c
index 3e59e5d64b01..93cfa8cf015d 100644
--- a/arch/powerpc/mm/init_32.c
+++ b/arch/powerpc/mm/init_32.c
@@ -45,6 +45,7 @@
 #include <asm/tlb.h>
 #include <asm/sections.h>
 #include <asm/hugetlb.h>
+#include <asm/kup.h>
 
 #include "mmu_decl.h"
 
@@ -182,6 +183,8 @@ void __init MMU_init(void)
 	btext_unmap();
 #endif
 
+	setup_kup();
+
 	/* Shortly after that, the entire linear mapping will be available */
 	memblock_set_current_limit(lowmem_end_addr);
 }