From patchwork Thu Feb 21 09:35:56 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russell Currey X-Patchwork-Id: 10823377 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3C9E41399 for ; Thu, 21 Feb 2019 09:36:56 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2A4EE2EDE5 for ; Thu, 21 Feb 2019 09:36:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 1DEF13024E; Thu, 21 Feb 2019 09:36:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 3A98F2EDE5 for ; Thu, 21 Feb 2019 09:36:55 +0000 (UTC) Received: (qmail 24367 invoked by uid 550); 21 Feb 2019 09:36:42 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 24250 invoked from network); 21 Feb 2019 09:36:41 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=russell.cc; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm1; bh=UvbkjLtYKPplW i/wSoDRqcrNNJcp1cO+Ue+axzxXrbY=; b=Rc2huHv3Vgs6QMUQHYObfW2jnfPhB xR4Y3LjrVdKqE9gy3/3lzE3KRRh7OYsh9+HaY5Xot6XXT+nCfI+1mpF3hcS7ue+A KCXDA7Jps90EZoMfVqmVavAT7MnwYPwd5zG2jh0X+kmkI6nDVQxdrjtMe3c8KseC uslYj73oJuEauUWJcPikOU2Y2hbRAnNpaEiRojRsi9oTgz4bFrKbca/5FewcfpbF IEwGlS2r95s420HK0z7KSUM0rTaOMqh5ZJdcfKIYSGWrt1Zw1ptvGa4phaoE/wo9 gi2H9sSPnIMJMmcfsoS19ASD2ezzBtqG9DFnb7TKjma6uJgA6tu3VuzCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=UvbkjLtYKPplWi/wSoDRqcrNNJcp1cO+Ue+axzxXrbY=; b=V8g+6uY4 KVyeJvJlwH/FE51CvhXWhN+mRtXfBjhr1U6c5XaSYD5FP+T1hDamsnn3Oio/C2vy 2tibpC3gbDApDzH9bIOXWXV1MpRKCbO2W4QYn44+ydZ0r2BhaGDzxtXEdSkNZym4 qqsPT7jt8kPcNI2XELQ5KVg7rMsq53QS5FG4axO48MkTSGRXi3mtLgaADxWFi7uG sbJSYDpYVFG/3AF1QwXWepkHyu5HT5/1inGV/Pqe/v1EyEm2QYtaOqkVGtMlZv9U MLqAcNQum2MdWMUV3Bprl+L76ek4y5PXr7B61pF5/mSfZLeKwr8M0OoIPuw1w8KQ lZyQCPITH9OnLQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdekgddtjeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffucdlfedtmdenucfjughrpefhvf fufffkofgjfhgggfestdekredtredttdenucfhrhhomheptfhushhsvghllhcuvehurhhr vgihuceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecukfhppeduvddvrdelledrke dvrddutdenucfrrghrrghmpehmrghilhhfrhhomheprhhushgtuhhrsehruhhsshgvlhhl rdgttgenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: From: Russell Currey To: linuxppc-dev@lists.ozlabs.org Cc: mpe@ellerman.id.au, npiggin@gmail.com, christophe.leroy@c-s.fr, kernel-hardening@lists.openwall.com Subject: [PATCH 2/7] powerpc: Add skeleton for Kernel Userspace Execution Prevention Date: Thu, 21 Feb 2019 20:35:56 +1100 Message-Id: <20190221093601.27920-3-ruscur@russell.cc> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221093601.27920-1-ruscur@russell.cc> References: <20190221093601.27920-1-ruscur@russell.cc> MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP From: Christophe Leroy This patch adds a skeleton for Kernel Userspace Execution Prevention. Then subarches implementing it have to define CONFIG_PPC_HAVE_KUEP and provide setup_kuep() function. Signed-off-by: Christophe Leroy --- Documentation/admin-guide/kernel-parameters.txt | 2 +- arch/powerpc/include/asm/kup.h | 6 ++++++ arch/powerpc/mm/fault.c | 3 ++- arch/powerpc/mm/init-common.c | 11 +++++++++++ arch/powerpc/platforms/Kconfig.cputype | 12 ++++++++++++ 5 files changed, 32 insertions(+), 2 deletions(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 858b6c0b9a15..8448a56a9eb9 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2812,7 +2812,7 @@ Disable SMAP (Supervisor Mode Access Prevention) even if it is supported by processor. - nosmep [X86] + nosmep [X86,PPC] Disable SMEP (Supervisor Mode Execution Prevention) even if it is supported by processor. diff --git a/arch/powerpc/include/asm/kup.h b/arch/powerpc/include/asm/kup.h index 7a88b8b9b54d..af4b5f854ca4 100644 --- a/arch/powerpc/include/asm/kup.h +++ b/arch/powerpc/include/asm/kup.h @@ -6,6 +6,12 @@ void setup_kup(void); +#ifdef CONFIG_PPC_KUEP +void setup_kuep(bool disabled); +#else +static inline void setup_kuep(bool disabled) { } +#endif + #endif /* !__ASSEMBLY__ */ #endif /* _ASM_POWERPC_KUP_H_ */ diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c index 887f11bcf330..ad65e336721a 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -230,8 +230,9 @@ static bool bad_kernel_fault(bool is_exec, unsigned long error_code, if (is_exec && (error_code & (DSISR_NOEXEC_OR_G | DSISR_KEYFAULT | DSISR_PROTFAULT))) { printk_ratelimited(KERN_CRIT "kernel tried to execute" - " exec-protected page (%lx) -" + " %s page (%lx) -" "exploit attempt? (uid: %d)\n", + address >= TASK_SIZE ? "exec-protected" : "user", address, from_kuid(&init_user_ns, current_uid())); } diff --git a/arch/powerpc/mm/init-common.c b/arch/powerpc/mm/init-common.c index 36d28e872289..83f95a5565d6 100644 --- a/arch/powerpc/mm/init-common.c +++ b/arch/powerpc/mm/init-common.c @@ -26,8 +26,19 @@ #include #include +static bool disable_kuep = !IS_ENABLED(CONFIG_PPC_KUEP); + +static int __init parse_nosmep(char *p) +{ + disable_kuep = true; + pr_warn("Disabling Kernel Userspace Execution Prevention\n"); + return 0; +} +early_param("nosmep", parse_nosmep); + void __init setup_kup(void) { + setup_kuep(disable_kuep); } #define CTOR(shift) static void ctor_##shift(void *addr) \ diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype index 8c7464c3f27f..410c3443652c 100644 --- a/arch/powerpc/platforms/Kconfig.cputype +++ b/arch/powerpc/platforms/Kconfig.cputype @@ -339,6 +339,18 @@ config PPC_RADIX_MMU_DEFAULT If you're unsure, say Y. +config PPC_HAVE_KUEP + bool + +config PPC_KUEP + bool "Kernel Userspace Execution Prevention" + depends on PPC_HAVE_KUEP + default y + help + Enable support for Kernel Userspace Execution Prevention (KUEP) + + If you're unsure, say Y. + config ARCH_ENABLE_HUGEPAGE_MIGRATION def_bool y depends on PPC_BOOK3S_64 && HUGETLB_PAGE && MIGRATION