From patchwork Thu Feb 21 09:35:59 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russell Currey X-Patchwork-Id: 10823383 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 863CD1390 for ; Thu, 21 Feb 2019 09:37:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 75FC42EDE5 for ; Thu, 21 Feb 2019 09:37:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 69E433025A; Thu, 21 Feb 2019 09:37:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 97E322EDE5 for ; Thu, 21 Feb 2019 09:37:21 +0000 (UTC) Received: (qmail 26372 invoked by uid 550); 21 Feb 2019 09:36:51 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 26261 invoked from network); 21 Feb 2019 09:36:50 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=russell.cc; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=fm1; bh=W9af/3OISCb3J Rn+pdEMmCl8rnXCvaXdCKyI6HzDcso=; b=xabn7bvkUlTUbsQPTJYEYSrOqSGy/ S6b5K17DXCkkrZQC/mFTlqaaz6od6m8OthQZ6Fm7UqQ6KTSigsq8ptmSBfhJTC5G wRRxdWvPEgrundvVXwUa7KqYerW5nCgLRT6bTsFejpNWmVEr8I3dge8+iKtTyREr lOPSImO9KDQiCb4HxTiOa42cFVje8Ph+fnGnaQTWCFWBU0XItFRDFSW6pVQJdrp5 Ee2htyqFUPXG13O4II2cVwhtm2DVXz96TLoDBXClVnsCeDHlFSbHGnsF6b7oLYLL IGH/niHls+XI/VDhqVrv38NhpaEdBs0HWHOjrVGtpcORtvFnRCbo7Ujpw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; bh=W9af/3OISCb3JRn+pdEMmCl8rnXCvaXdCKyI6HzDcso=; b=2S0Nrp/K sFPCCY0i9OiPEThSOt5cfYZrFCieE1fISZZGVtoh35/zMbTZFWy7CWoWXP9ut1MV 2lU+1hes7NH+Vr3Wt7WqMx5wlp4tzQvFda4g8niMJk7XwmM2IDZw5pExYf0/Rip6 YzpwUS/UNd4KwQZvzgKn8QAfA3fQSwsJLm+2Cf5TWZa5Zle5X+9u2pluGUW/yYQ7 ulsufCR4uNaXC57L9lJUL/9PIWnHyHMhCFSaxDkIVab5PJSPHgTDnjtcdZ4ctRWE ryTArJ3/gvxtIM/dLY60vRDU7lvRf8OVi+2BKuFnQJ/TyrjH6bRV7QTFi82iprHo QlC2zL5ookTfdw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdekgddtjeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucgfrhhlucfvnfffucdlfedtmdenucfjughrpefhvf fufffkofgjfhgggfestdekredtredttdenucfhrhhomheptfhushhsvghllhcuvehurhhr vgihuceorhhushgtuhhrsehruhhsshgvlhhlrdgttgeqnecukfhppeduvddvrdelledrke dvrddutdenucfrrghrrghmpehmrghilhhfrhhomheprhhushgtuhhrsehruhhsshgvlhhl rdgttgenucevlhhushhtvghrufhiiigvpeef X-ME-Proxy: From: Russell Currey To: linuxppc-dev@lists.ozlabs.org Cc: mpe@ellerman.id.au, npiggin@gmail.com, christophe.leroy@c-s.fr, kernel-hardening@lists.openwall.com, Russell Currey Subject: [PATCH 5/7] powerpc/mm/radix: Use KUEP API for Radix MMU Date: Thu, 21 Feb 2019 20:35:59 +1100 Message-Id: <20190221093601.27920-6-ruscur@russell.cc> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190221093601.27920-1-ruscur@russell.cc> References: <20190221093601.27920-1-ruscur@russell.cc> MIME-Version: 1.0 X-Virus-Scanned: ClamAV using ClamSMTP Execution protection already exists on radix, this just refactors the radix init to provide the KUEP setup function instead. Thus, the only functional change is that it can now be disabled. Signed-off-by: Russell Currey --- arch/powerpc/mm/pgtable-radix.c | 12 +++++++++--- arch/powerpc/platforms/Kconfig.cputype | 1 + 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c index 931156069a81..224bcd4be5ae 100644 --- a/arch/powerpc/mm/pgtable-radix.c +++ b/arch/powerpc/mm/pgtable-radix.c @@ -535,8 +535,15 @@ static void radix_init_amor(void) mtspr(SPRN_AMOR, (3ul << 62)); } -static void radix_init_iamr(void) +#ifdef CONFIG_PPC_KUEP +void __init setup_kuep(bool disabled) { + if (disabled || !early_radix_enabled()) + return; + + if (smp_processor_id() == boot_cpuid) + pr_info("Activating Kernel Userspace Execution Prevention\n"); + /* * Radix always uses key0 of the IAMR to determine if an access is * allowed. We set bit 0 (IBM bit 1) of key0, to prevent instruction @@ -544,6 +551,7 @@ static void radix_init_iamr(void) */ mtspr(SPRN_IAMR, (1ul << 62)); } +#endif void __init radix__early_init_mmu(void) { @@ -605,7 +613,6 @@ void __init radix__early_init_mmu(void) memblock_set_current_limit(MEMBLOCK_ALLOC_ANYWHERE); - radix_init_iamr(); radix_init_pgtable(); /* Switch to the guard PID before turning on MMU */ radix__switch_mmu_context(NULL, &init_mm); @@ -627,7 +634,6 @@ void radix__early_init_mmu_secondary(void) __pa(partition_tb) | (PATB_SIZE_SHIFT - 12)); radix_init_amor(); } - radix_init_iamr(); radix__switch_mmu_context(NULL, &init_mm); if (cpu_has_feature(CPU_FTR_HVMODE)) diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype index 7fa5ddbdce12..25cc7d36b27d 100644 --- a/arch/powerpc/platforms/Kconfig.cputype +++ b/arch/powerpc/platforms/Kconfig.cputype @@ -320,6 +320,7 @@ config PPC_RADIX_MMU bool "Radix MMU Support" depends on PPC_BOOK3S_64 select ARCH_HAS_GIGANTIC_PAGE if (MEMORY_ISOLATION && COMPACTION) || CMA + select PPC_HAVE_KUEP default y help Enable support for the Power ISA 3.0 Radix style MMU. Currently this