summaryrefslogtreecommitdiffstats
path: root/arch
diff options
context:
space:
mode:
authorChristophe Leroy <christophe.leroy@csgroup.eu>2021-10-19 09:29:30 +0200
committerMichael Ellerman <mpe@ellerman.id.au>2021-12-09 22:41:20 +1100
commitfcf9bb6d32f8a268bc3daf3281e3beefabec4e7c (patch)
tree65270cd8f92d4809d2e073cb07da6897ce55bcd8 /arch
parentf6fad4fb55936f0d613cea08341d187d691d6440 (diff)
downloadlinux-fcf9bb6d32f8a268bc3daf3281e3beefabec4e7c.tar.bz2
powerpc/kuap: Wire-up KUAP on 40x
This adds KUAP support to 40x. This is done by checking the content of SPRN_PID at the time user pgtable is loaded. 40x doesn't have KUEP, but KUAP implies KUEP because when the PID doesn't match the page's PID, the page cannot be read nor executed. So KUEP is now automatically selected when KUAP is selected and disabled when KUAP is disabled. Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/aaefa91897ddc42ac11019dc0e1d1a525bd08e90.1634627931.git.christophe.leroy@csgroup.eu
Diffstat (limited to 'arch')
-rw-r--r--arch/powerpc/kernel/head_40x.S8
-rw-r--r--arch/powerpc/mm/nohash/kup.c2
-rw-r--r--arch/powerpc/platforms/Kconfig.cputype7
3 files changed, 15 insertions, 2 deletions
diff --git a/arch/powerpc/kernel/head_40x.S b/arch/powerpc/kernel/head_40x.S
index e783860bea83..b6c6d1de5fd5 100644
--- a/arch/powerpc/kernel/head_40x.S
+++ b/arch/powerpc/kernel/head_40x.S
@@ -298,6 +298,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt)
3:
mfspr r11,SPRN_SPRG_THREAD
lwz r11,PGDIR(r11)
+#ifdef CONFIG_PPC_KUAP
+ rlwinm. r9, r9, 0, 0xff
+ beq 5f /* Kuap fault */
+#endif
4:
tophys(r11, r11)
rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
@@ -378,6 +382,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt)
3:
mfspr r11,SPRN_SPRG_THREAD
lwz r11,PGDIR(r11)
+#ifdef CONFIG_PPC_KUAP
+ rlwinm. r9, r9, 0, 0xff
+ beq 5f /* Kuap fault */
+#endif
4:
tophys(r11, r11)
rlwimi r11, r10, 12, 20, 29 /* Create L1 (pgdir/pmd) address */
diff --git a/arch/powerpc/mm/nohash/kup.c b/arch/powerpc/mm/nohash/kup.c
index eaea52231dd6..552becf90e97 100644
--- a/arch/powerpc/mm/nohash/kup.c
+++ b/arch/powerpc/mm/nohash/kup.c
@@ -19,6 +19,8 @@ EXPORT_SYMBOL(disable_kuap_key);
void setup_kuap(bool disabled)
{
if (disabled) {
+ if (IS_ENABLED(CONFIG_40x))
+ disable_kuep = true;
if (smp_processor_id() == boot_cpuid)
static_branch_enable(&disable_kuap_key);
return;
diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index 3f00e75edf70..95e034e061c2 100644
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -54,6 +54,9 @@ config 40x
select PPC_UDBG_16550
select 4xx_SOC
select HAVE_PCI
+ select PPC_HAVE_KUAP
+ select PPC_HAVE_KUEP
+ select PPC_KUEP if PPC_KUAP
config 44x
bool "AMCC 44x, 46x or 47x"
@@ -425,9 +428,9 @@ config PPC_HAVE_KUEP
bool
config PPC_KUEP
- bool "Kernel Userspace Execution Prevention"
+ bool "Kernel Userspace Execution Prevention" if !40x
depends on PPC_HAVE_KUEP
- default y
+ default y if !40x
help
Enable support for Kernel Userspace Execution Prevention (KUEP)