Commit 13dac4e3 authored by Christophe Leroy's avatar Christophe Leroy Committed by Michael Ellerman
Browse files

powerpc/8xx: Activate KUEP at all time 



On the 8xx, there is absolutely no runtime impact with KUEP. Protection
against execution of user code in kernel mode is set up at boot time
by configuring the groups with contain all user pages as having swapped
protection rights, in extenso EX for user and NA for supervisor.

Configure KUEP at startup and force selection of CONFIG_PPC_KUEP.

Signed-off-by: default avatarChristophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/2129e86944323ffe9ed07fffbeafdfd2e363690a.1634627931.git.christophe.leroy@csgroup.eu
parent 6c1fa60d

arch/powerpc/include/asm/nohash/32/mmu-8xx.h

+2 −4
Original line number Diff line number Diff line
@@ -39,12 +39,10 @@ 
 * 0 => Kernel => 11 (all accesses performed according as user iaw page definition)

 * 1 => Kernel+Accessed => 01 (all accesses performed according to page definition)

 * 2 => User => 11 (all accesses performed according as user iaw page definition)

 * 3 => User+Accessed => 00 (all accesses performed as supervisor iaw page definition) for INIT

 *                    => 10 (all accesses performed according to swaped page definition) for KUEP

 * 3 => User+Accessed => 10 (all accesses performed according to swaped page definition) for KUEP

 * 4-15 => Not Used

 */

#define MI_APG_INIT	0xdc000000

#define MI_APG_KUEP	0xde000000

#define MI_APG_INIT	0xde000000



/* The effective page number register.  When read, contains the information

 * about the last instruction TLB miss.  When MI_RPN is written, bits in

arch/powerpc/mm/nohash/8xx.c

+0 −5
Original line number Diff line number Diff line
@@ -215,12 +215,7 @@ void __init setup_initial_memory_limit(phys_addr_t first_memblock_base, 
#ifdef CONFIG_PPC_KUEP

void setup_kuep(bool disabled)

{

	if (disabled)

		return;



	pr_info("Activating Kernel Userspace Execution Prevention\n");



	mtspr(SPRN_MI_AP, MI_APG_KUEP);

}

#endif

arch/powerpc/platforms/Kconfig.cputype

+1 −0
Original line number Diff line number Diff line
@@ -43,6 +43,7 @@ config PPC_8xx 
	select ARCH_SUPPORTS_HUGETLBFS

	select FSL_SOC

	select PPC_HAVE_KUEP

	select PPC_KUEP

	select PPC_HAVE_KUAP

	select HAVE_ARCH_VMAP_STACK

	select HUGETLBFS