diff options
| author | Christophe Leroy <christophe.leroy@c-s.fr> | 2019-03-11 09:30:33 +0100 |
|---|---|---|
| committer | Michael Ellerman <mpe@ellerman.id.au> | 2019-04-21 15:11:46 +0200 |
| commit | 06fbe81b5909847aa13f9c86c2b6f9bbc5c2795b (patch) | |
| tree | dd48ae9729e84beaa712f9d5dfa9ba9638f74d25 /arch | |
| parent | powerpc/8xx: Only define APG0 and APG1 (diff) | |
| download | linux-06fbe81b5909847aa13f9c86c2b6f9bbc5c2795b.tar.xz linux-06fbe81b5909847aa13f9c86c2b6f9bbc5c2795b.zip | |
powerpc/8xx: Add Kernel Userspace Execution Prevention
This patch adds Kernel Userspace Execution Prevention on the 8xx.
When a page is Executable, it is set Executable for Key 0 and NX
for Key 1.
Up to now, the User group is defined with Key 0 for both User and
Supervisor.
By changing the group to Key 0 for User and Key 1 for Supervisor,
this patch prevents the Kernel from being able to execute user code.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/powerpc/include/asm/nohash/32/mmu-8xx.h | 7 | ||||
| -rw-r--r-- | arch/powerpc/mm/8xx_mmu.c | 12 | ||||
| -rw-r--r-- | arch/powerpc/platforms/Kconfig.cputype | 1 |
3 files changed, 20 insertions, 0 deletions
diff --git a/arch/powerpc/include/asm/nohash/32/mmu-8xx.h b/arch/powerpc/include/asm/nohash/32/mmu-8xx.h index fc5a653d5dd2..3cb743284e09 100644 --- a/arch/powerpc/include/asm/nohash/32/mmu-8xx.h +++ b/arch/powerpc/include/asm/nohash/32/mmu-8xx.h @@ -41,6 +41,13 @@ */ #define MI_APG_INIT 0x4fffffff +/* + * 0 => Kernel => 01 (all accesses performed according to page definition) + * 1 => User => 10 (all accesses performed according to swaped page definition) + * 2-16 => NA => 11 (all accesses performed as user iaw page definition) + */ +#define MI_APG_KUEP 0x6fffffff + /* The effective page number register. When read, contains the information * about the last instruction TLB miss. When MI_RPN is written, bits in * this register are used to create the TLB entry. diff --git a/arch/powerpc/mm/8xx_mmu.c b/arch/powerpc/mm/8xx_mmu.c index fe1f6443d57f..e257a0c9bd08 100644 --- a/arch/powerpc/mm/8xx_mmu.c +++ b/arch/powerpc/mm/8xx_mmu.c @@ -213,3 +213,15 @@ void flush_instruction_cache(void) mtspr(SPRN_IC_CST, IDC_INVALL); isync(); } + +#ifdef CONFIG_PPC_KUEP +void __init setup_kuep(bool disabled) +{ + if (disabled) + return; + + pr_info("Activating Kernel Userspace Execution Prevention\n"); + + mtspr(SPRN_MI_AP, MI_APG_KUEP); +} +#endif diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype index 2e45a6e2bc99..00fa0d110dcb 100644 --- a/arch/powerpc/platforms/Kconfig.cputype +++ b/arch/powerpc/platforms/Kconfig.cputype @@ -34,6 +34,7 @@ config PPC_8xx bool "Freescale 8xx" select FSL_SOC select SYS_SUPPORTS_HUGETLBFS + select PPC_HAVE_KUEP config 40x bool "AMCC 40x" |