korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-26 13:44:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

powerpc/book3s64/kup: Check max key supported before enabling kup

Browse Source 
Don't enable KUEP/KUAP if we support less than or equal to 3 keys.

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201202043854.76406-1-aneesh.kumar@linux.ibm.com
This commit is contained in:
Aneesh Kumar K.V 2020-12-02 10:08:54 +05:30 committed by Michael Ellerman
parent c91435d95c
commit 61130e203d
3 changed files with 26 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
arch/powerpc/include/asm/kup.h
View File

@ -44,6 +44,9 @@
#else /* !__ASSEMBLY__ */ #else /* !__ASSEMBLY__ */
extern bool disable_kuep;
extern bool disable_kuap;
#include <linux/pgtable.h> #include <linux/pgtable.h>
void setup_kup(void); void setup_kup(void);

33
arch/powerpc/mm/book3s64/pkeys.c
View File

@ -185,6 +185,27 @@ void __init pkey_early_init_devtree(void)
default_uamor &= ~(0x3ul << pkeyshift(execute_only_key)); default_uamor &= ~(0x3ul << pkeyshift(execute_only_key));
} }
if (unlikely(num_pkey <= 3)) {
/*
* Insufficient number of keys to support
* KUAP/KUEP feature.
*/
disable_kuep = true;
disable_kuap = true;
WARN(1, "Disabling kernel user protection due to low (%d) max supported keys\n", num_pkey);
} else {
/* handle key which is used by kernel for KAUP */
reserved_allocation_mask |= (0x1 << 3);
/*
* Mark access for kup_key in default amr so that
* we continue to operate with that AMR in
* copy_to/from_user().
*/
default_amr &= ~(0x3ul << pkeyshift(3));
default_iamr &= ~(0x1ul << pkeyshift(3));
default_uamor &= ~(0x3ul << pkeyshift(3));
}
/* /*
* Allow access for only key 0. And prevent any other modification. * Allow access for only key 0. And prevent any other modification.
*/ */
@ -205,18 +226,6 @@ void __init pkey_early_init_devtree(void)
reserved_allocation_mask |= (0x1 << 1); reserved_allocation_mask |= (0x1 << 1);
default_uamor &= ~(0x3ul << pkeyshift(1)); default_uamor &= ~(0x3ul << pkeyshift(1));
/* handle key which is used by kernel for KAUP */
reserved_allocation_mask |= (0x1 << 3);
/*
* Mark access for KUAP key in default amr so that
* we continue to operate with that AMR in
* copy_to/from_user().
*/
default_amr &= ~(0x3ul << pkeyshift(3));
default_iamr &= ~(0x1ul << pkeyshift(3));
default_uamor &= ~(0x3ul << pkeyshift(3));
/* /*
* Prevent the usage of OS reserved keys. Update UAMOR * Prevent the usage of OS reserved keys. Update UAMOR
* for those keys. Also mark the rest of the bits in the * for those keys. Also mark the rest of the bits in the

4
arch/powerpc/mm/init-common.c
View File

@ -28,8 +28,8 @@ EXPORT_SYMBOL_GPL(kernstart_addr);
unsigned long kernstart_virt_addr __ro_after_init = KERNELBASE; unsigned long kernstart_virt_addr __ro_after_init = KERNELBASE;
EXPORT_SYMBOL_GPL(kernstart_virt_addr); EXPORT_SYMBOL_GPL(kernstart_virt_addr);
static bool disable_kuep = !IS_ENABLED(CONFIG_PPC_KUEP); bool disable_kuep = !IS_ENABLED(CONFIG_PPC_KUEP);
static bool disable_kuap = !IS_ENABLED(CONFIG_PPC_KUAP); bool disable_kuap = !IS_ENABLED(CONFIG_PPC_KUAP);
static int __init parse_nosmep(char *p) static int __init parse_nosmep(char *p)
{ {