powerpc/kuap: Wire-up KUAP on 40x

This adds KUAP support to 40x. This is done by checking
the content of SPRN_PID at the time user pgtable is loaded.

40x doesn't have KUEP, but KUAP implies KUEP because when the
PID doesn't match the page's PID, the page cannot be read nor
executed.

So KUEP is now automatically selected when KUAP is selected and
disabled when KUAP is disabled.

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/aaefa91897ddc42ac11019dc0e1d1a525bd08e90.1634627931.git.christophe.leroy@csgroup.eu

diff --git a/arch/powerpc/kernel/head_40x.S b/arch/powerpc/kernel/head_40x.S
index e783860..b6c6d1d 100644 (file)
--- a/arch/powerpc/kernel/head_40x.S
+++ b/arch/powerpc/kernel/head_40x.S
@@ -298,6 +298,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt)
 3:
        mfspr   r11,SPRN_SPRG_THREAD
        lwz     r11,PGDIR(r11)
+#ifdef CONFIG_PPC_KUAP
+       rlwinm. r9, r9, 0, 0xff
+       beq     5f                      /* Kuap fault */
+#endif
 4:
        tophys(r11, r11)
        rlwimi  r11, r10, 12, 20, 29    /* Create L1 (pgdir/pmd) address */
@@ -378,6 +382,10 @@ _ASM_NOKPROBE_SYMBOL(\name\()_virt)
 3:
        mfspr   r11,SPRN_SPRG_THREAD
        lwz     r11,PGDIR(r11)
+#ifdef CONFIG_PPC_KUAP
+       rlwinm. r9, r9, 0, 0xff
+       beq     5f                      /* Kuap fault */
+#endif
 4:
        tophys(r11, r11)
        rlwimi  r11, r10, 12, 20, 29    /* Create L1 (pgdir/pmd) address */

diff --git a/arch/powerpc/mm/nohash/kup.c b/arch/powerpc/mm/nohash/kup.c
index eaea522..552becf 100644 (file)
--- a/arch/powerpc/mm/nohash/kup.c
+++ b/arch/powerpc/mm/nohash/kup.c
@@ -19,6 +19,8 @@ EXPORT_SYMBOL(disable_kuap_key);
 void setup_kuap(bool disabled)
 {
        if (disabled) {
+               if (IS_ENABLED(CONFIG_40x))
+                       disable_kuep = true;
                if (smp_processor_id() == boot_cpuid)
                        static_branch_enable(&disable_kuap_key);
                return;

diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index 3f00e75..95e034e 100644 (file)
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -54,6 +54,9 @@ config 40x
        select PPC_UDBG_16550
        select 4xx_SOC
        select HAVE_PCI
+       select PPC_HAVE_KUAP
+       select PPC_HAVE_KUEP
+       select PPC_KUEP if PPC_KUAP
 
 config 44x
        bool "AMCC 44x, 46x or 47x"
@@ -425,9 +428,9 @@ config PPC_HAVE_KUEP
        bool
 
 config PPC_KUEP
-       bool "Kernel Userspace Execution Prevention"
+       bool "Kernel Userspace Execution Prevention" if !40x
        depends on PPC_HAVE_KUEP
-       default y
+       default y if !40x
        help
          Enable support for Kernel Userspace Execution Prevention (KUEP)