tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

powerpc/book3s64/kup: Check max key supported before enabling kup

Don't enable KUEP/KUAP if we support less than or equal to 3 keys.

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201202043854.76406-1-aneesh.kumar@linux.ibm.com

authored by

Aneesh Kumar K.V and committed by
Michael Ellerman 61130e20 c91435d9

+26 -14
+3
arch/powerpc/include/asm/kup.h
··· 44 44 45 45 #else /* !__ASSEMBLY__ */ 46 46 47 + extern bool disable_kuep; 48 + extern bool disable_kuap; 49 + 47 50 #include <linux/pgtable.h> 48 51 49 52 void setup_kup(void);
+21 -12
arch/powerpc/mm/book3s64/pkeys.c
··· 185 185 default_uamor &= ~(0x3ul << pkeyshift(execute_only_key)); 186 186 } 187 187 188 + if (unlikely(num_pkey <= 3)) { 189 + /* 190 + * Insufficient number of keys to support 191 + * KUAP/KUEP feature. 192 + */ 193 + disable_kuep = true; 194 + disable_kuap = true; 195 + WARN(1, "Disabling kernel user protection due to low (%d) max supported keys\n", num_pkey); 196 + } else { 197 + /* handle key which is used by kernel for KAUP */ 198 + reserved_allocation_mask |= (0x1 << 3); 199 + /* 200 + * Mark access for kup_key in default amr so that 201 + * we continue to operate with that AMR in 202 + * copy_to/from_user(). 203 + */ 204 + default_amr &= ~(0x3ul << pkeyshift(3)); 205 + default_iamr &= ~(0x1ul << pkeyshift(3)); 206 + default_uamor &= ~(0x3ul << pkeyshift(3)); 207 + } 208 + 188 209 /* 189 210 * Allow access for only key 0. And prevent any other modification. 190 211 */ ··· 225 204 */ 226 205 reserved_allocation_mask |= (0x1 << 1); 227 206 default_uamor &= ~(0x3ul << pkeyshift(1)); 228 - 229 - /* handle key which is used by kernel for KAUP */ 230 - reserved_allocation_mask |= (0x1 << 3); 231 - /* 232 - * Mark access for KUAP key in default amr so that 233 - * we continue to operate with that AMR in 234 - * copy_to/from_user(). 235 - */ 236 - default_amr &= ~(0x3ul << pkeyshift(3)); 237 - default_iamr &= ~(0x1ul << pkeyshift(3)); 238 - default_uamor &= ~(0x3ul << pkeyshift(3)); 239 - 240 207 241 208 /* 242 209 * Prevent the usage of OS reserved keys. Update UAMOR
+2 -2
arch/powerpc/mm/init-common.c
··· 28 28 unsigned long kernstart_virt_addr __ro_after_init = KERNELBASE; 29 29 EXPORT_SYMBOL_GPL(kernstart_virt_addr); 30 30 31 - static bool disable_kuep = !IS_ENABLED(CONFIG_PPC_KUEP); 32 - static bool disable_kuap = !IS_ENABLED(CONFIG_PPC_KUAP); 31 + bool disable_kuep = !IS_ENABLED(CONFIG_PPC_KUEP); 32 + bool disable_kuap = !IS_ENABLED(CONFIG_PPC_KUAP); 33 33 34 34 static int __init parse_nosmep(char *p) 35 35 {