Commit 06fbe81b authored by Christophe Leroy's avatar Christophe Leroy Committed by Michael Ellerman
Browse files

powerpc/8xx: Add Kernel Userspace Execution Prevention 



This patch adds Kernel Userspace Execution Prevention on the 8xx.

When a page is Executable, it is set Executable for Key 0 and NX
for Key 1.

Up to now, the User group is defined with Key 0 for both User and
Supervisor.

By changing the group to Key 0 for User and Key 1 for Supervisor,
this patch prevents the Kernel from being able to execute user code.

Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
parent c341a108

arch/powerpc/include/asm/nohash/32/mmu-8xx.h

+7 −0
Original line number Diff line number Diff line
@@ -41,6 +41,13 @@ 
 */

#define MI_APG_INIT	0x4fffffff



/*

 * 0 => Kernel => 01 (all accesses performed according to page definition)

 * 1 => User => 10 (all accesses performed according to swaped page definition)

 * 2-16 => NA => 11 (all accesses performed as user iaw page definition)

 */

#define MI_APG_KUEP	0x6fffffff



/* The effective page number register.  When read, contains the information

 * about the last instruction TLB miss.  When MI_RPN is written, bits in

 * this register are used to create the TLB entry.

arch/powerpc/mm/8xx_mmu.c

+12 −0
Original line number Diff line number Diff line
@@ -213,3 +213,15 @@ void flush_instruction_cache(void) 
	mtspr(SPRN_IC_CST, IDC_INVALL);

	isync();

}



#ifdef CONFIG_PPC_KUEP

void __init setup_kuep(bool disabled)

{

	if (disabled)

		return;



	pr_info("Activating Kernel Userspace Execution Prevention\n");



	mtspr(SPRN_MI_AP, MI_APG_KUEP);

}

#endif

arch/powerpc/platforms/Kconfig.cputype

+1 −0
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ config PPC_8xx 
	bool "Freescale 8xx"

	select FSL_SOC

	select SYS_SUPPORTS_HUGETLBFS

	select PPC_HAVE_KUEP



config 40x

	bool "AMCC 40x"

CRA Git | Maintained and supported by SUSTech CRA and CCSE