fcf9bb6d32
This adds KUAP support to 40x. This is done by checking the content of SPRN_PID at the time user pgtable is loaded. 40x doesn't have KUEP, but KUAP implies KUEP because when the PID doesn't match the page's PID, the page cannot be read nor executed. So KUEP is now automatically selected when KUAP is selected and disabled when KUAP is disabled. Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/aaefa91897ddc42ac11019dc0e1d1a525bd08e90.1634627931.git.christophe.leroy@csgroup.eu
33 lines
719 B
C
33 lines
719 B
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/*
|
|
* This file contains the routines for initializing kernel userspace protection
|
|
*/
|
|
|
|
#include <linux/export.h>
|
|
#include <linux/init.h>
|
|
#include <linux/jump_label.h>
|
|
#include <linux/printk.h>
|
|
#include <linux/smp.h>
|
|
|
|
#include <asm/kup.h>
|
|
#include <asm/smp.h>
|
|
|
|
#ifdef CONFIG_PPC_KUAP
|
|
struct static_key_false disable_kuap_key;
|
|
EXPORT_SYMBOL(disable_kuap_key);
|
|
|
|
void setup_kuap(bool disabled)
|
|
{
|
|
if (disabled) {
|
|
if (IS_ENABLED(CONFIG_40x))
|
|
disable_kuep = true;
|
|
if (smp_processor_id() == boot_cpuid)
|
|
static_branch_enable(&disable_kuap_key);
|
|
return;
|
|
}
|
|
|
|
pr_info("Activating Kernel Userspace Access Protection\n");
|
|
|
|
__prevent_user_access(KUAP_READ_WRITE);
|
|
}
|
|
#endif
|