Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/811875/?format=api
{ "id": 811875, "url": "http://patchwork.ozlabs.org/api/patches/811875/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/1504910713-7094-20-git-send-email-linuxram@us.ibm.com/", "project": { "id": 2, "url": "http://patchwork.ozlabs.org/api/projects/2/?format=api", "name": "Linux PPC development", "link_name": "linuxppc-dev", "list_id": "linuxppc-dev.lists.ozlabs.org", "list_email": "linuxppc-dev@lists.ozlabs.org", "web_url": "https://github.com/linuxppc/wiki/wiki", "scm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git", "webscm_url": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/", "list_archive_url_format": "https://lore.kernel.org/linuxppc-dev/{}/", "commit_url_format": "https://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux.git/commit/?id={}" }, "msgid": "<1504910713-7094-20-git-send-email-linuxram@us.ibm.com>", "list_archive_url": "https://lore.kernel.org/linuxppc-dev/1504910713-7094-20-git-send-email-linuxram@us.ibm.com/", "date": "2017-09-08T22:44:59", "name": "[11/25] powerpc: introduce execute-only pkey", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": false, "hash": "3af78ea8561efb9b0287c2169a3b45e52ae03d18", "submitter": { "id": 2667, "url": "http://patchwork.ozlabs.org/api/people/2667/?format=api", "name": "Ram Pai", "email": "linuxram@us.ibm.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/linuxppc-dev/patch/1504910713-7094-20-git-send-email-linuxram@us.ibm.com/mbox/", "series": [ { "id": 2303, "url": "http://patchwork.ozlabs.org/api/series/2303/?format=api", "web_url": "http://patchwork.ozlabs.org/project/linuxppc-dev/list/?series=2303", "date": "2017-09-08T22:44:40", "name": "powerpc: Free up RPAGE_RSV bits", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/2303/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/811875/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/811875/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>", "X-Original-To": [ "patchwork-incoming@ozlabs.org", "linuxppc-dev@lists.ozlabs.org" ], "Delivered-To": [ "patchwork-incoming@ozlabs.org", "linuxppc-dev@lists.ozlabs.org" ], "Received": [ "from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\t(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xptgn1BFxz9s7h\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat, 9 Sep 2017 09:24:21 +1000 (AEST)", "from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3])\n\tby lists.ozlabs.org (Postfix) with ESMTP id 3xptgm6cykzDqjf\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat, 9 Sep 2017 09:24:20 +1000 (AEST)", "from mail-qt0-x241.google.com (mail-qt0-x241.google.com\n\t[IPv6:2607:f8b0:400d:c0d::241])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128\n\tbits)) (No client certificate requested)\n\tby lists.ozlabs.org (Postfix) with ESMTPS id 3xpsrk5kNvzDrd6\n\tfor <linuxppc-dev@lists.ozlabs.org>;\n\tSat, 9 Sep 2017 08:47:02 +1000 (AEST)", "by mail-qt0-x241.google.com with SMTP id 7so2357084qtz.3\n\tfor <linuxppc-dev@lists.ozlabs.org>;\n\tFri, 08 Sep 2017 15:47:02 -0700 (PDT)", "from localhost.localdomain (50-39-103-96.bvtn.or.frontiernet.net.\n\t[50.39.103.96]) by smtp.gmail.com with ESMTPSA id\n\tx124sm2033726qka.85.2017.09.08.15.46.58\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tFri, 08 Sep 2017 15:47:00 -0700 (PDT)" ], "Authentication-Results": [ "ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"UzAJdGnk\"; dkim-atps=neutral", "lists.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"UzAJdGnk\"; dkim-atps=neutral", "ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=gmail.com\n\t(client-ip=2607:f8b0:400d:c0d::241; helo=mail-qt0-x241.google.com;\n\tenvelope-from=ram.n.pai@gmail.com; receiver=<UNKNOWN>)", "lists.ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"UzAJdGnk\"; dkim-atps=neutral" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;\n\th=sender:from:to:cc:subject:date:message-id:in-reply-to:references;\n\tbh=tD1voKtKeorE1X4wP9PgZpqxPg97wZPDAdmWK2LMd78=;\n\tb=UzAJdGnkdAr8OmpuelxCL8zZwYiVjRpWDTUBQPxdLQcwYuzssmXQd+ojVLUglrg+gY\n\tbYUOWfUMHKt/qRvsrP/RtKY+OY177rYGpXCftZd6WPPx7Zh79Uj+WOn/jNo1/L0laf5H\n\tgNntvv+WQbCUYVQeUeu44mxr5JGCeOQEAmKtESh6DBsi0UNjOCBYnT2dMpJ1ZZ6ks3AZ\n\tpa8qNy0F7O4BYMlQ0d9bOMCFvP8AVorTE1YbImw+35LRSIgHtLDtPZncACDm8lPPxOPU\n\twlFLy8K07BuQFVGLcUR9VppQTyUMB6R/Ru0HgrPQOgveEYwZwVA9BAB1UORbD/yWo9J0\n\tHNKg==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:sender:from:to:cc:subject:date:message-id\n\t:in-reply-to:references;\n\tbh=tD1voKtKeorE1X4wP9PgZpqxPg97wZPDAdmWK2LMd78=;\n\tb=IhbplQo1E7VYV1GYsbtoWWbUiJZoQWQzSC/0xjcPOY7MxTI2YAwZ9Ygg5H/wJ6fnC6\n\t+zQ21daltzGlhrsrgC8iPorRM0QGK+UP4/s1LjgQQUyq8bX/a7qBv3pPcGXBYt1oFaVR\n\tArUIXYQIa+nTLcfzYV1T7Bd8pB84Na8EXMOZX6Kwf1cBqqR/6EBemBfIMfeu9u4sLTZc\n\tA6lk7rJy2h3yjPrJ4bL2jvlW3qF0bOMAGYGlr/wvHIuafTLOCPY2aE8GXACc7mcTY3K7\n\taTHr0YApdluoWO0yVndkZNdXDyC2EAs1tLuJjHH4IWt+uNhKLOU1DFc+PXxyNd2peFRT\n\t/fVg==", "X-Gm-Message-State": "AHPjjUh2bPXU0LfNGCKaz8cHm/zpFmaV/EzzzHQY8gzgaN0QjFhPvjUc\n\tFkSIC0/LGyhHUg==", "X-Google-Smtp-Source": "AOwi7QDJkV1JKy8I1ExlL1LSg//pyGa4az90YnbKY3ggiOZSJCrJaXy/6/Bh0OnwlG2iRsKeBz6slg==", "X-Received": "by 10.200.42.99 with SMTP id l32mr6390944qtl.121.1504910820869; \n\tFri, 08 Sep 2017 15:47:00 -0700 (PDT)", "From": "Ram Pai <linuxram@us.ibm.com>", "To": "mpe@ellerman.id.au,\n\tlinuxppc-dev@lists.ozlabs.org", "Subject": "[PATCH 11/25] powerpc: introduce execute-only pkey", "Date": "Fri, 8 Sep 2017 15:44:59 -0700", "Message-Id": "<1504910713-7094-20-git-send-email-linuxram@us.ibm.com>", "X-Mailer": "git-send-email 1.7.1", "In-Reply-To": "<1504910713-7094-1-git-send-email-linuxram@us.ibm.com>", "References": "<1504910713-7094-1-git-send-email-linuxram@us.ibm.com>", "X-BeenThere": "linuxppc-dev@lists.ozlabs.org", "X-Mailman-Version": "2.1.23", "Precedence": "list", "List-Id": "Linux on PowerPC Developers Mail List\n\t<linuxppc-dev.lists.ozlabs.org>", "List-Unsubscribe": "<https://lists.ozlabs.org/options/linuxppc-dev>,\n\t<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=unsubscribe>", "List-Archive": "<http://lists.ozlabs.org/pipermail/linuxppc-dev/>", "List-Post": "<mailto:linuxppc-dev@lists.ozlabs.org>", "List-Help": "<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=help>", "List-Subscribe": "<https://lists.ozlabs.org/listinfo/linuxppc-dev>,\n\t<mailto:linuxppc-dev-request@lists.ozlabs.org?subject=subscribe>", "Cc": "ebiederm@xmission.com, linuxram@us.ibm.com, mhocko@kernel.org,\n\tpaulus@samba.org, aneesh.kumar@linux.vnet.ibm.com,\n\tbauerman@linux.vnet.ibm.com, khandual@linux.vnet.ibm.com", "Errors-To": "linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org", "Sender": "\"Linuxppc-dev\"\n\t<linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org>" }, "content": "This patch provides the implementation of execute-only pkey.\nThe architecture-independent layer expects the arch-dependent\nlayer, to support the ability to create and enable a special\nkey which has execute-only permission.\n\nSigned-off-by: Ram Pai <linuxram@us.ibm.com>\n---\n arch/powerpc/include/asm/book3s/64/mmu.h | 1 +\n arch/powerpc/include/asm/pkeys.h | 9 ++++-\n arch/powerpc/mm/pkeys.c | 57 ++++++++++++++++++++++++++++++\n 3 files changed, 66 insertions(+), 1 deletions(-)", "diff": "diff --git a/arch/powerpc/include/asm/book3s/64/mmu.h b/arch/powerpc/include/asm/book3s/64/mmu.h\nindex 55950f4..ee18ba0 100644\n--- a/arch/powerpc/include/asm/book3s/64/mmu.h\n+++ b/arch/powerpc/include/asm/book3s/64/mmu.h\n@@ -115,6 +115,7 @@ struct patb_entry {\n \t * bit unset -> key available for allocation\n \t */\n \tu32 pkey_allocation_map;\n+\ts16 execute_only_pkey; /* key holding execute-only protection */\n #endif\n } mm_context_t;\n \ndiff --git a/arch/powerpc/include/asm/pkeys.h b/arch/powerpc/include/asm/pkeys.h\nindex 78c5362..0cf115f 100644\n--- a/arch/powerpc/include/asm/pkeys.h\n+++ b/arch/powerpc/include/asm/pkeys.h\n@@ -115,11 +115,16 @@ static inline int mm_pkey_free(struct mm_struct *mm, int pkey)\n * Try to dedicate one of the protection keys to be used as an\n * execute-only protection key.\n */\n+extern int __execute_only_pkey(struct mm_struct *mm);\n static inline int execute_only_pkey(struct mm_struct *mm)\n {\n-\treturn 0;\n+\tif (!pkey_inited || !pkey_execute_disable_support)\n+\t\treturn -1;\n+\n+\treturn __execute_only_pkey(mm);\n }\n \n+\n static inline int arch_override_mprotect_pkey(struct vm_area_struct *vma,\n \t\tint prot, int pkey)\n {\n@@ -141,6 +146,8 @@ static inline void pkey_mm_init(struct mm_struct *mm)\n \tif (!pkey_inited)\n \t\treturn;\n \tmm_pkey_allocation_map(mm) = initial_allocation_mask;\n+\t/* -1 means unallocated or invalid */\n+\tmm->context.execute_only_pkey = -1;\n }\n \n extern void thread_pkey_regs_save(struct thread_struct *thread);\ndiff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c\nindex 7cd1be4..8a24983 100644\n--- a/arch/powerpc/mm/pkeys.c\n+++ b/arch/powerpc/mm/pkeys.c\n@@ -188,3 +188,60 @@ void thread_pkey_regs_init(struct thread_struct *thread)\n \twrite_iamr(0x0ul);\n \twrite_uamor(0x0ul);\n }\n+\n+static inline bool pkey_allows_readwrite(int pkey)\n+{\n+\tint pkey_shift = pkeyshift(pkey);\n+\n+\tif (!(read_uamor() & (0x3UL << pkey_shift)))\n+\t\treturn true;\n+\n+\treturn !(read_amr() & ((AMR_RD_BIT|AMR_WR_BIT) << pkey_shift));\n+}\n+\n+int __execute_only_pkey(struct mm_struct *mm)\n+{\n+\tbool need_to_set_mm_pkey = false;\n+\tint execute_only_pkey = mm->context.execute_only_pkey;\n+\tint ret;\n+\n+\t/* Do we need to assign a pkey for mm's execute-only maps? */\n+\tif (execute_only_pkey == -1) {\n+\t\t/* Go allocate one to use, which might fail */\n+\t\texecute_only_pkey = mm_pkey_alloc(mm);\n+\t\tif (execute_only_pkey < 0)\n+\t\t\treturn -1;\n+\t\tneed_to_set_mm_pkey = true;\n+\t}\n+\n+\t/*\n+\t * We do not want to go through the relatively costly\n+\t * dance to set AMR if we do not need to. Check it\n+\t * first and assume that if the execute-only pkey is\n+\t * readwrite-disabled than we do not have to set it\n+\t * ourselves.\n+\t */\n+\tif (!need_to_set_mm_pkey &&\n+\t !pkey_allows_readwrite(execute_only_pkey))\n+\t\treturn execute_only_pkey;\n+\n+\t/*\n+\t * Set up AMR so that it denies access for everything\n+\t * other than execution.\n+\t */\n+\tret = __arch_set_user_pkey_access(current, execute_only_pkey,\n+\t\t\t(PKEY_DISABLE_ACCESS | PKEY_DISABLE_WRITE));\n+\t/*\n+\t * If the AMR-set operation failed somehow, just return\n+\t * 0 and effectively disable execute-only support.\n+\t */\n+\tif (ret) {\n+\t\tmm_set_pkey_free(mm, execute_only_pkey);\n+\t\treturn -1;\n+\t}\n+\n+\t/* We got one, store it and use it from here on out */\n+\tif (need_to_set_mm_pkey)\n+\t\tmm->context.execute_only_pkey = execute_only_pkey;\n+\treturn execute_only_pkey;\n+}\n", "prefixes": [ "11/25" ] }