From patchwork Fri Sep 8 22:44:57 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ram Pai X-Patchwork-Id: 811873 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xptbG1kDTz9s7h for ; Sat, 9 Sep 2017 09:20:26 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="YJ/liKVk"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 3xptbG0MGVzDrcF for ; Sat, 9 Sep 2017 09:20:26 +1000 (AEST) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="YJ/liKVk"; dkim-atps=neutral X-Original-To: linuxppc-dev@lists.ozlabs.org Delivered-To: linuxppc-dev@lists.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gmail.com (client-ip=2607:f8b0:400d:c09::242; helo=mail-qk0-x242.google.com; envelope-from=ram.n.pai@gmail.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="YJ/liKVk"; dkim-atps=neutral Received: from mail-qk0-x242.google.com (mail-qk0-x242.google.com [IPv6:2607:f8b0:400d:c09::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 3xpsrf4H8JzDrcp for ; Sat, 9 Sep 2017 08:46:58 +1000 (AEST) Received: by mail-qk0-x242.google.com with SMTP id g128so2327254qke.0 for ; Fri, 08 Sep 2017 15:46:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references; bh=0Jb5jeM2wh9FdjQ7C4+oqGliaOzy4NENLmrM18JVFPE=; b=YJ/liKVkI242RmV8J0vIvXkWGT5EwM4JKcefZzjCJTUDn5kZ/0edvI20o3T1Mr89Rb 25N0Un4mtAY09nCNIm5V4sE3Cswoe3UNXmvT8eFm7ozds8OpocCnrB+wFGi+i/LwXWOJ lTd2w7C0i6KX8y6aWA/cWGmjxTf408EIYyUZPMPHBL/66fQzxEFHgE7z3gxxp6CPXU/c G0jSD7hGxtBvP0SGna2nTtj1r+TqJaDaJMhfjp6cv+y+0185NY7sWCHOiIagtKhzW2bC NysoYCJDt72GAYPpZh3yPY+DTE6aDfdfzLq+QPAFNSs9h62hnG/UArjiuyucScAnB088 9Drw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references; bh=0Jb5jeM2wh9FdjQ7C4+oqGliaOzy4NENLmrM18JVFPE=; b=XYdlbPt8kV0HUiLtxu6Q5mZ2ZR8K3JHEslBgNos0fhRDDbS1y5WsG6BIUbBYu4zhky fOHzR0RLDmPpGtSgK3WWYscS4gJfG/V0/IDIIq+Ui7JqUKiPcOK2Iq8rwNnuQnHCkhk7 BKbRIr8d2IrbkC13kgFn+u7y3GPf20Ag/TwMOm2qBLrura6X4fdnVD3V1S9Xm8F0E2zs hRPM8ekYtL7s8H2I2V3w/5C7PDjWF4BxK15or/xv4SDYAM2k7D+cbqmCf22J4UoZAxzV HLNqDoAMwcLtmKpLNSTQtIoY+t8D4S2KM986r/r2EHhE3nLJMT1Zqq5PaS6a6W5Nl0yS ihBw== X-Gm-Message-State: AHPjjUibzcKZEYFaiQT/hJ5D6J5zyfrUCM823y5xVNdSpvMuNmOLave3 b6m24r9MGAzjgw== X-Google-Smtp-Source: AOwi7QCsy6nG7qLqv6qUAfE5JtG7Pu7Xx13VRfSsj4JxM26StJZ/PUzDjkhhEATAC4SP4shZ1+7vBw== X-Received: by 10.55.18.96 with SMTP id c93mr6215639qkh.297.1504910816705; Fri, 08 Sep 2017 15:46:56 -0700 (PDT) Received: from localhost.localdomain (50-39-103-96.bvtn.or.frontiernet.net. [50.39.103.96]) by smtp.gmail.com with ESMTPSA id x124sm2033726qka.85.2017.09.08.15.46.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 08 Sep 2017 15:46:56 -0700 (PDT) From: Ram Pai To: mpe@ellerman.id.au, linuxppc-dev@lists.ozlabs.org Subject: [PATCH 09/25] powerpc: ability to create execute-disabled pkeys Date: Fri, 8 Sep 2017 15:44:57 -0700 Message-Id: <1504910713-7094-18-git-send-email-linuxram@us.ibm.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1504910713-7094-1-git-send-email-linuxram@us.ibm.com> References: <1504910713-7094-1-git-send-email-linuxram@us.ibm.com> X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: ebiederm@xmission.com, linuxram@us.ibm.com, mhocko@kernel.org, paulus@samba.org, aneesh.kumar@linux.vnet.ibm.com, bauerman@linux.vnet.ibm.com, khandual@linux.vnet.ibm.com Errors-To: linuxppc-dev-bounces+patchwork-incoming=ozlabs.org@lists.ozlabs.org Sender: "Linuxppc-dev" powerpc has hardware support to disable execute on a pkey. This patch enables the ability to create execute-disabled keys. Signed-off-by: Ram Pai --- arch/powerpc/include/uapi/asm/mman.h | 6 ++++++ arch/powerpc/mm/pkeys.c | 16 ++++++++++++++++ 2 files changed, 22 insertions(+), 0 deletions(-) diff --git a/arch/powerpc/include/uapi/asm/mman.h b/arch/powerpc/include/uapi/asm/mman.h index ab45cc2..f272b09 100644 --- a/arch/powerpc/include/uapi/asm/mman.h +++ b/arch/powerpc/include/uapi/asm/mman.h @@ -45,4 +45,10 @@ #define MAP_HUGE_1GB (30 << MAP_HUGE_SHIFT) /* 1GB HugeTLB Page */ #define MAP_HUGE_16GB (34 << MAP_HUGE_SHIFT) /* 16GB HugeTLB Page */ +/* override any generic PKEY Permission defines */ +#define PKEY_DISABLE_EXECUTE 0x4 +#undef PKEY_ACCESS_MASK +#define PKEY_ACCESS_MASK (PKEY_DISABLE_ACCESS |\ + PKEY_DISABLE_WRITE |\ + PKEY_DISABLE_EXECUTE) #endif /* _UAPI_ASM_POWERPC_MMAN_H */ diff --git a/arch/powerpc/mm/pkeys.c b/arch/powerpc/mm/pkeys.c index cc5be6a..2282864 100644 --- a/arch/powerpc/mm/pkeys.c +++ b/arch/powerpc/mm/pkeys.c @@ -24,6 +24,14 @@ void __init pkey_initialize(void) { int os_reserved, i; + /* + * we define PKEY_DISABLE_EXECUTE in addition to the arch-neutral + * generic defines for PKEY_DISABLE_ACCESS and PKEY_DISABLE_WRITE. + * Ensure that the bits a distinct. + */ + BUILD_BUG_ON(PKEY_DISABLE_EXECUTE & + (PKEY_DISABLE_ACCESS | PKEY_DISABLE_WRITE)); + /* disable the pkey system till everything * is in place. A patch further down the * line will enable it. @@ -120,10 +128,18 @@ int __arch_set_user_pkey_access(struct task_struct *tsk, int pkey, unsigned long init_val) { u64 new_amr_bits = 0x0ul; + u64 new_iamr_bits = 0x0ul; if (!is_pkey_enabled(pkey)) return -EINVAL; + if ((init_val & PKEY_DISABLE_EXECUTE)) { + if (!pkey_execute_disable_support) + return -EINVAL; + new_iamr_bits |= IAMR_EX_BIT; + } + init_iamr(pkey, new_iamr_bits); + /* Set the bits we need in AMR: */ if (init_val & PKEY_DISABLE_ACCESS) new_amr_bits |= AMR_RD_BIT | AMR_WR_BIT;