@@ -2,6 +2,18 @@
#define _ASM_PPC64_PKEYS_H
extern bool pkey_inited;
+/* override any generic PKEY Permission defines */
+#undef PKEY_DISABLE_ACCESS
+#define PKEY_DISABLE_ACCESS 0x1
+#undef PKEY_DISABLE_WRITE
+#define PKEY_DISABLE_WRITE 0x2
+#undef PKEY_DISABLE_EXECUTE
+#define PKEY_DISABLE_EXECUTE 0x4
+#undef PKEY_ACCESS_MASK
+#define PKEY_ACCESS_MASK (PKEY_DISABLE_ACCESS |\
+ PKEY_DISABLE_WRITE |\
+ PKEY_DISABLE_EXECUTE)
+
#define arch_max_pkey() 32
#define AMR_RD_BIT 0x1UL
#define AMR_WR_BIT 0x2UL
@@ -73,6 +73,7 @@ int __arch_set_user_pkey_access(struct task_struct *tsk, int pkey,
unsigned long init_val)
{
u64 new_amr_bits = 0x0ul;
+ u64 new_iamr_bits = 0x0ul;
if (!is_pkey_enabled(pkey))
return -1;
@@ -85,5 +86,14 @@ int __arch_set_user_pkey_access(struct task_struct *tsk, int pkey,
init_amr(pkey, new_amr_bits);
+ /*
+ * By default execute is disabled.
+ * To enable execute, PKEY_ENABLE_EXECUTE
+ * needs to be specified.
+ */
+ if ((init_val & PKEY_DISABLE_EXECUTE))
+ new_iamr_bits |= IAMR_EX_BIT;
+
+ init_iamr(pkey, new_iamr_bits);
return 0;
}
powerpc has hardware support to disable execute on a pkey. This patch enables the ability to create execute-disabled keys. Signed-off-by: Ram Pai <linuxram@us.ibm.com> --- arch/powerpc/include/asm/pkeys.h | 12 ++++++++++++ arch/powerpc/mm/pkeys.c | 10 ++++++++++ 2 files changed, 22 insertions(+), 0 deletions(-)