powerpc/32s: Implement Kernel Userspace Execution Prevention. To implement Kernel Userspace Execution Prevention, this patch sets NX bit on all user segments on kernel entry and clears NX bit on all user segments on kernel exit. Note that powerpc 601 doesn't have the NX bit, so KUEP will not work on it. A warning is displayed at startup. Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>

commit: 31ed2b13c48d779efc838ad54e30121e088a62af [log] [tgz]
author: Christophe Leroy <christophe.leroy@c-s.fr> Mon Mar 11 08:30:35 2019 +0000
committer: Michael Ellerman <mpe@ellerman.id.au> Sun Apr 21 23:11:46 2019 +1000
tree: 80890f996c246cd567e2822230b68340919adebf
parent: 2679f9bd0abafb3044bcbaac0600b32159ac8bf2 [diff] [blame]
diff --git a/arch/powerpc/mm/ppc_mmu_32.c b/arch/powerpc/mm/ppc_mmu_32.c
index f29d2f1..baa7567 100644
--- a/arch/powerpc/mm/ppc_mmu_32.c
+++ b/arch/powerpc/mm/ppc_mmu_32.c

@@ -394,3 +394,16 @@ void setup_initial_memory_limit(phys_addr_t first_memblock_base,
 	else /* Anything else has 256M mapped */
 		memblock_set_current_limit(min_t(u64, first_memblock_size, 0x10000000));
 }
+
+#ifdef CONFIG_PPC_KUEP
+void __init setup_kuep(bool disabled)
+{
+	pr_info("Activating Kernel Userspace Execution Prevention\n");
+
+	if (cpu_has_feature(CPU_FTR_601))
+		pr_warn("KUEP is not working on powerpc 601 (No NX bit in Seg Regs)\n");
+
+	if (disabled)
+		pr_warn("KUEP cannot be disabled yet on 6xx when compiled in\n");
+}
+#endif
commit	31ed2b13c48d779efc838ad54e30121e088a62af	[log] [tgz]
author	Christophe Leroy <christophe.leroy@c-s.fr>	Mon Mar 11 08:30:35 2019 +0000
committer	Michael Ellerman <mpe@ellerman.id.au>	Sun Apr 21 23:11:46 2019 +1000
tree	80890f996c246cd567e2822230b68340919adebf
parent	2679f9bd0abafb3044bcbaac0600b32159ac8bf2 [diff] [blame]