[PATCH v2 06/12] powerpc/32s: Initialise KUAP and KUEP in C

From: Christophe Leroy
Date: Thu Jun 03 2021 - 04:41:52 EST


In order to selectively activate KUAP and KUEP in a following patch,
perform KUAP and KUEP initialisation in C.

Unlike PPC64, PPC32 doesn't have an early_setup_secondary(),
so do it in start_secondary().

Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxxxxxx>
---
arch/powerpc/kernel/head_book3s_32.S | 6 ------
arch/powerpc/kernel/smp.c | 4 ++++
arch/powerpc/mm/book3s32/kuap.c | 6 ++++++
arch/powerpc/mm/book3s32/kuep.c | 6 ++++++
4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/arch/powerpc/kernel/head_book3s_32.S b/arch/powerpc/kernel/head_book3s_32.S
index db0e2dc25f86..0b82672ff7a6 100644
--- a/arch/powerpc/kernel/head_book3s_32.S
+++ b/arch/powerpc/kernel/head_book3s_32.S
@@ -934,12 +934,6 @@ _GLOBAL(load_segment_registers)
li r0, NUM_USER_SEGMENTS /* load up user segment register values */
mtctr r0 /* for context 0 */
li r3, 0 /* Kp = 0, Ks = 0, VSID = 0 */
-#ifdef CONFIG_PPC_KUEP
- oris r3, r3, SR_NX@h /* Set Nx */
-#endif
-#ifdef CONFIG_PPC_KUAP
- oris r3, r3, SR_KS@h /* Set Ks */
-#endif
li r4, 0
3: mtsrin r3, r4
addi r3, r3, 0x111 /* increment VSID */
diff --git a/arch/powerpc/kernel/smp.c b/arch/powerpc/kernel/smp.c
index 2e05c783440a..820ae31e0231 100644
--- a/arch/powerpc/kernel/smp.c
+++ b/arch/powerpc/kernel/smp.c
@@ -1541,6 +1541,10 @@ void start_secondary(void *unused)
{
unsigned int cpu = raw_smp_processor_id();

+ /* PPC64 calls setup_kup() in early_setup_secondary() */
+ if (IS_ENABLED(CONFIG_PPC32))
+ setup_kup();
+
mmgrab(&init_mm);
current->active_mm = &init_mm;

diff --git a/arch/powerpc/mm/book3s32/kuap.c b/arch/powerpc/mm/book3s32/kuap.c
index 1df55392878e..5533ed92ab3d 100644
--- a/arch/powerpc/mm/book3s32/kuap.c
+++ b/arch/powerpc/mm/book3s32/kuap.c
@@ -1,9 +1,15 @@
// SPDX-License-Identifier: GPL-2.0-or-later

#include <asm/kup.h>
+#include <asm/smp.h>

void __init setup_kuap(bool disabled)
{
+ kuap_update_sr(mfsr(0) | SR_KS, 0, TASK_SIZE);
+
+ if (smp_processor_id() != boot_cpuid)
+ return;
+
pr_info("Activating Kernel Userspace Access Protection\n");

if (disabled)
diff --git a/arch/powerpc/mm/book3s32/kuep.c b/arch/powerpc/mm/book3s32/kuep.c
index 919595f47e25..3147e2edcf63 100644
--- a/arch/powerpc/mm/book3s32/kuep.c
+++ b/arch/powerpc/mm/book3s32/kuep.c
@@ -1,9 +1,15 @@
// SPDX-License-Identifier: GPL-2.0-or-later

#include <asm/kup.h>
+#include <asm/smp.h>

void __init setup_kuep(bool disabled)
{
+ kuep_lock();
+
+ if (smp_processor_id() != boot_cpuid)
+ return;
+
pr_info("Activating Kernel Userspace Execution Prevention\n");

if (disabled)
--
2.25.0