powerpc/8xx: Activate KUEP at all time

On the 8xx, there is absolutely no runtime impact with KUEP. Protection
against execution of user code in kernel mode is set up at boot time
by configuring the groups with contain all user pages as having swapped
protection rights, in extenso EX for user and NA for supervisor.

Configure KUEP at startup and force selection of CONFIG_PPC_KUEP.

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/2129e86944323ffe9ed07fffbeafdfd2e363690a.1634627931.git.christophe.leroy@csgroup.eu

diff --git a/arch/powerpc/include/asm/nohash/32/mmu-8xx.h b/arch/powerpc/include/asm/nohash/32/mmu-8xx.h
index 997cec9734067a3717199d36ecb326171d9b00ba..0e93a4728c9e15de509432a6f70879a5f0b0a809 100644 (file)
--- a/arch/powerpc/include/asm/nohash/32/mmu-8xx.h
+++ b/arch/powerpc/include/asm/nohash/32/mmu-8xx.h
@@ -39,12 +39,10 @@
  * 0 => Kernel => 11 (all accesses performed according as user iaw page definition)
  * 1 => Kernel+Accessed => 01 (all accesses performed according to page definition)
  * 2 => User => 11 (all accesses performed according as user iaw page definition)
- * 3 => User+Accessed => 00 (all accesses performed as supervisor iaw page definition) for INIT
- *                    => 10 (all accesses performed according to swaped page definition) for KUEP
+ * 3 => User+Accessed => 10 (all accesses performed according to swaped page definition) for KUEP
  * 4-15 => Not Used
  */
-#define MI_APG_INIT    0xdc000000
-#define MI_APG_KUEP    0xde000000
+#define MI_APG_INIT    0xde000000
 
 /* The effective page number register.  When read, contains the information
  * about the last instruction TLB miss.  When MI_RPN is written, bits in

diff --git a/arch/powerpc/mm/nohash/8xx.c b/arch/powerpc/mm/nohash/8xx.c
index baa1f8a40af819ce2de30a921b82037c10737a94..e878e8124ee674dbb91facd36e27cdf786dff72d 100644 (file)
--- a/arch/powerpc/mm/nohash/8xx.c
+++ b/arch/powerpc/mm/nohash/8xx.c
@@ -215,12 +215,7 @@ void __init setup_initial_memory_limit(phys_addr_t first_memblock_base,
 #ifdef CONFIG_PPC_KUEP
 void setup_kuep(bool disabled)
 {
-       if (disabled)
-               return;
-
        pr_info("Activating Kernel Userspace Execution Prevention\n");
-
-       mtspr(SPRN_MI_AP, MI_APG_KUEP);
 }
 #endif
 

diff --git a/arch/powerpc/platforms/Kconfig.cputype b/arch/powerpc/platforms/Kconfig.cputype
index 7ca07df1c374ad60514f360fb7dbd42f2517eb25..8b36608c7888d0f72ebf266c61689ba6226c3bb0 100644 (file)
--- a/arch/powerpc/platforms/Kconfig.cputype
+++ b/arch/powerpc/platforms/Kconfig.cputype
@@ -43,6 +43,7 @@ config PPC_8xx
        select ARCH_SUPPORTS_HUGETLBFS
        select FSL_SOC
        select PPC_HAVE_KUEP
+       select PPC_KUEP
        select PPC_HAVE_KUAP
        select HAVE_ARCH_VMAP_STACK
        select HUGETLBFS