powerpc/32s: Allow disabling KUEP at boot time

PPC64 uses MMU features to enable/disable KUEP at boot time.
But feature fixups are applied way too early on PPC32.

Now that all KUEP related actions are in C following the
conversion of KUEP initial setup and context switch in C,
static branches can be used to enable/disable KUEP.

Signed-off-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/7745a2c3a08ec46302920a3f48d1cb9b5469dbbb.1622708530.git.christophe.leroy@csgroup.eu

diff --git a/arch/powerpc/include/asm/book3s/32/kup.h b/arch/powerpc/include/asm/book3s/32/kup.h
index 618ffc8e4ee91e6a95bf5fde22533596313097bd..2854d970dabe956f9d3606f36376a9e99e4a84e3 100644 (file)
--- a/arch/powerpc/include/asm/book3s/32/kup.h
+++ b/arch/powerpc/include/asm/book3s/32/kup.h
@@ -7,6 +7,10 @@
 
 #ifndef __ASSEMBLY__
 
+#include <linux/jump_label.h>
+
+extern struct static_key_false disable_kuep_key;
+
 static __always_inline bool kuap_is_disabled(void)
 {
        return !IS_ENABLED(CONFIG_PPC_KUAP);
@@ -14,7 +18,7 @@ static __always_inline bool kuap_is_disabled(void)
 
 static __always_inline bool kuep_is_disabled(void)
 {
-       return !IS_ENABLED(CONFIG_PPC_KUEP);
+       return !IS_ENABLED(CONFIG_PPC_KUEP) || static_branch_unlikely(&disable_kuep_key);
 }
 
 static inline void kuep_lock(void)

diff --git a/arch/powerpc/mm/book3s32/kuep.c b/arch/powerpc/mm/book3s32/kuep.c
index 3147e2edcf6317a02cfd6a8a2580353faef51552..3f6eb6e23fca53c4ed2e91bc5935cf201293a4be 100644 (file)
--- a/arch/powerpc/mm/book3s32/kuep.c
+++ b/arch/powerpc/mm/book3s32/kuep.c
@@ -3,15 +3,18 @@
 #include <asm/kup.h>
 #include <asm/smp.h>
 
+struct static_key_false disable_kuep_key;
+
 void __init setup_kuep(bool disabled)
 {
-       kuep_lock();
+       if (!disabled)
+               kuep_lock();
 
        if (smp_processor_id() != boot_cpuid)
                return;
 
-       pr_info("Activating Kernel Userspace Execution Prevention\n");
-
        if (disabled)
-               pr_warn("KUEP cannot be disabled yet on 6xx when compiled in\n");
+               static_branch_enable(&disable_kuep_key);
+       else
+               pr_info("Activating Kernel Userspace Execution Prevention\n");
 }