]> git.baikalelectronics.ru Git - kernel.git/commitdiff
powerpc: ability to create execute-disabled pkeys
authorRam Pai <linuxram@us.ibm.com>
Fri, 19 Jan 2018 01:50:30 +0000 (17:50 -0800)
committerMichael Ellerman <mpe@ellerman.id.au>
Sat, 20 Jan 2018 11:59:00 +0000 (22:59 +1100)
powerpc has hardware support to disable execute on a pkey.
This patch enables the ability to create execute-disabled
keys.

Signed-off-by: Ram Pai <linuxram@us.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
arch/powerpc/include/uapi/asm/mman.h
arch/powerpc/mm/pkeys.c

index e63bc37e33af915e9cf970f71c2e8a865f26d0aa..65065ce3281496f82668a52cbc42a6faf781caad 100644 (file)
 #define MAP_STACK      0x20000         /* give out an address that is best suited for process/thread stacks */
 #define MAP_HUGETLB    0x40000         /* create a huge page mapping */
 
+/* Override any generic PKEY permission defines */
+#define PKEY_DISABLE_EXECUTE   0x4
+#undef PKEY_ACCESS_MASK
+#define PKEY_ACCESS_MASK       (PKEY_DISABLE_ACCESS |\
+                               PKEY_DISABLE_WRITE  |\
+                               PKEY_DISABLE_EXECUTE)
 #endif /* _UAPI_ASM_POWERPC_MMAN_H */
index b01238bd88c1c6edee4d63304bab46175c8cbbff..e61bea4a360609a57341d150ccfec37a06d861bf 100644 (file)
@@ -24,6 +24,14 @@ int pkey_initialize(void)
 {
        int os_reserved, i;
 
+       /*
+        * We define PKEY_DISABLE_EXECUTE in addition to the arch-neutral
+        * generic defines for PKEY_DISABLE_ACCESS and PKEY_DISABLE_WRITE.
+        * Ensure that the bits a distinct.
+        */
+       BUILD_BUG_ON(PKEY_DISABLE_EXECUTE &
+                    (PKEY_DISABLE_ACCESS | PKEY_DISABLE_WRITE));
+
        /*
         * Disable the pkey system till everything is in place. A subsequent
         * patch will enable it.
@@ -177,10 +185,18 @@ int __arch_set_user_pkey_access(struct task_struct *tsk, int pkey,
                                unsigned long init_val)
 {
        u64 new_amr_bits = 0x0ul;
+       u64 new_iamr_bits = 0x0ul;
 
        if (!is_pkey_enabled(pkey))
                return -EINVAL;
 
+       if (init_val & PKEY_DISABLE_EXECUTE) {
+               if (!pkey_execute_disable_supported)
+                       return -EINVAL;
+               new_iamr_bits |= IAMR_EX_BIT;
+       }
+       init_iamr(pkey, new_iamr_bits);
+
        /* Set the bits we need in AMR: */
        if (init_val & PKEY_DISABLE_ACCESS)
                new_amr_bits |= AMR_RD_BIT | AMR_WR_BIT;