Commit d94b827e authored by Aneesh Kumar K.V's avatar Aneesh Kumar K.V Committed by Michael Ellerman
Browse files

powerpc/book3s64/kuap: Use Key 3 for kernel mapping with hash translation 



This patch updates kernel hash page table entries to use storage key 3
for its mapping. This implies all kernel access will now use key 3 to
control READ/WRITE. The patch also prevents the allocation of key 3 from
userspace and UAMOR value is updated such that userspace cannot modify key 3.

Signed-off-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.ibm.com>
Reviewed-by: default avatarSandipan Das <sandipan@linux.ibm.com>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20201127044424.40686-9-aneesh.kumar@linux.ibm.com
parent d5b810b5

arch/powerpc/include/asm/book3s/64/hash-pkey.h

+19 −6
Original line number Diff line number Diff line
@@ -2,6 +2,9 @@ 
#ifndef _ASM_POWERPC_BOOK3S_64_HASH_PKEY_H

#define _ASM_POWERPC_BOOK3S_64_HASH_PKEY_H



/*  We use key 3 for KERNEL */

#define HASH_DEFAULT_KERNEL_KEY (HPTE_R_KEY_BIT0 | HPTE_R_KEY_BIT1)



static inline u64 hash__vmflag_to_pte_pkey_bits(u64 vm_flags)

{

	return (((vm_flags & VM_PKEY_BIT0) ? H_PTE_PKEY_BIT0 : 0x0UL) |
@@ -11,13 +14,23 @@ static inline u64 hash__vmflag_to_pte_pkey_bits(u64 vm_flags) 
		((vm_flags & VM_PKEY_BIT4) ? H_PTE_PKEY_BIT4 : 0x0UL));

}



static inline u64 pte_to_hpte_pkey_bits(u64 pteflags)

static inline u64 pte_to_hpte_pkey_bits(u64 pteflags, unsigned long flags)

{

	return (((pteflags & H_PTE_PKEY_BIT4) ? HPTE_R_KEY_BIT4 : 0x0UL) |

	unsigned long pte_pkey;



	pte_pkey = (((pteflags & H_PTE_PKEY_BIT4) ? HPTE_R_KEY_BIT4 : 0x0UL) |

		    ((pteflags & H_PTE_PKEY_BIT3) ? HPTE_R_KEY_BIT3 : 0x0UL) |

		    ((pteflags & H_PTE_PKEY_BIT2) ? HPTE_R_KEY_BIT2 : 0x0UL) |

		    ((pteflags & H_PTE_PKEY_BIT1) ? HPTE_R_KEY_BIT1 : 0x0UL) |

		    ((pteflags & H_PTE_PKEY_BIT0) ? HPTE_R_KEY_BIT0 : 0x0UL));



	if (mmu_has_feature(MMU_FTR_BOOK3S_KUAP) ||

	    mmu_has_feature(MMU_FTR_BOOK3S_KUEP)) {

		if ((pte_pkey == 0) && (flags & HPTE_USE_KERNEL_KEY))

			return HASH_DEFAULT_KERNEL_KEY;

	}



	return pte_pkey;

}



static inline u16 hash__pte_to_pkey_bits(u64 pteflags)

arch/powerpc/include/asm/book3s/64/hash.h

+1 −1
Original line number Diff line number Diff line
@@ -145,7 +145,7 @@ extern void hash__mark_initmem_nx(void); 


extern void hpte_need_flush(struct mm_struct *mm, unsigned long addr,

			    pte_t *ptep, unsigned long pte, int huge);

extern unsigned long htab_convert_pte_flags(unsigned long pteflags);

unsigned long htab_convert_pte_flags(unsigned long pteflags, unsigned long flags);

/* Atomic PTE updates */

static inline unsigned long hash__pte_update(struct mm_struct *mm,

					 unsigned long addr,

arch/powerpc/include/asm/book3s/64/mmu-hash.h

+1 −0
Original line number Diff line number Diff line
@@ -452,6 +452,7 @@ static inline unsigned long hpt_hash(unsigned long vpn, 


#define HPTE_LOCAL_UPDATE	0x1

#define HPTE_NOHPTE_UPDATE	0x2

#define HPTE_USE_KERNEL_KEY	0x4



extern int __hash_page_4K(unsigned long ea, unsigned long access,

			  unsigned long vsid, pte_t *ptep, unsigned long trap,

arch/powerpc/include/asm/mmu_context.h

+1 −1
Original line number Diff line number Diff line
@@ -286,7 +286,7 @@ static inline bool arch_vma_access_permitted(struct vm_area_struct *vma, 
#define thread_pkey_regs_init(thread)

#define arch_dup_pkeys(oldmm, mm)



static inline u64 pte_to_hpte_pkey_bits(u64 pteflags)

static inline u64 pte_to_hpte_pkey_bits(u64 pteflags, unsigned long flags)

{

	return 0x0UL;

}

arch/powerpc/mm/book3s64/hash_4k.c

+1 −1
Original line number Diff line number Diff line
@@ -54,7 +54,7 @@ int __hash_page_4K(unsigned long ea, unsigned long access, unsigned long vsid, 
	 * PP bits. _PAGE_USER is already PP bit 0x2, so we only

	 * need to add in 0x1 if it's a read-only user page

	 */

	rflags = htab_convert_pte_flags(new_pte);

	rflags = htab_convert_pte_flags(new_pte, flags);

	rpte = __real_pte(__pte(old_pte), ptep, PTRS_PER_PTE);



	if (cpu_has_feature(CPU_FTR_NOEXECUTE) &&