173 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			173 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /* SPDX-License-Identifier: GPL-2.0+ */
 | |
| /*
 | |
|  * PowerPC Memory Protection Keys management
 | |
|  *
 | |
|  * Copyright 2017, Ram Pai, IBM Corporation.
 | |
|  */
 | |
| 
 | |
| #ifndef _ASM_POWERPC_KEYS_H
 | |
| #define _ASM_POWERPC_KEYS_H
 | |
| 
 | |
| #include <linux/jump_label.h>
 | |
| #include <asm/firmware.h>
 | |
| 
 | |
| extern int num_pkey;
 | |
| extern u32 reserved_allocation_mask; /* bits set for reserved keys */
 | |
| 
 | |
| #define ARCH_VM_PKEY_FLAGS (VM_PKEY_BIT0 | VM_PKEY_BIT1 | VM_PKEY_BIT2 | \
 | |
| 			    VM_PKEY_BIT3 | VM_PKEY_BIT4)
 | |
| 
 | |
| /* Override any generic PKEY permission defines */
 | |
| #define PKEY_DISABLE_EXECUTE   0x4
 | |
| #define PKEY_ACCESS_MASK       (PKEY_DISABLE_ACCESS | \
 | |
| 				PKEY_DISABLE_WRITE  | \
 | |
| 				PKEY_DISABLE_EXECUTE)
 | |
| 
 | |
| #ifdef CONFIG_PPC_BOOK3S_64
 | |
| #include <asm/book3s/64/pkeys.h>
 | |
| #else
 | |
| #error "Not supported"
 | |
| #endif
 | |
| 
 | |
| 
 | |
| static inline u64 pkey_to_vmflag_bits(u16 pkey)
 | |
| {
 | |
| 	return (((u64)pkey << VM_PKEY_SHIFT) & ARCH_VM_PKEY_FLAGS);
 | |
| }
 | |
| 
 | |
| static inline int vma_pkey(struct vm_area_struct *vma)
 | |
| {
 | |
| 	if (!mmu_has_feature(MMU_FTR_PKEY))
 | |
| 		return 0;
 | |
| 	return (vma->vm_flags & ARCH_VM_PKEY_FLAGS) >> VM_PKEY_SHIFT;
 | |
| }
 | |
| 
 | |
| static inline int arch_max_pkey(void)
 | |
| {
 | |
| 	return num_pkey;
 | |
| }
 | |
| 
 | |
| #define pkey_alloc_mask(pkey) (0x1 << pkey)
 | |
| 
 | |
| #define mm_pkey_allocation_map(mm) (mm->context.pkey_allocation_map)
 | |
| 
 | |
| #define __mm_pkey_allocated(mm, pkey) {	\
 | |
| 	mm_pkey_allocation_map(mm) |= pkey_alloc_mask(pkey); \
 | |
| }
 | |
| 
 | |
| #define __mm_pkey_free(mm, pkey) {	\
 | |
| 	mm_pkey_allocation_map(mm) &= ~pkey_alloc_mask(pkey);	\
 | |
| }
 | |
| 
 | |
| #define __mm_pkey_is_allocated(mm, pkey)	\
 | |
| 	(mm_pkey_allocation_map(mm) & pkey_alloc_mask(pkey))
 | |
| 
 | |
| #define __mm_pkey_is_reserved(pkey) (reserved_allocation_mask & \
 | |
| 				       pkey_alloc_mask(pkey))
 | |
| 
 | |
| static inline bool mm_pkey_is_allocated(struct mm_struct *mm, int pkey)
 | |
| {
 | |
| 	if (pkey < 0 || pkey >= arch_max_pkey())
 | |
| 		return false;
 | |
| 
 | |
| 	/* Reserved keys are never allocated. */
 | |
| 	if (__mm_pkey_is_reserved(pkey))
 | |
| 		return false;
 | |
| 
 | |
| 	return __mm_pkey_is_allocated(mm, pkey);
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Returns a positive, 5-bit key on success, or -1 on failure.
 | |
|  * Relies on the mmap_lock to protect against concurrency in mm_pkey_alloc() and
 | |
|  * mm_pkey_free().
 | |
|  */
 | |
| static inline int mm_pkey_alloc(struct mm_struct *mm)
 | |
| {
 | |
| 	/*
 | |
| 	 * Note: this is the one and only place we make sure that the pkey is
 | |
| 	 * valid as far as the hardware is concerned. The rest of the kernel
 | |
| 	 * trusts that only good, valid pkeys come out of here.
 | |
| 	 */
 | |
| 	u32 all_pkeys_mask = (u32)(~(0x0));
 | |
| 	int ret;
 | |
| 
 | |
| 	if (!mmu_has_feature(MMU_FTR_PKEY))
 | |
| 		return -1;
 | |
| 	/*
 | |
| 	 * Are we out of pkeys? We must handle this specially because ffz()
 | |
| 	 * behavior is undefined if there are no zeros.
 | |
| 	 */
 | |
| 	if (mm_pkey_allocation_map(mm) == all_pkeys_mask)
 | |
| 		return -1;
 | |
| 
 | |
| 	ret = ffz((u32)mm_pkey_allocation_map(mm));
 | |
| 	__mm_pkey_allocated(mm, ret);
 | |
| 
 | |
| 	return ret;
 | |
| }
 | |
| 
 | |
| static inline int mm_pkey_free(struct mm_struct *mm, int pkey)
 | |
| {
 | |
| 	if (!mmu_has_feature(MMU_FTR_PKEY))
 | |
| 		return -1;
 | |
| 
 | |
| 	if (!mm_pkey_is_allocated(mm, pkey))
 | |
| 		return -EINVAL;
 | |
| 
 | |
| 	__mm_pkey_free(mm, pkey);
 | |
| 
 | |
| 	return 0;
 | |
| }
 | |
| 
 | |
| /*
 | |
|  * Try to dedicate one of the protection keys to be used as an
 | |
|  * execute-only protection key.
 | |
|  */
 | |
| extern int execute_only_pkey(struct mm_struct *mm);
 | |
| extern int __arch_override_mprotect_pkey(struct vm_area_struct *vma,
 | |
| 					 int prot, int pkey);
 | |
| static inline int arch_override_mprotect_pkey(struct vm_area_struct *vma,
 | |
| 					      int prot, int pkey)
 | |
| {
 | |
| 	if (!mmu_has_feature(MMU_FTR_PKEY))
 | |
| 		return 0;
 | |
| 
 | |
| 	/*
 | |
| 	 * Is this an mprotect_pkey() call? If so, never override the value that
 | |
| 	 * came from the user.
 | |
| 	 */
 | |
| 	if (pkey != -1)
 | |
| 		return pkey;
 | |
| 
 | |
| 	return __arch_override_mprotect_pkey(vma, prot, pkey);
 | |
| }
 | |
| 
 | |
| extern int __arch_set_user_pkey_access(struct task_struct *tsk, int pkey,
 | |
| 				       unsigned long init_val);
 | |
| static inline int arch_set_user_pkey_access(struct task_struct *tsk, int pkey,
 | |
| 					    unsigned long init_val)
 | |
| {
 | |
| 	if (!mmu_has_feature(MMU_FTR_PKEY))
 | |
| 		return -EINVAL;
 | |
| 
 | |
| 	/*
 | |
| 	 * userspace should not change pkey-0 permissions.
 | |
| 	 * pkey-0 is associated with every page in the kernel.
 | |
| 	 * If userspace denies any permission on pkey-0, the
 | |
| 	 * kernel cannot operate.
 | |
| 	 */
 | |
| 	if (pkey == 0)
 | |
| 		return init_val ? -EINVAL : 0;
 | |
| 
 | |
| 	return __arch_set_user_pkey_access(tsk, pkey, init_val);
 | |
| }
 | |
| 
 | |
| static inline bool arch_pkeys_enabled(void)
 | |
| {
 | |
| 	return mmu_has_feature(MMU_FTR_PKEY);
 | |
| }
 | |
| 
 | |
| extern void pkey_mm_init(struct mm_struct *mm);
 | |
| #endif /*_ASM_POWERPC_KEYS_H */
 |