• Christophe Leroy's avatar
    powerpc/32s: Implement Kernel Userspace Access Protection · a68c31fc
    Christophe Leroy authored
    This patch implements Kernel Userspace Access Protection for
    book3s/32.
    
    Due to limitations of the processor page protection capabilities,
    the protection is only against writing. read protection cannot be
    achieved using page protection.
    
    The previous patch modifies the page protection so that RW user
    pages are RW for Key 0 and RO for Key 1, and it sets Key 0 for
    both user and kernel.
    
    This patch changes userspace segment registers are set to Ku 0
    and Ks 1. When kernel needs to write to RW pages, the associated
    segment register is then changed to Ks 0 in order to allow write
    access to the kernel.
    
    In order to avoid having the read all segment registers when
    locking/unlocking the access, some data is kept in the thread_struct
    and saved on stack on exceptions. The field identifies both the
    first unlocked segment and the first segment following the last
    unlocked one. When no segment is unlocked, it contains value 0.
    
    As the hash_page() function is not able to easily determine if a
    protfault is due to a bad kernel access to userspace, protfaults
    need to be handled by handle_page_fault when KUAP is set.
    Signed-off-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
    [mpe: Drop allow_read/write_to/from_user() as they're now in kup.h,
          and adapt allow_user_access() to do nothing when to == NULL]
    Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
    a68c31fc
head_32.S 35.3 KB