mirror of https://github.com/Qortal/Brooklyn
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
222 lines
4.3 KiB
222 lines
4.3 KiB
/* SPDX-License-Identifier: GPL-2.0 */ |
|
#ifndef _ASM_POWERPC_BOOK3S_32_KUP_H |
|
#define _ASM_POWERPC_BOOK3S_32_KUP_H |
|
|
|
#include <asm/bug.h> |
|
#include <asm/book3s/32/mmu-hash.h> |
|
|
|
#ifndef __ASSEMBLY__ |
|
|
|
#include <linux/jump_label.h> |
|
|
|
extern struct static_key_false disable_kuap_key; |
|
extern struct static_key_false disable_kuep_key; |
|
|
|
static __always_inline bool kuap_is_disabled(void) |
|
{ |
|
return !IS_ENABLED(CONFIG_PPC_KUAP) || static_branch_unlikely(&disable_kuap_key); |
|
} |
|
|
|
static __always_inline bool kuep_is_disabled(void) |
|
{ |
|
return !IS_ENABLED(CONFIG_PPC_KUEP) || static_branch_unlikely(&disable_kuep_key); |
|
} |
|
|
|
static inline void kuep_lock(void) |
|
{ |
|
if (kuep_is_disabled()) |
|
return; |
|
|
|
update_user_segments(mfsr(0) | SR_NX); |
|
} |
|
|
|
static inline void kuep_unlock(void) |
|
{ |
|
if (kuep_is_disabled()) |
|
return; |
|
|
|
update_user_segments(mfsr(0) & ~SR_NX); |
|
} |
|
|
|
#ifdef CONFIG_PPC_KUAP |
|
|
|
#include <linux/sched.h> |
|
|
|
#define KUAP_NONE (~0UL) |
|
#define KUAP_ALL (~1UL) |
|
|
|
static inline void kuap_lock_one(unsigned long addr) |
|
{ |
|
mtsr(mfsr(addr) | SR_KS, addr); |
|
isync(); /* Context sync required after mtsr() */ |
|
} |
|
|
|
static inline void kuap_unlock_one(unsigned long addr) |
|
{ |
|
mtsr(mfsr(addr) & ~SR_KS, addr); |
|
isync(); /* Context sync required after mtsr() */ |
|
} |
|
|
|
static inline void kuap_lock_all(void) |
|
{ |
|
update_user_segments(mfsr(0) | SR_KS); |
|
isync(); /* Context sync required after mtsr() */ |
|
} |
|
|
|
static inline void kuap_unlock_all(void) |
|
{ |
|
update_user_segments(mfsr(0) & ~SR_KS); |
|
isync(); /* Context sync required after mtsr() */ |
|
} |
|
|
|
void kuap_lock_all_ool(void); |
|
void kuap_unlock_all_ool(void); |
|
|
|
static inline void kuap_lock(unsigned long addr, bool ool) |
|
{ |
|
if (likely(addr != KUAP_ALL)) |
|
kuap_lock_one(addr); |
|
else if (!ool) |
|
kuap_lock_all(); |
|
else |
|
kuap_lock_all_ool(); |
|
} |
|
|
|
static inline void kuap_unlock(unsigned long addr, bool ool) |
|
{ |
|
if (likely(addr != KUAP_ALL)) |
|
kuap_unlock_one(addr); |
|
else if (!ool) |
|
kuap_unlock_all(); |
|
else |
|
kuap_unlock_all_ool(); |
|
} |
|
|
|
static inline void kuap_save_and_lock(struct pt_regs *regs) |
|
{ |
|
unsigned long kuap = current->thread.kuap; |
|
|
|
if (kuap_is_disabled()) |
|
return; |
|
|
|
regs->kuap = kuap; |
|
if (unlikely(kuap == KUAP_NONE)) |
|
return; |
|
|
|
current->thread.kuap = KUAP_NONE; |
|
kuap_lock(kuap, false); |
|
} |
|
|
|
static inline void kuap_user_restore(struct pt_regs *regs) |
|
{ |
|
} |
|
|
|
static inline void kuap_kernel_restore(struct pt_regs *regs, unsigned long kuap) |
|
{ |
|
if (kuap_is_disabled()) |
|
return; |
|
|
|
current->thread.kuap = regs->kuap; |
|
|
|
kuap_unlock(regs->kuap, false); |
|
} |
|
|
|
static inline unsigned long kuap_get_and_assert_locked(void) |
|
{ |
|
unsigned long kuap = current->thread.kuap; |
|
|
|
if (kuap_is_disabled()) |
|
return KUAP_NONE; |
|
|
|
WARN_ON_ONCE(IS_ENABLED(CONFIG_PPC_KUAP_DEBUG) && kuap != KUAP_NONE); |
|
|
|
return kuap; |
|
} |
|
|
|
static inline void kuap_assert_locked(void) |
|
{ |
|
kuap_get_and_assert_locked(); |
|
} |
|
|
|
static __always_inline void allow_user_access(void __user *to, const void __user *from, |
|
u32 size, unsigned long dir) |
|
{ |
|
if (kuap_is_disabled()) |
|
return; |
|
|
|
BUILD_BUG_ON(!__builtin_constant_p(dir)); |
|
|
|
if (!(dir & KUAP_WRITE)) |
|
return; |
|
|
|
current->thread.kuap = (__force u32)to; |
|
kuap_unlock_one((__force u32)to); |
|
} |
|
|
|
static __always_inline void prevent_user_access(unsigned long dir) |
|
{ |
|
u32 kuap = current->thread.kuap; |
|
|
|
if (kuap_is_disabled()) |
|
return; |
|
|
|
BUILD_BUG_ON(!__builtin_constant_p(dir)); |
|
|
|
if (!(dir & KUAP_WRITE)) |
|
return; |
|
|
|
current->thread.kuap = KUAP_NONE; |
|
kuap_lock(kuap, true); |
|
} |
|
|
|
static inline unsigned long prevent_user_access_return(void) |
|
{ |
|
unsigned long flags = current->thread.kuap; |
|
|
|
if (kuap_is_disabled()) |
|
return KUAP_NONE; |
|
|
|
if (flags != KUAP_NONE) { |
|
current->thread.kuap = KUAP_NONE; |
|
kuap_lock(flags, true); |
|
} |
|
|
|
return flags; |
|
} |
|
|
|
static inline void restore_user_access(unsigned long flags) |
|
{ |
|
if (kuap_is_disabled()) |
|
return; |
|
|
|
if (flags != KUAP_NONE) { |
|
current->thread.kuap = flags; |
|
kuap_unlock(flags, true); |
|
} |
|
} |
|
|
|
static inline bool |
|
bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write) |
|
{ |
|
unsigned long kuap = regs->kuap; |
|
|
|
if (kuap_is_disabled()) |
|
return false; |
|
|
|
if (!is_write || kuap == KUAP_ALL) |
|
return false; |
|
if (kuap == KUAP_NONE) |
|
return true; |
|
|
|
/* If faulting address doesn't match unlocked segment, unlock all */ |
|
if ((kuap ^ address) & 0xf0000000) |
|
regs->kuap = KUAP_ALL; |
|
|
|
return false; |
|
} |
|
|
|
#endif /* CONFIG_PPC_KUAP */ |
|
|
|
#endif /* __ASSEMBLY__ */ |
|
|
|
#endif /* _ASM_POWERPC_BOOK3S_32_KUP_H */
|
|
|