1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef _ASM_POWERPC_KUP_H_ 3 #define _ASM_POWERPC_KUP_H_ 4 5 #define KUAP_READ 1 6 #define KUAP_WRITE 2 7 #define KUAP_READ_WRITE (KUAP_READ | KUAP_WRITE) 8 9 #ifndef __ASSEMBLY__ 10 #include <linux/types.h> 11 12 static __always_inline bool kuap_is_disabled(void); 13 #endif 14 15 #ifdef CONFIG_PPC_BOOK3S_64 16 #include <asm/book3s/64/kup.h> 17 #endif 18 19 #ifdef CONFIG_PPC_8xx 20 #include <asm/nohash/32/kup-8xx.h> 21 #endif 22 23 #ifdef CONFIG_BOOKE 24 #include <asm/nohash/kup-booke.h> 25 #endif 26 27 #ifdef CONFIG_PPC_BOOK3S_32 28 #include <asm/book3s/32/kup.h> 29 #endif 30 31 #ifdef __ASSEMBLY__ 32 #ifndef CONFIG_PPC_KUAP 33 .macro kuap_check_amr gpr1, gpr2 34 .endm 35 36 #endif 37 38 #else /* !__ASSEMBLY__ */ 39 40 extern bool disable_kuep; 41 extern bool disable_kuap; 42 43 #include <linux/pgtable.h> 44 45 void setup_kup(void); 46 void setup_kuep(bool disabled); 47 48 #ifdef CONFIG_PPC_KUAP 49 void setup_kuap(bool disabled); 50 kuap_is_disabled(void)51 static __always_inline bool kuap_is_disabled(void) 52 { 53 return !mmu_has_feature(MMU_FTR_KUAP); 54 } 55 #else setup_kuap(bool disabled)56 static inline void setup_kuap(bool disabled) { } 57 kuap_is_disabled(void)58 static __always_inline bool kuap_is_disabled(void) { return true; } 59 60 static __always_inline bool __bad_kuap_fault(struct pt_regs * regs,unsigned long address,bool is_write)61 __bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write) 62 { 63 return false; 64 } 65 kuap_user_restore(struct pt_regs * regs)66 static __always_inline void kuap_user_restore(struct pt_regs *regs) { } __kuap_kernel_restore(struct pt_regs * regs,unsigned long amr)67 static __always_inline void __kuap_kernel_restore(struct pt_regs *regs, unsigned long amr) { } 68 69 /* 70 * book3s/64/kup-radix.h defines these functions for the !KUAP case to flush 71 * the L1D cache after user accesses. Only include the empty stubs for other 72 * platforms. 73 */ 74 #ifndef CONFIG_PPC_BOOK3S_64 allow_user_access(void __user * to,const void __user * from,unsigned long size,unsigned long dir)75 static __always_inline void allow_user_access(void __user *to, const void __user *from, 76 unsigned long size, unsigned long dir) { } prevent_user_access(unsigned long dir)77 static __always_inline void prevent_user_access(unsigned long dir) { } prevent_user_access_return(void)78 static __always_inline unsigned long prevent_user_access_return(void) { return 0UL; } restore_user_access(unsigned long flags)79 static __always_inline void restore_user_access(unsigned long flags) { } 80 #endif /* CONFIG_PPC_BOOK3S_64 */ 81 #endif /* CONFIG_PPC_KUAP */ 82 83 static __always_inline bool bad_kuap_fault(struct pt_regs * regs,unsigned long address,bool is_write)84 bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write) 85 { 86 if (kuap_is_disabled()) 87 return false; 88 89 return __bad_kuap_fault(regs, address, is_write); 90 } 91 kuap_lock(void)92 static __always_inline void kuap_lock(void) 93 { 94 #ifdef __kuap_lock 95 if (kuap_is_disabled()) 96 return; 97 98 __kuap_lock(); 99 #endif 100 } 101 kuap_save_and_lock(struct pt_regs * regs)102 static __always_inline void kuap_save_and_lock(struct pt_regs *regs) 103 { 104 #ifdef __kuap_save_and_lock 105 if (kuap_is_disabled()) 106 return; 107 108 __kuap_save_and_lock(regs); 109 #endif 110 } 111 kuap_kernel_restore(struct pt_regs * regs,unsigned long amr)112 static __always_inline void kuap_kernel_restore(struct pt_regs *regs, unsigned long amr) 113 { 114 if (kuap_is_disabled()) 115 return; 116 117 __kuap_kernel_restore(regs, amr); 118 } 119 kuap_get_and_assert_locked(void)120 static __always_inline unsigned long kuap_get_and_assert_locked(void) 121 { 122 #ifdef __kuap_get_and_assert_locked 123 if (!kuap_is_disabled()) 124 return __kuap_get_and_assert_locked(); 125 #endif 126 return 0; 127 } 128 kuap_assert_locked(void)129 static __always_inline void kuap_assert_locked(void) 130 { 131 if (IS_ENABLED(CONFIG_PPC_KUAP_DEBUG)) 132 kuap_get_and_assert_locked(); 133 } 134 allow_read_from_user(const void __user * from,unsigned long size)135 static __always_inline void allow_read_from_user(const void __user *from, unsigned long size) 136 { 137 barrier_nospec(); 138 allow_user_access(NULL, from, size, KUAP_READ); 139 } 140 allow_write_to_user(void __user * to,unsigned long size)141 static __always_inline void allow_write_to_user(void __user *to, unsigned long size) 142 { 143 allow_user_access(to, NULL, size, KUAP_WRITE); 144 } 145 allow_read_write_user(void __user * to,const void __user * from,unsigned long size)146 static __always_inline void allow_read_write_user(void __user *to, const void __user *from, 147 unsigned long size) 148 { 149 barrier_nospec(); 150 allow_user_access(to, from, size, KUAP_READ_WRITE); 151 } 152 prevent_read_from_user(const void __user * from,unsigned long size)153 static __always_inline void prevent_read_from_user(const void __user *from, unsigned long size) 154 { 155 prevent_user_access(KUAP_READ); 156 } 157 prevent_write_to_user(void __user * to,unsigned long size)158 static __always_inline void prevent_write_to_user(void __user *to, unsigned long size) 159 { 160 prevent_user_access(KUAP_WRITE); 161 } 162 prevent_read_write_user(void __user * to,const void __user * from,unsigned long size)163 static __always_inline void prevent_read_write_user(void __user *to, const void __user *from, 164 unsigned long size) 165 { 166 prevent_user_access(KUAP_READ_WRITE); 167 } 168 prevent_current_access_user(void)169 static __always_inline void prevent_current_access_user(void) 170 { 171 prevent_user_access(KUAP_READ_WRITE); 172 } 173 prevent_current_read_from_user(void)174 static __always_inline void prevent_current_read_from_user(void) 175 { 176 prevent_user_access(KUAP_READ); 177 } 178 prevent_current_write_to_user(void)179 static __always_inline void prevent_current_write_to_user(void) 180 { 181 prevent_user_access(KUAP_WRITE); 182 } 183 184 #endif /* !__ASSEMBLY__ */ 185 186 #endif /* _ASM_POWERPC_KUAP_H_ */ 187