162306a36Sopenharmony_ci/* SPDX-License-Identifier: GPL-2.0+ */ 262306a36Sopenharmony_ci/* 362306a36Sopenharmony_ci * PowerPC Memory Protection Keys management 462306a36Sopenharmony_ci * 562306a36Sopenharmony_ci * Copyright 2017, Ram Pai, IBM Corporation. 662306a36Sopenharmony_ci */ 762306a36Sopenharmony_ci 862306a36Sopenharmony_ci#ifndef _ASM_POWERPC_KEYS_H 962306a36Sopenharmony_ci#define _ASM_POWERPC_KEYS_H 1062306a36Sopenharmony_ci 1162306a36Sopenharmony_ci#include <linux/jump_label.h> 1262306a36Sopenharmony_ci#include <asm/firmware.h> 1362306a36Sopenharmony_ci 1462306a36Sopenharmony_ciextern int num_pkey; 1562306a36Sopenharmony_ciextern u32 reserved_allocation_mask; /* bits set for reserved keys */ 1662306a36Sopenharmony_ci 1762306a36Sopenharmony_ci#define ARCH_VM_PKEY_FLAGS (VM_PKEY_BIT0 | VM_PKEY_BIT1 | VM_PKEY_BIT2 | \ 1862306a36Sopenharmony_ci VM_PKEY_BIT3 | VM_PKEY_BIT4) 1962306a36Sopenharmony_ci 2062306a36Sopenharmony_ci/* Override any generic PKEY permission defines */ 2162306a36Sopenharmony_ci#define PKEY_DISABLE_EXECUTE 0x4 2262306a36Sopenharmony_ci#define PKEY_ACCESS_MASK (PKEY_DISABLE_ACCESS | \ 2362306a36Sopenharmony_ci PKEY_DISABLE_WRITE | \ 2462306a36Sopenharmony_ci PKEY_DISABLE_EXECUTE) 2562306a36Sopenharmony_ci 2662306a36Sopenharmony_ci#ifdef CONFIG_PPC_BOOK3S_64 2762306a36Sopenharmony_ci#include <asm/book3s/64/pkeys.h> 2862306a36Sopenharmony_ci#else 2962306a36Sopenharmony_ci#error "Not supported" 3062306a36Sopenharmony_ci#endif 3162306a36Sopenharmony_ci 3262306a36Sopenharmony_ci 3362306a36Sopenharmony_cistatic inline u64 pkey_to_vmflag_bits(u16 pkey) 3462306a36Sopenharmony_ci{ 3562306a36Sopenharmony_ci return (((u64)pkey << VM_PKEY_SHIFT) & ARCH_VM_PKEY_FLAGS); 3662306a36Sopenharmony_ci} 3762306a36Sopenharmony_ci 3862306a36Sopenharmony_cistatic inline int vma_pkey(struct vm_area_struct *vma) 3962306a36Sopenharmony_ci{ 4062306a36Sopenharmony_ci if (!mmu_has_feature(MMU_FTR_PKEY)) 4162306a36Sopenharmony_ci return 0; 4262306a36Sopenharmony_ci return (vma->vm_flags & ARCH_VM_PKEY_FLAGS) >> VM_PKEY_SHIFT; 4362306a36Sopenharmony_ci} 4462306a36Sopenharmony_ci 4562306a36Sopenharmony_cistatic inline int arch_max_pkey(void) 4662306a36Sopenharmony_ci{ 4762306a36Sopenharmony_ci return num_pkey; 4862306a36Sopenharmony_ci} 4962306a36Sopenharmony_ci 5062306a36Sopenharmony_ci#define pkey_alloc_mask(pkey) (0x1 << pkey) 5162306a36Sopenharmony_ci 5262306a36Sopenharmony_ci#define mm_pkey_allocation_map(mm) (mm->context.pkey_allocation_map) 5362306a36Sopenharmony_ci 5462306a36Sopenharmony_ci#define __mm_pkey_allocated(mm, pkey) { \ 5562306a36Sopenharmony_ci mm_pkey_allocation_map(mm) |= pkey_alloc_mask(pkey); \ 5662306a36Sopenharmony_ci} 5762306a36Sopenharmony_ci 5862306a36Sopenharmony_ci#define __mm_pkey_free(mm, pkey) { \ 5962306a36Sopenharmony_ci mm_pkey_allocation_map(mm) &= ~pkey_alloc_mask(pkey); \ 6062306a36Sopenharmony_ci} 6162306a36Sopenharmony_ci 6262306a36Sopenharmony_ci#define __mm_pkey_is_allocated(mm, pkey) \ 6362306a36Sopenharmony_ci (mm_pkey_allocation_map(mm) & pkey_alloc_mask(pkey)) 6462306a36Sopenharmony_ci 6562306a36Sopenharmony_ci#define __mm_pkey_is_reserved(pkey) (reserved_allocation_mask & \ 6662306a36Sopenharmony_ci pkey_alloc_mask(pkey)) 6762306a36Sopenharmony_ci 6862306a36Sopenharmony_cistatic inline bool mm_pkey_is_allocated(struct mm_struct *mm, int pkey) 6962306a36Sopenharmony_ci{ 7062306a36Sopenharmony_ci if (pkey < 0 || pkey >= arch_max_pkey()) 7162306a36Sopenharmony_ci return false; 7262306a36Sopenharmony_ci 7362306a36Sopenharmony_ci /* Reserved keys are never allocated. */ 7462306a36Sopenharmony_ci if (__mm_pkey_is_reserved(pkey)) 7562306a36Sopenharmony_ci return false; 7662306a36Sopenharmony_ci 7762306a36Sopenharmony_ci return __mm_pkey_is_allocated(mm, pkey); 7862306a36Sopenharmony_ci} 7962306a36Sopenharmony_ci 8062306a36Sopenharmony_ci/* 8162306a36Sopenharmony_ci * Returns a positive, 5-bit key on success, or -1 on failure. 8262306a36Sopenharmony_ci * Relies on the mmap_lock to protect against concurrency in mm_pkey_alloc() and 8362306a36Sopenharmony_ci * mm_pkey_free(). 8462306a36Sopenharmony_ci */ 8562306a36Sopenharmony_cistatic inline int mm_pkey_alloc(struct mm_struct *mm) 8662306a36Sopenharmony_ci{ 8762306a36Sopenharmony_ci /* 8862306a36Sopenharmony_ci * Note: this is the one and only place we make sure that the pkey is 8962306a36Sopenharmony_ci * valid as far as the hardware is concerned. The rest of the kernel 9062306a36Sopenharmony_ci * trusts that only good, valid pkeys come out of here. 9162306a36Sopenharmony_ci */ 9262306a36Sopenharmony_ci u32 all_pkeys_mask = (u32)(~(0x0)); 9362306a36Sopenharmony_ci int ret; 9462306a36Sopenharmony_ci 9562306a36Sopenharmony_ci if (!mmu_has_feature(MMU_FTR_PKEY)) 9662306a36Sopenharmony_ci return -1; 9762306a36Sopenharmony_ci /* 9862306a36Sopenharmony_ci * Are we out of pkeys? We must handle this specially because ffz() 9962306a36Sopenharmony_ci * behavior is undefined if there are no zeros. 10062306a36Sopenharmony_ci */ 10162306a36Sopenharmony_ci if (mm_pkey_allocation_map(mm) == all_pkeys_mask) 10262306a36Sopenharmony_ci return -1; 10362306a36Sopenharmony_ci 10462306a36Sopenharmony_ci ret = ffz((u32)mm_pkey_allocation_map(mm)); 10562306a36Sopenharmony_ci __mm_pkey_allocated(mm, ret); 10662306a36Sopenharmony_ci 10762306a36Sopenharmony_ci return ret; 10862306a36Sopenharmony_ci} 10962306a36Sopenharmony_ci 11062306a36Sopenharmony_cistatic inline int mm_pkey_free(struct mm_struct *mm, int pkey) 11162306a36Sopenharmony_ci{ 11262306a36Sopenharmony_ci if (!mmu_has_feature(MMU_FTR_PKEY)) 11362306a36Sopenharmony_ci return -1; 11462306a36Sopenharmony_ci 11562306a36Sopenharmony_ci if (!mm_pkey_is_allocated(mm, pkey)) 11662306a36Sopenharmony_ci return -EINVAL; 11762306a36Sopenharmony_ci 11862306a36Sopenharmony_ci __mm_pkey_free(mm, pkey); 11962306a36Sopenharmony_ci 12062306a36Sopenharmony_ci return 0; 12162306a36Sopenharmony_ci} 12262306a36Sopenharmony_ci 12362306a36Sopenharmony_ci/* 12462306a36Sopenharmony_ci * Try to dedicate one of the protection keys to be used as an 12562306a36Sopenharmony_ci * execute-only protection key. 12662306a36Sopenharmony_ci */ 12762306a36Sopenharmony_ciextern int execute_only_pkey(struct mm_struct *mm); 12862306a36Sopenharmony_ciextern int __arch_override_mprotect_pkey(struct vm_area_struct *vma, 12962306a36Sopenharmony_ci int prot, int pkey); 13062306a36Sopenharmony_cistatic inline int arch_override_mprotect_pkey(struct vm_area_struct *vma, 13162306a36Sopenharmony_ci int prot, int pkey) 13262306a36Sopenharmony_ci{ 13362306a36Sopenharmony_ci if (!mmu_has_feature(MMU_FTR_PKEY)) 13462306a36Sopenharmony_ci return 0; 13562306a36Sopenharmony_ci 13662306a36Sopenharmony_ci /* 13762306a36Sopenharmony_ci * Is this an mprotect_pkey() call? If so, never override the value that 13862306a36Sopenharmony_ci * came from the user. 13962306a36Sopenharmony_ci */ 14062306a36Sopenharmony_ci if (pkey != -1) 14162306a36Sopenharmony_ci return pkey; 14262306a36Sopenharmony_ci 14362306a36Sopenharmony_ci return __arch_override_mprotect_pkey(vma, prot, pkey); 14462306a36Sopenharmony_ci} 14562306a36Sopenharmony_ci 14662306a36Sopenharmony_ciextern int __arch_set_user_pkey_access(struct task_struct *tsk, int pkey, 14762306a36Sopenharmony_ci unsigned long init_val); 14862306a36Sopenharmony_cistatic inline int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, 14962306a36Sopenharmony_ci unsigned long init_val) 15062306a36Sopenharmony_ci{ 15162306a36Sopenharmony_ci if (!mmu_has_feature(MMU_FTR_PKEY)) 15262306a36Sopenharmony_ci return -EINVAL; 15362306a36Sopenharmony_ci 15462306a36Sopenharmony_ci /* 15562306a36Sopenharmony_ci * userspace should not change pkey-0 permissions. 15662306a36Sopenharmony_ci * pkey-0 is associated with every page in the kernel. 15762306a36Sopenharmony_ci * If userspace denies any permission on pkey-0, the 15862306a36Sopenharmony_ci * kernel cannot operate. 15962306a36Sopenharmony_ci */ 16062306a36Sopenharmony_ci if (pkey == 0) 16162306a36Sopenharmony_ci return init_val ? -EINVAL : 0; 16262306a36Sopenharmony_ci 16362306a36Sopenharmony_ci return __arch_set_user_pkey_access(tsk, pkey, init_val); 16462306a36Sopenharmony_ci} 16562306a36Sopenharmony_ci 16662306a36Sopenharmony_cistatic inline bool arch_pkeys_enabled(void) 16762306a36Sopenharmony_ci{ 16862306a36Sopenharmony_ci return mmu_has_feature(MMU_FTR_PKEY); 16962306a36Sopenharmony_ci} 17062306a36Sopenharmony_ci 17162306a36Sopenharmony_ciextern void pkey_mm_init(struct mm_struct *mm); 17262306a36Sopenharmony_ci#endif /*_ASM_POWERPC_KEYS_H */ 173