Re: (subset) [PATCH v2 00/37] Implement execute-only protection on powerpc
On Mon, 25 Sep 2023 20:31:14 +0200, Christophe Leroy wrote: > This series reworks _PAGE_FLAGS on all platforms in order > to implement execute-only protection on all powerpc. > > For all targets except 40x and 604 it will be a real execute-only > protection as the hardware and/or software allows a distinct protection. > > For 40x and 604 that's a poor's man execute-only protection in the > way that once the page is in the TLB it can be executed. But it's > better than nothing and allows to have a similar implementation for > all sorts of powerpc. > > [...] Applied to powerpc/next. [03/37] powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro https://git.kernel.org/powerpc/c/cc8ee288f484a2a59c01ccd4d8a417d6ed3466e3 [04/37] powerpc: Remove pte_ERROR() https://git.kernel.org/powerpc/c/3b8547ec4d35778c9f4cc261d85c0cae6c1a8ecb [05/37] powerpc: Deduplicate prototypes of ptep_set_access_flags() and phys_mem_access_prot() https://git.kernel.org/powerpc/c/93f81f6eea10f497e892c52998a2194b4e16c91d [06/37] powerpc: Refactor update_mmu_cache_range() https://git.kernel.org/powerpc/c/da9554e0fe3c7b46912a361a803b50f2655ff30f [07/37] powerpc: Untangle fixmap.h and pgtable.h and mmu.h https://git.kernel.org/powerpc/c/d3e01796728add53ab778298573772d44d52d19c [08/37] powerpc/nohash: Remove {pte/pmd}_protnone() https://git.kernel.org/powerpc/c/81fbb9997057b6e6e5795a08d9a8e10e9f48236f [09/37] powerpc/nohash: Refactor declaration of {map/unmap}_kernel_page() https://git.kernel.org/powerpc/c/7835006979e5415aa4c9bc0e3e7063b5c5943ed4 [10/37] powerpc/nohash: Move 8xx version of pte_update() into pte-8xx.h https://git.kernel.org/powerpc/c/4c1a89d983be951a3e39d7f9c1d6987f3054e32d [11/37] powerpc/nohash: Replace #ifdef CONFIG_44x by IS_ENABLED(CONFIG_44x) in pgtable.h https://git.kernel.org/powerpc/c/0f4027eab59261f2fb72586f18efb44be3594dd4 [12/37] powerpc/nohash: Refactor pte_update() https://git.kernel.org/powerpc/c/42a2722319f0d3d5612ca8efd3ce7d7eae512291 [13/37] powerpc/nohash: Refactor checking of no-change in pte_update() https://git.kernel.org/powerpc/c/7c929ad0b3167e980a3963e03403a761138a4350 [14/37] powerpc/nohash: Deduplicate _PAGE_CHG_MASK https://git.kernel.org/powerpc/c/27672be7751f25566e69bc228c8b8440a0772f8b [15/37] powerpc/nohash: Deduplicate pte helpers https://git.kernel.org/powerpc/c/3a4288164d631b88a57119777b15099eb23c6fbf [16/37] powerpc/nohash: Refactor ptep_test_and_clear_young() https://git.kernel.org/powerpc/c/8c3d9eb323bbf2b37cdc5c01ebf9604175b5970f [17/37] powerpc/nohash: Deduplicate ptep_set_wrprotect() and ptep_get_and_clear() https://git.kernel.org/powerpc/c/cc68d77febe055b6499dda5fa13bda976a12a85c [18/37] powerpc/nohash: Refactor pte_clear() https://git.kernel.org/powerpc/c/2ef9f4bb9c47ed30ff3c7961744cae545c034154 [19/37] powerpc/nohash: Refactor __ptep_set_access_flags() https://git.kernel.org/powerpc/c/799d8836a7c4f4327833e4a5ca952a1700acdb14 [20/37] powerpc/e500: Simplify pte_mkexec() https://git.kernel.org/powerpc/c/4c8dd6c9872d4e89fd2b3a6fc92fd6cc9cdce347 [21/37] powerpc: Implement and use pgprot_nx() https://git.kernel.org/powerpc/c/d3c0dfcfc95796701e82719722fd997ec5256013 [22/37] powerpc: Fail ioremap() instead of silently ignoring flags when PAGE_USER is set https://git.kernel.org/powerpc/c/c7263f156395d1f2a2142375a75b7b040686a07a [23/37] powerpc: Remove pte_mkuser() and pte_mkpriviledged() https://git.kernel.org/powerpc/c/69339071bb27f0b1371cd23d6dada3f976261c20 [24/37] powerpc: Rely on address instead of pte_user() https://git.kernel.org/powerpc/c/a78587473642aec302697cdaceb719a7f8791369 [25/37] powerpc: Refactor permission masks used for __P/__S table and kernel memory flags https://git.kernel.org/powerpc/c/a5a08dc90f4513d1a78582ec24b687fad01cc843 [26/37] powerpc/8xx: Use generic permission masks https://git.kernel.org/powerpc/c/f9f09b93e80148fc5824afb338c318272abde529 [27/37] powerpc/64s: Use generic permission masks https://git.kernel.org/powerpc/c/58f534623c4d8800c2e5d63da9783530848e570c [28/37] powerpc/nohash: Add _PAGE_WRITE to supplement _PAGE_RW https://git.kernel.org/powerpc/c/d20506d4728c3b7408e84d9aececbcb78c3061ee [29/37] powerpc/nohash: Replace pte_user() by pte_read() https://git.kernel.org/powerpc/c/8e9bd41e4ce1001f5b89e4c9a69f870f39d56c12 [30/37] powerpc/e500: Introduce _PAGE_READ and remove _PAGE_USER https://git.kernel.org/powerpc/c/48cf93bb168d506a8278a6fb25c2f88c1c93ce6e [31/37] powerpc/44x: Introduce _PAGE_READ and remove _PAGE_USER https://git.kernel.org/powerpc/c/93820bfeefc4a125a6cedd1ee1a956eeb3eb2580 [32/37] powerpc/40x: Introduce _PAGE_READ and remove _PAGE_USER https://git.kernel.org/powerpc/c/ed815bd3fe9b14a742e2ae094f7f55f70918dbbc [33/37] powerpc/32s: Add _PAGE_WRITE to supplement _PAGE_RW
Re: (subset) [PATCH v2 00/37] Implement execute-only protection on powerpc
On Mon, 25 Sep 2023 20:31:14 +0200, Christophe Leroy wrote: > This series reworks _PAGE_FLAGS on all platforms in order > to implement execute-only protection on all powerpc. > > For all targets except 40x and 604 it will be a real execute-only > protection as the hardware and/or software allows a distinct protection. > > For 40x and 604 that's a poor's man execute-only protection in the > way that once the page is in the TLB it can be executed. But it's > better than nothing and allows to have a similar implementation for > all sorts of powerpc. > > [...] Patches 1 and 2 applied to powerpc/fixes. [01/37] powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE https://git.kernel.org/powerpc/c/5d9cea8a552ee122e21fbd5a3c5d4eb85f648e06 [02/37] powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() https://git.kernel.org/powerpc/c/5ea0bbaa32e8f54e9a57cfee4a3b8769b80be0d2 cheers
[PATCH v2 00/37] Implement execute-only protection on powerpc
This series reworks _PAGE_FLAGS on all platforms in order to implement execute-only protection on all powerpc. For all targets except 40x and 604 it will be a real execute-only protection as the hardware and/or software allows a distinct protection. For 40x and 604 that's a poor's man execute-only protection in the way that once the page is in the TLB it can be executed. But it's better than nothing and allows to have a similar implementation for all sorts of powerpc. Patches 1 and 2 are fixes that should also be back-ported to stable version. Patches 3 to 7 are generic trivial cleanups. Patches 8 to 19 are a cleanup of pgtable.h for nohash. Main purpose is to refactor a lot of common code between nohash/32 and nohash/64. Patches 20 to 37 do the real work on PAGE flags in order to switch all platforms to _PAGE_READ and _PAGE_WRITE like book3s/64 today. Once that is done it is easy to implement execute-only protection. Patch 1 to 19 were already sent-out as v1 of series named "cleanup/refactor pgtable.h". Problems reported by robots are fixed here. Christophe Leroy (37): powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro powerpc: Remove pte_ERROR() powerpc: Deduplicate prototypes of ptep_set_access_flags() and phys_mem_access_prot() powerpc: Refactor update_mmu_cache_range() powerpc: Untangle fixmap.h and pgtable.h and mmu.h powerpc/nohash: Remove {pte/pmd}_protnone() powerpc/nohash: Refactor declaration of {map/unmap}_kernel_page() powerpc/nohash: Move 8xx version of pte_update() into pte-8xx.h powerpc/nohash: Replace #ifdef CONFIG_44x by IS_ENABLED(CONFIG_44x) in pgtable.h powerpc/nohash: Refactor pte_update() powerpc/nohash: Refactor checking of no-change in pte_update() powerpc/nohash: Deduplicate _PAGE_CHG_MASK powerpc/nohash: Deduplicate pte helpers powerpc/nohash: Refactor ptep_test_and_clear_young() powerpc/nohash: Deduplicate ptep_set_wrprotect() and ptep_get_and_clear() powerpc/nohash: Refactor pte_clear() powerpc/nohash: Refactor __ptep_set_access_flags() powerpc/e500: Simplify pte_mkexec() powerpc: Implement and use pgprot_nx() powerpc: Fail ioremap() instead of silently ignoring flags when PAGE_USER is set powerpc: Remove pte_mkuser() and pte_mkpriviledged() powerpc: Rely on address instead of pte_user() powerpc: Refactor permission masks used for __P/__S table and kernel memory flags powerpc/8xx: Use generic permission masks powerpc/64s: Use generic permission masks powerpc/nohash: Add _PAGE_WRITE to supplement _PAGE_RW powerpc/nohash: Replace pte_user() by pte_read() powerpc/e500: Introduce _PAGE_READ and remove _PAGE_USER powerpc/44x: Introduce _PAGE_READ and remove _PAGE_USER powerpc/40x: Introduce _PAGE_READ and remove _PAGE_USER powerpc/32s: Add _PAGE_WRITE to supplement _PAGE_RW powerpc/32s: Introduce _PAGE_READ and remove _PAGE_USER powerpc/ptdump: Display _PAGE_READ and _PAGE_WRITE powerpc: Finally remove _PAGE_USER powerpc: Support execute-only on all powerpc arch/powerpc/include/asm/book3s/32/pgtable.h | 83 +++ arch/powerpc/include/asm/book3s/64/pgtable.h | 35 +-- arch/powerpc/include/asm/book3s/pgtable.h | 33 --- arch/powerpc/include/asm/fixmap.h | 16 +- arch/powerpc/include/asm/nohash/32/mmu-8xx.h | 1 - arch/powerpc/include/asm/nohash/32/pgtable.h | 201 +--- arch/powerpc/include/asm/nohash/32/pte-40x.h | 21 +- arch/powerpc/include/asm/nohash/32/pte-44x.h | 20 +- arch/powerpc/include/asm/nohash/32/pte-85xx.h | 20 +- arch/powerpc/include/asm/nohash/32/pte-8xx.h | 99 +--- arch/powerpc/include/asm/nohash/64/pgtable.h | 120 +- arch/powerpc/include/asm/nohash/pgtable.h | 216 -- arch/powerpc/include/asm/nohash/pte-e500.h| 41 +--- arch/powerpc/include/asm/pgtable-masks.h | 32 +++ arch/powerpc/include/asm/pgtable.h| 35 +++ arch/powerpc/kernel/head_40x.S| 19 +- arch/powerpc/kernel/head_44x.S| 40 ++-- arch/powerpc/kernel/head_85xx.S | 12 +- arch/powerpc/kernel/head_book3s_32.S | 63 ++--- arch/powerpc/mm/book3s32/hash_low.S | 32 ++- arch/powerpc/mm/book3s32/mmu.c| 6 +- arch/powerpc/mm/book3s64/pgtable.c| 10 +- arch/powerpc/mm/fault.c | 9 +- arch/powerpc/mm/init_32.c | 1 + arch/powerpc/mm/ioremap.c | 6 +- arch/powerpc/mm/mem.c | 1 + arch/powerpc/mm/nohash/40x.c | 19 +- arch/powerpc/mm/nohash/8xx.c | 2 + arch/powerpc/mm/nohash/book3e_pgtable.c | 2 +- arch/powerpc/mm/nohash/e500.c | 6 +- arch/powerpc/mm/nohash/e500_hugetlbpage.c | 3 +- arch/powerpc/mm/pgtable.c | 26 +