Re: (subset) [PATCH v2 00/37] Implement execute-only protection on powerpc
On Mon, 25 Sep 2023 20:31:14 +0200, Christophe Leroy wrote:
> This series reworks _PAGE_FLAGS on all platforms in order
> to implement execute-only protection on all powerpc.
>
> For all targets except 40x and 604 it will be a real execute-only
> protection as the hardware and/or software allows a distinct protection.
>
> For 40x and 604 that's a poor's man execute-only protection in the
> way that once the page is in the TLB it can be executed. But it's
> better than nothing and allows to have a similar implementation for
> all sorts of powerpc.
>
> [...]
Applied to powerpc/next.
[03/37] powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro
https://git.kernel.org/powerpc/c/cc8ee288f484a2a59c01ccd4d8a417d6ed3466e3
[04/37] powerpc: Remove pte_ERROR()
https://git.kernel.org/powerpc/c/3b8547ec4d35778c9f4cc261d85c0cae6c1a8ecb
[05/37] powerpc: Deduplicate prototypes of ptep_set_access_flags() and
phys_mem_access_prot()
https://git.kernel.org/powerpc/c/93f81f6eea10f497e892c52998a2194b4e16c91d
[06/37] powerpc: Refactor update_mmu_cache_range()
https://git.kernel.org/powerpc/c/da9554e0fe3c7b46912a361a803b50f2655ff30f
[07/37] powerpc: Untangle fixmap.h and pgtable.h and mmu.h
https://git.kernel.org/powerpc/c/d3e01796728add53ab778298573772d44d52d19c
[08/37] powerpc/nohash: Remove {pte/pmd}_protnone()
https://git.kernel.org/powerpc/c/81fbb9997057b6e6e5795a08d9a8e10e9f48236f
[09/37] powerpc/nohash: Refactor declaration of {map/unmap}_kernel_page()
https://git.kernel.org/powerpc/c/7835006979e5415aa4c9bc0e3e7063b5c5943ed4
[10/37] powerpc/nohash: Move 8xx version of pte_update() into pte-8xx.h
https://git.kernel.org/powerpc/c/4c1a89d983be951a3e39d7f9c1d6987f3054e32d
[11/37] powerpc/nohash: Replace #ifdef CONFIG_44x by IS_ENABLED(CONFIG_44x) in
pgtable.h
https://git.kernel.org/powerpc/c/0f4027eab59261f2fb72586f18efb44be3594dd4
[12/37] powerpc/nohash: Refactor pte_update()
https://git.kernel.org/powerpc/c/42a2722319f0d3d5612ca8efd3ce7d7eae512291
[13/37] powerpc/nohash: Refactor checking of no-change in pte_update()
https://git.kernel.org/powerpc/c/7c929ad0b3167e980a3963e03403a761138a4350
[14/37] powerpc/nohash: Deduplicate _PAGE_CHG_MASK
https://git.kernel.org/powerpc/c/27672be7751f25566e69bc228c8b8440a0772f8b
[15/37] powerpc/nohash: Deduplicate pte helpers
https://git.kernel.org/powerpc/c/3a4288164d631b88a57119777b15099eb23c6fbf
[16/37] powerpc/nohash: Refactor ptep_test_and_clear_young()
https://git.kernel.org/powerpc/c/8c3d9eb323bbf2b37cdc5c01ebf9604175b5970f
[17/37] powerpc/nohash: Deduplicate ptep_set_wrprotect() and
ptep_get_and_clear()
https://git.kernel.org/powerpc/c/cc68d77febe055b6499dda5fa13bda976a12a85c
[18/37] powerpc/nohash: Refactor pte_clear()
https://git.kernel.org/powerpc/c/2ef9f4bb9c47ed30ff3c7961744cae545c034154
[19/37] powerpc/nohash: Refactor __ptep_set_access_flags()
https://git.kernel.org/powerpc/c/799d8836a7c4f4327833e4a5ca952a1700acdb14
[20/37] powerpc/e500: Simplify pte_mkexec()
https://git.kernel.org/powerpc/c/4c8dd6c9872d4e89fd2b3a6fc92fd6cc9cdce347
[21/37] powerpc: Implement and use pgprot_nx()
https://git.kernel.org/powerpc/c/d3c0dfcfc95796701e82719722fd997ec5256013
[22/37] powerpc: Fail ioremap() instead of silently ignoring flags when
PAGE_USER is set
https://git.kernel.org/powerpc/c/c7263f156395d1f2a2142375a75b7b040686a07a
[23/37] powerpc: Remove pte_mkuser() and pte_mkpriviledged()
https://git.kernel.org/powerpc/c/69339071bb27f0b1371cd23d6dada3f976261c20
[24/37] powerpc: Rely on address instead of pte_user()
https://git.kernel.org/powerpc/c/a78587473642aec302697cdaceb719a7f8791369
[25/37] powerpc: Refactor permission masks used for __P/__S table and kernel
memory flags
https://git.kernel.org/powerpc/c/a5a08dc90f4513d1a78582ec24b687fad01cc843
[26/37] powerpc/8xx: Use generic permission masks
https://git.kernel.org/powerpc/c/f9f09b93e80148fc5824afb338c318272abde529
[27/37] powerpc/64s: Use generic permission masks
https://git.kernel.org/powerpc/c/58f534623c4d8800c2e5d63da9783530848e570c
[28/37] powerpc/nohash: Add _PAGE_WRITE to supplement _PAGE_RW
https://git.kernel.org/powerpc/c/d20506d4728c3b7408e84d9aececbcb78c3061ee
[29/37] powerpc/nohash: Replace pte_user() by pte_read()
https://git.kernel.org/powerpc/c/8e9bd41e4ce1001f5b89e4c9a69f870f39d56c12
[30/37] powerpc/e500: Introduce _PAGE_READ and remove _PAGE_USER
https://git.kernel.org/powerpc/c/48cf93bb168d506a8278a6fb25c2f88c1c93ce6e
[31/37] powerpc/44x: Introduce _PAGE_READ and remove _PAGE_USER
https://git.kernel.org/powerpc/c/93820bfeefc4a125a6cedd1ee1a956eeb3eb2580
[32/37] powerpc/40x: Introduce _PAGE_READ and remove _PAGE_USER
https://git.kernel.org/powerpc/c/ed815bd3fe9b14a742e2ae094f7f55f70918dbbc
[33/37] powerpc/32s: Add _PAGE_WRITE to supplement _PAGE_RW
Re: (subset) [PATCH v2 00/37] Implement execute-only protection on powerpc
On Mon, 25 Sep 2023 20:31:14 +0200, Christophe Leroy wrote: > This series reworks _PAGE_FLAGS on all platforms in order > to implement execute-only protection on all powerpc. > > For all targets except 40x and 604 it will be a real execute-only > protection as the hardware and/or software allows a distinct protection. > > For 40x and 604 that's a poor's man execute-only protection in the > way that once the page is in the TLB it can be executed. But it's > better than nothing and allows to have a similar implementation for > all sorts of powerpc. > > [...] Patches 1 and 2 applied to powerpc/fixes. [01/37] powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE https://git.kernel.org/powerpc/c/5d9cea8a552ee122e21fbd5a3c5d4eb85f648e06 [02/37] powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() https://git.kernel.org/powerpc/c/5ea0bbaa32e8f54e9a57cfee4a3b8769b80be0d2 cheers
[PATCH v2 00/37] Implement execute-only protection on powerpc
This series reworks _PAGE_FLAGS on all platforms in order
to implement execute-only protection on all powerpc.
For all targets except 40x and 604 it will be a real execute-only
protection as the hardware and/or software allows a distinct protection.
For 40x and 604 that's a poor's man execute-only protection in the
way that once the page is in the TLB it can be executed. But it's
better than nothing and allows to have a similar implementation for
all sorts of powerpc.
Patches 1 and 2 are fixes that should also be back-ported to stable
version.
Patches 3 to 7 are generic trivial cleanups.
Patches 8 to 19 are a cleanup of pgtable.h for nohash. Main purpose
is to refactor a lot of common code between nohash/32 and nohash/64.
Patches 20 to 37 do the real work on PAGE flags in order to
switch all platforms to _PAGE_READ and _PAGE_WRITE like book3s/64
today. Once that is done it is easy to implement execute-only
protection.
Patch 1 to 19 were already sent-out as v1 of series
named "cleanup/refactor pgtable.h". Problems reported by robots
are fixed here.
Christophe Leroy (37):
powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro
powerpc: Remove pte_ERROR()
powerpc: Deduplicate prototypes of ptep_set_access_flags() and
phys_mem_access_prot()
powerpc: Refactor update_mmu_cache_range()
powerpc: Untangle fixmap.h and pgtable.h and mmu.h
powerpc/nohash: Remove {pte/pmd}_protnone()
powerpc/nohash: Refactor declaration of {map/unmap}_kernel_page()
powerpc/nohash: Move 8xx version of pte_update() into pte-8xx.h
powerpc/nohash: Replace #ifdef CONFIG_44x by IS_ENABLED(CONFIG_44x) in
pgtable.h
powerpc/nohash: Refactor pte_update()
powerpc/nohash: Refactor checking of no-change in pte_update()
powerpc/nohash: Deduplicate _PAGE_CHG_MASK
powerpc/nohash: Deduplicate pte helpers
powerpc/nohash: Refactor ptep_test_and_clear_young()
powerpc/nohash: Deduplicate ptep_set_wrprotect() and
ptep_get_and_clear()
powerpc/nohash: Refactor pte_clear()
powerpc/nohash: Refactor __ptep_set_access_flags()
powerpc/e500: Simplify pte_mkexec()
powerpc: Implement and use pgprot_nx()
powerpc: Fail ioremap() instead of silently ignoring flags when
PAGE_USER is set
powerpc: Remove pte_mkuser() and pte_mkpriviledged()
powerpc: Rely on address instead of pte_user()
powerpc: Refactor permission masks used for __P/__S table and kernel
memory flags
powerpc/8xx: Use generic permission masks
powerpc/64s: Use generic permission masks
powerpc/nohash: Add _PAGE_WRITE to supplement _PAGE_RW
powerpc/nohash: Replace pte_user() by pte_read()
powerpc/e500: Introduce _PAGE_READ and remove _PAGE_USER
powerpc/44x: Introduce _PAGE_READ and remove _PAGE_USER
powerpc/40x: Introduce _PAGE_READ and remove _PAGE_USER
powerpc/32s: Add _PAGE_WRITE to supplement _PAGE_RW
powerpc/32s: Introduce _PAGE_READ and remove _PAGE_USER
powerpc/ptdump: Display _PAGE_READ and _PAGE_WRITE
powerpc: Finally remove _PAGE_USER
powerpc: Support execute-only on all powerpc
arch/powerpc/include/asm/book3s/32/pgtable.h | 83 +++
arch/powerpc/include/asm/book3s/64/pgtable.h | 35 +--
arch/powerpc/include/asm/book3s/pgtable.h | 33 ---
arch/powerpc/include/asm/fixmap.h | 16 +-
arch/powerpc/include/asm/nohash/32/mmu-8xx.h | 1 -
arch/powerpc/include/asm/nohash/32/pgtable.h | 201 +---
arch/powerpc/include/asm/nohash/32/pte-40x.h | 21 +-
arch/powerpc/include/asm/nohash/32/pte-44x.h | 20 +-
arch/powerpc/include/asm/nohash/32/pte-85xx.h | 20 +-
arch/powerpc/include/asm/nohash/32/pte-8xx.h | 99 +---
arch/powerpc/include/asm/nohash/64/pgtable.h | 120 +-
arch/powerpc/include/asm/nohash/pgtable.h | 216 --
arch/powerpc/include/asm/nohash/pte-e500.h| 41 +---
arch/powerpc/include/asm/pgtable-masks.h | 32 +++
arch/powerpc/include/asm/pgtable.h| 35 +++
arch/powerpc/kernel/head_40x.S| 19 +-
arch/powerpc/kernel/head_44x.S| 40 ++--
arch/powerpc/kernel/head_85xx.S | 12 +-
arch/powerpc/kernel/head_book3s_32.S | 63 ++---
arch/powerpc/mm/book3s32/hash_low.S | 32 ++-
arch/powerpc/mm/book3s32/mmu.c| 6 +-
arch/powerpc/mm/book3s64/pgtable.c| 10 +-
arch/powerpc/mm/fault.c | 9 +-
arch/powerpc/mm/init_32.c | 1 +
arch/powerpc/mm/ioremap.c | 6 +-
arch/powerpc/mm/mem.c | 1 +
arch/powerpc/mm/nohash/40x.c | 19 +-
arch/powerpc/mm/nohash/8xx.c | 2 +
arch/powerpc/mm/nohash/book3e_pgtable.c | 2 +-
arch/powerpc/mm/nohash/e500.c | 6 +-
arch/powerpc/mm/nohash/e500_hugetlbpage.c | 3 +-
arch/powerpc/mm/pgtable.c | 26 +
