Commit | Line | Data |
---|---|---|
62b5f7d0 DH |
1 | /* |
2 | * Intel Memory Protection Keys management | |
3 | * Copyright (c) 2015, Intel Corporation. | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify it | |
6 | * under the terms and conditions of the GNU General Public License, | |
7 | * version 2, as published by the Free Software Foundation. | |
8 | * | |
9 | * This program is distributed in the hope it will be useful, but WITHOUT | |
10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for | |
12 | * more details. | |
13 | */ | |
14 | #include <linux/mm_types.h> /* mm_struct, vma, etc... */ | |
15 | #include <linux/pkeys.h> /* PKEY_* */ | |
16 | #include <uapi/asm-generic/mman-common.h> | |
17 | ||
18 | #include <asm/cpufeature.h> /* boot_cpu_has, ... */ | |
19 | #include <asm/mmu_context.h> /* vma_pkey() */ | |
20 | #include <asm/fpu/internal.h> /* fpregs_active() */ | |
21 | ||
22 | int __execute_only_pkey(struct mm_struct *mm) | |
23 | { | |
24 | int ret; | |
25 | ||
26 | /* | |
27 | * We do not want to go through the relatively costly | |
28 | * dance to set PKRU if we do not need to. Check it | |
29 | * first and assume that if the execute-only pkey is | |
30 | * write-disabled that we do not have to set it | |
31 | * ourselves. We need preempt off so that nobody | |
32 | * can make fpregs inactive. | |
33 | */ | |
34 | preempt_disable(); | |
35 | if (fpregs_active() && | |
36 | !__pkru_allows_read(read_pkru(), PKEY_DEDICATED_EXECUTE_ONLY)) { | |
37 | preempt_enable(); | |
38 | return PKEY_DEDICATED_EXECUTE_ONLY; | |
39 | } | |
40 | preempt_enable(); | |
41 | ret = arch_set_user_pkey_access(current, PKEY_DEDICATED_EXECUTE_ONLY, | |
42 | PKEY_DISABLE_ACCESS); | |
43 | /* | |
44 | * If the PKRU-set operation failed somehow, just return | |
45 | * 0 and effectively disable execute-only support. | |
46 | */ | |
47 | if (ret) | |
48 | return 0; | |
49 | ||
50 | return PKEY_DEDICATED_EXECUTE_ONLY; | |
51 | } | |
52 | ||
53 | static inline bool vma_is_pkey_exec_only(struct vm_area_struct *vma) | |
54 | { | |
55 | /* Do this check first since the vm_flags should be hot */ | |
56 | if ((vma->vm_flags & (VM_READ | VM_WRITE | VM_EXEC)) != VM_EXEC) | |
57 | return false; | |
58 | if (vma_pkey(vma) != PKEY_DEDICATED_EXECUTE_ONLY) | |
59 | return false; | |
60 | ||
61 | return true; | |
62 | } | |
63 | ||
64 | /* | |
65 | * This is only called for *plain* mprotect calls. | |
66 | */ | |
67 | int __arch_override_mprotect_pkey(struct vm_area_struct *vma, int prot, int pkey) | |
68 | { | |
69 | /* | |
70 | * Is this an mprotect_pkey() call? If so, never | |
71 | * override the value that came from the user. | |
72 | */ | |
73 | if (pkey != -1) | |
74 | return pkey; | |
75 | /* | |
76 | * Look for a protection-key-drive execute-only mapping | |
77 | * which is now being given permissions that are not | |
78 | * execute-only. Move it back to the default pkey. | |
79 | */ | |
80 | if (vma_is_pkey_exec_only(vma) && | |
81 | (prot & (PROT_READ|PROT_WRITE))) { | |
82 | return 0; | |
83 | } | |
84 | /* | |
85 | * The mapping is execute-only. Go try to get the | |
86 | * execute-only protection key. If we fail to do that, | |
87 | * fall through as if we do not have execute-only | |
88 | * support. | |
89 | */ | |
90 | if (prot == PROT_EXEC) { | |
91 | pkey = execute_only_pkey(vma->vm_mm); | |
92 | if (pkey > 0) | |
93 | return pkey; | |
94 | } | |
95 | /* | |
96 | * This is a vanilla, non-pkey mprotect (or we failed to | |
97 | * setup execute-only), inherit the pkey from the VMA we | |
98 | * are working on. | |
99 | */ | |
100 | return vma_pkey(vma); | |
101 | } |