From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
To: Balbir Singh <bsingharora@gmail.com>,
benh@kernel.crashing.org, paulus@samba.org, mpe@ellerman.id.au
Cc: linuxppc-dev@lists.ozlabs.org,
Michael Neuling <mikey@neuling.org>,
Balbir Singh <bsingharora@gmail.com>
Subject: Re: [PATCH 1/2] Enable storage keys for radix - user mode execution
Date: Mon, 22 Aug 2016 11:32:44 +0530 [thread overview]
Message-ID: <87y43pibnf.fsf@linux.vnet.ibm.com> (raw)
In-Reply-To: <1471831017-18167-1-git-send-email-bsingharora@gmail.com>
Balbir Singh <bsingharora@gmail.com> writes:
> ISA 3 defines new encoded access authority that allows instruction
> access prevention in privileged mode and allows normal access
> to problem state. This patch just enables IAMR (Instruction Authority
> Mask Register), enabling AMR would require more work.
>
Don't we need to do them in hypervisor mode. Ie, the hypervisor setup
things such that guest privileged mode cannot execute guest userspace.
> I've tested this with a buggy driver and a simple payload. The payload
> is specific to the build I've tested.
>
> Signed-off-by: Balbir Singh <bsingharora@gmail.com>
> ---
> arch/powerpc/mm/pgtable-radix.c | 22 ++++++++++++++++++++++
> 1 file changed, 22 insertions(+)
>
> diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c
> index af897d9..9e25663 100644
> --- a/arch/powerpc/mm/pgtable-radix.c
> +++ b/arch/powerpc/mm/pgtable-radix.c
> @@ -294,6 +294,27 @@ found:
> return;
> }
>
> +/*
> + * For radix page tables we setup, the IAMR values as follows
> + * IMAR = 0100...00 (key 0 is set to 1)
> + * AMOR = 1100....00 (Mask for key 0 is 11)
> + * AMR, UAMR, UAMOR are not affected
> + */
> +static void __init radix_init_iamr(void)
> +{
> + unsigned long iamr_mask = 0x4000000000000000;
> + unsigned long iamr = mfspr(SPRN_IAMR);
> +
> + unsigned long amor_mask = 0xc000000000000000;
> + unsigned long amor = mfspr(SPRN_AMOR);
Isn't AMOR hypervisor privileged ?.
> +
> + iamr |= iamr_mask;
> + amor |= amor_mask;
> +
> + mtspr(SPRN_AMOR, amor);
> + mtspr(SPRN_IAMR, iamr);
> +}
> +
> void __init radix__early_init_mmu(void)
> {
> unsigned long lpcr;
> @@ -350,6 +371,7 @@ void __init radix__early_init_mmu(void)
> radix_init_partition_table();
> }
>
> + radix_init_iamr();
> radix_init_pgtable();
> }
>
> --
> 2.5.5
next prev parent reply other threads:[~2016-08-22 6:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-22 1:56 [PATCH 1/2] Enable storage keys for radix - user mode execution Balbir Singh
2016-08-22 1:56 ` [PATCH 2/2] Detect instruction fetch denied and report Balbir Singh
2016-08-22 6:05 ` Aneesh Kumar K.V
2016-08-22 7:55 ` Balbir Singh
2016-09-20 6:35 ` [2/2] " Michael Ellerman
2016-09-20 7:44 ` Balbir Singh
2016-08-22 6:02 ` Aneesh Kumar K.V [this message]
2016-08-22 8:07 ` [PATCH 1/2] Enable storage keys for radix - user mode execution Balbir Singh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87y43pibnf.fsf@linux.vnet.ibm.com \
--to=aneesh.kumar@linux.vnet.ibm.com \
--cc=benh@kernel.crashing.org \
--cc=bsingharora@gmail.com \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mikey@neuling.org \
--cc=mpe@ellerman.id.au \
--cc=paulus@samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.