git.openpandora.org / pandora-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9ded63a)
arm64: kernel: Add support for Privileged Access Never
authorJames Morse <james.morse@arm.com>
Wed, 22 Jul 2015 18:05:54 +0000 (19:05 +0100)
committerWill Deacon <will.deacon@arm.com>
Mon, 27 Jul 2015 10:08:41 +0000 (11:08 +0100)
'Privileged Access Never' is a new arm8.1 feature which prevents
privileged code from accessing any virtual address where read or write
access is also permitted at EL0.

This patch enables the PAN feature on all CPUs, and modifies {get,put}_user
helpers temporarily to permit access.

This will catch kernel bugs where user memory is accessed directly.
'Unprivileged loads and stores' using ldtrb et al are unaffected by PAN.

Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
[will: use ALTERNATIVE in asm and tidy up pan_enable check]
Signed-off-by: Will Deacon <will.deacon@arm.com>
14 files changed:
arch/arm64/Kconfig patch | blob | history
arch/arm64/include/asm/cpufeature.h patch | blob | history
arch/arm64/include/asm/futex.h patch | blob | history
arch/arm64/include/asm/processor.h patch | blob | history
arch/arm64/include/asm/sysreg.h patch | blob | history
arch/arm64/include/asm/uaccess.h patch | blob | history
arch/arm64/include/uapi/asm/ptrace.h patch | blob | history
arch/arm64/kernel/armv8_deprecated.c patch | blob | history
arch/arm64/kernel/cpufeature.c patch | blob | history
arch/arm64/lib/clear_user.S patch | blob | history
arch/arm64/lib/copy_from_user.S patch | blob | history
arch/arm64/lib/copy_in_user.S patch | blob | history
arch/arm64/lib/copy_to_user.S patch | blob | history
arch/arm64/mm/fault.c patch | blob | history

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index de8dee6..c2bd79a 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -596,6 +596,20 @@ config FORCE_MAX_ZONEORDER
        default "14" if (ARM64_64K_PAGES && TRANSPARENT_HUGEPAGE)
        default "11"
 
+config ARM64_PAN
+       bool "Enable support for Privileged Access Never (PAN)"
+       default y
+       help
+        Privileged Access Never (PAN; part of the ARMv8.1 Extensions)
+        prevents the kernel or hypervisor from accessing user-space (EL0)
+        memory directly.
+
+        Choosing this option will cause any unprotected (not using
+        copy_to_user et al) memory access to fail with a permission fault.
+
+        The feature is detected at runtime, and will remain as a 'nop'
+        instruction if the cpu does not implement the feature.
+
 menuconfig ARMV8_DEPRECATED
        bool "Emulate deprecated/obsolete ARMv8 instructions"
        depends on COMPAT
diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h
index f595f7d..d71140b 100644 (file)
--- a/arch/arm64/include/asm/cpufeature.h
+++ b/arch/arm64/include/asm/cpufeature.h
@@ -25,8 +25,9 @@
 #define ARM64_WORKAROUND_DEVICE_LOAD_ACQUIRE   1
 #define ARM64_WORKAROUND_845719                        2
 #define ARM64_HAS_SYSREG_GIC_CPUIF             3
+#define ARM64_HAS_PAN                          4
 
-#define ARM64_NCAPS                            4
+#define ARM64_NCAPS                            5
 
 #ifndef __ASSEMBLY__
 
diff --cc arch/arm64/include/asm/futex.h
Simple merge
diff --cc arch/arm64/include/asm/processor.h
Simple merge
diff --cc arch/arm64/include/asm/sysreg.h
Simple merge
diff --cc arch/arm64/include/asm/uaccess.h
Simple merge
diff --cc arch/arm64/include/uapi/asm/ptrace.h
Simple merge
diff --cc arch/arm64/kernel/armv8_deprecated.c
Simple merge
diff --cc arch/arm64/kernel/cpufeature.c
Simple merge
diff --cc arch/arm64/lib/clear_user.S
Simple merge
diff --cc arch/arm64/lib/copy_from_user.S
Simple merge
diff --cc arch/arm64/lib/copy_in_user.S
Simple merge
diff --cc arch/arm64/lib/copy_to_user.S
Simple merge
diff --cc arch/arm64/mm/fault.c
Simple merge
Pandora Kernel Repository