1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _ASM_POWERPC_KUP_H_
3 #define _ASM_POWERPC_KUP_H_
4 
5 #define KUAP_READ	1
6 #define KUAP_WRITE	2
7 #define KUAP_READ_WRITE	(KUAP_READ | KUAP_WRITE)
8 
9 #ifdef CONFIG_PPC_BOOK3S_64
10 #include <asm/book3s/64/kup.h>
11 #endif
12 
13 #ifdef CONFIG_PPC_8xx
14 #include <asm/nohash/32/kup-8xx.h>
15 #endif
16 
17 #ifdef CONFIG_BOOKE_OR_40x
18 #include <asm/nohash/kup-booke.h>
19 #endif
20 
21 #ifdef CONFIG_PPC_BOOK3S_32
22 #include <asm/book3s/32/kup.h>
23 #endif
24 
25 #ifdef __ASSEMBLY__
26 #ifndef CONFIG_PPC_KUAP
27 .macro kuap_check_amr	gpr1, gpr2
28 .endm
29 
30 #endif
31 
32 #else /* !__ASSEMBLY__ */
33 
34 extern bool disable_kuep;
35 extern bool disable_kuap;
36 
37 #include <linux/pgtable.h>
38 
39 void setup_kup(void);
40 void setup_kuep(bool disabled);
41 
42 #ifdef CONFIG_PPC_KUAP
43 void setup_kuap(bool disabled);
44 #else
setup_kuap(bool disabled)45 static inline void setup_kuap(bool disabled) { }
46 
kuap_is_disabled(void)47 static __always_inline bool kuap_is_disabled(void) { return true; }
48 
49 static inline bool
__bad_kuap_fault(struct pt_regs * regs,unsigned long address,bool is_write)50 __bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
51 {
52 	return false;
53 }
54 
__kuap_lock(void)55 static inline void __kuap_lock(void) { }
__kuap_save_and_lock(struct pt_regs * regs)56 static inline void __kuap_save_and_lock(struct pt_regs *regs) { }
kuap_user_restore(struct pt_regs * regs)57 static inline void kuap_user_restore(struct pt_regs *regs) { }
__kuap_kernel_restore(struct pt_regs * regs,unsigned long amr)58 static inline void __kuap_kernel_restore(struct pt_regs *regs, unsigned long amr) { }
59 
__kuap_get_and_assert_locked(void)60 static inline unsigned long __kuap_get_and_assert_locked(void)
61 {
62 	return 0;
63 }
64 
65 /*
66  * book3s/64/kup-radix.h defines these functions for the !KUAP case to flush
67  * the L1D cache after user accesses. Only include the empty stubs for other
68  * platforms.
69  */
70 #ifndef CONFIG_PPC_BOOK3S_64
__allow_user_access(void __user * to,const void __user * from,unsigned long size,unsigned long dir)71 static inline void __allow_user_access(void __user *to, const void __user *from,
72 				       unsigned long size, unsigned long dir) { }
__prevent_user_access(unsigned long dir)73 static inline void __prevent_user_access(unsigned long dir) { }
__prevent_user_access_return(void)74 static inline unsigned long __prevent_user_access_return(void) { return 0UL; }
__restore_user_access(unsigned long flags)75 static inline void __restore_user_access(unsigned long flags) { }
76 #endif /* CONFIG_PPC_BOOK3S_64 */
77 #endif /* CONFIG_PPC_KUAP */
78 
79 static __always_inline bool
bad_kuap_fault(struct pt_regs * regs,unsigned long address,bool is_write)80 bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write)
81 {
82 	if (kuap_is_disabled())
83 		return false;
84 
85 	return __bad_kuap_fault(regs, address, is_write);
86 }
87 
kuap_assert_locked(void)88 static __always_inline void kuap_assert_locked(void)
89 {
90 	if (kuap_is_disabled())
91 		return;
92 
93 	if (IS_ENABLED(CONFIG_PPC_KUAP_DEBUG))
94 		__kuap_get_and_assert_locked();
95 }
96 
kuap_lock(void)97 static __always_inline void kuap_lock(void)
98 {
99 	if (kuap_is_disabled())
100 		return;
101 
102 	__kuap_lock();
103 }
104 
kuap_save_and_lock(struct pt_regs * regs)105 static __always_inline void kuap_save_and_lock(struct pt_regs *regs)
106 {
107 	if (kuap_is_disabled())
108 		return;
109 
110 	__kuap_save_and_lock(regs);
111 }
112 
kuap_kernel_restore(struct pt_regs * regs,unsigned long amr)113 static __always_inline void kuap_kernel_restore(struct pt_regs *regs, unsigned long amr)
114 {
115 	if (kuap_is_disabled())
116 		return;
117 
118 	__kuap_kernel_restore(regs, amr);
119 }
120 
kuap_get_and_assert_locked(void)121 static __always_inline unsigned long kuap_get_and_assert_locked(void)
122 {
123 	if (kuap_is_disabled())
124 		return 0;
125 
126 	return __kuap_get_and_assert_locked();
127 }
128 
129 #ifndef CONFIG_PPC_BOOK3S_64
allow_user_access(void __user * to,const void __user * from,unsigned long size,unsigned long dir)130 static __always_inline void allow_user_access(void __user *to, const void __user *from,
131 				     unsigned long size, unsigned long dir)
132 {
133 	if (kuap_is_disabled())
134 		return;
135 
136 	__allow_user_access(to, from, size, dir);
137 }
138 
prevent_user_access(unsigned long dir)139 static __always_inline void prevent_user_access(unsigned long dir)
140 {
141 	if (kuap_is_disabled())
142 		return;
143 
144 	__prevent_user_access(dir);
145 }
146 
prevent_user_access_return(void)147 static __always_inline unsigned long prevent_user_access_return(void)
148 {
149 	if (kuap_is_disabled())
150 		return 0;
151 
152 	return __prevent_user_access_return();
153 }
154 
restore_user_access(unsigned long flags)155 static __always_inline void restore_user_access(unsigned long flags)
156 {
157 	if (kuap_is_disabled())
158 		return;
159 
160 	__restore_user_access(flags);
161 }
162 #endif /* CONFIG_PPC_BOOK3S_64 */
163 
allow_read_from_user(const void __user * from,unsigned long size)164 static __always_inline void allow_read_from_user(const void __user *from, unsigned long size)
165 {
166 	barrier_nospec();
167 	allow_user_access(NULL, from, size, KUAP_READ);
168 }
169 
allow_write_to_user(void __user * to,unsigned long size)170 static __always_inline void allow_write_to_user(void __user *to, unsigned long size)
171 {
172 	allow_user_access(to, NULL, size, KUAP_WRITE);
173 }
174 
allow_read_write_user(void __user * to,const void __user * from,unsigned long size)175 static __always_inline void allow_read_write_user(void __user *to, const void __user *from,
176 						  unsigned long size)
177 {
178 	barrier_nospec();
179 	allow_user_access(to, from, size, KUAP_READ_WRITE);
180 }
181 
prevent_read_from_user(const void __user * from,unsigned long size)182 static __always_inline void prevent_read_from_user(const void __user *from, unsigned long size)
183 {
184 	prevent_user_access(KUAP_READ);
185 }
186 
prevent_write_to_user(void __user * to,unsigned long size)187 static __always_inline void prevent_write_to_user(void __user *to, unsigned long size)
188 {
189 	prevent_user_access(KUAP_WRITE);
190 }
191 
prevent_read_write_user(void __user * to,const void __user * from,unsigned long size)192 static __always_inline void prevent_read_write_user(void __user *to, const void __user *from,
193 						    unsigned long size)
194 {
195 	prevent_user_access(KUAP_READ_WRITE);
196 }
197 
prevent_current_access_user(void)198 static __always_inline void prevent_current_access_user(void)
199 {
200 	prevent_user_access(KUAP_READ_WRITE);
201 }
202 
prevent_current_read_from_user(void)203 static __always_inline void prevent_current_read_from_user(void)
204 {
205 	prevent_user_access(KUAP_READ);
206 }
207 
prevent_current_write_to_user(void)208 static __always_inline void prevent_current_write_to_user(void)
209 {
210 	prevent_user_access(KUAP_WRITE);
211 }
212 
213 #endif /* !__ASSEMBLY__ */
214 
215 #endif /* _ASM_POWERPC_KUAP_H_ */
216