1. 29 11月, 2016 1 次提交
    • M
      powerpc: Stop passing ARCH=ppc64 to boot Makefile · 1196d7aa
      Michael Ellerman 提交于
      Back in 2005 when the ppc/ppc64 merge started, we used to build the
      kernel code in arch/powerpc but use the boot code from arch/ppc or
      arch/ppc64 depending on whether we were building for 32 or 64-bit.
      
      Originally we called the boot Makefile passing ARCH=$(OLDARCH), where
      OLDARCH was ppc or ppc64.
      
      In commit 20f62954 ("powerpc: Make building the boot image work for
      both 32-bit and 64-bit") (2005-10-11) we split the call for 32/64-bit
      using an ifeq check, because the two Makefiles took different targets,
      and explicitly passed ARCH=ppc64 for the 64-bit case and ARCH=ppc for
      the 32-bit case.
      
      Then in commit 94b212c2 ("powerpc: Move ppc64 boot wrapper code over
      to arch/powerpc") (2005-11-16) we moved the boot code into arch/powerpc
      and dropped the ppc case, but kept passing ARCH=ppc64 to
      arch/powerpc/boot/Makefile.
      
      Since then there have been several more boot targets added, all of which
      have copied the ARCH=ppc64 setting, such that now we have four targets
      using it.
      
      Currently it seems that nothing actually uses the ARCH value, but that's
      basically just luck, and in particular it prevents us from using the
      generic cpp_lds_S rule. It's also clearly wrong, ARCH=ppc64 is dead,
      buried and cremated.
      
      Fix it by dropping the setting of ARCH completely, the correct value is
      exported by the top level Makefile.
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      1196d7aa
  2. 28 11月, 2016 9 次提交
  3. 26 11月, 2016 1 次提交
    • B
      powerpc/mm/radix: Prevent kernel execution of user space · 3b10d009
      Balbir Singh 提交于
      ISA 3 defines new encoded access authority that allows instruction
      access prevention in privileged mode and allows normal access
      to problem state. This patch just enables IAMR (Instruction Authority
      Mask Register), enabling AMR would require more work.
      
      I've tested this with a buggy driver and a simple payload. The payload
      is specific to the build I've tested.
      
      mpe: Also tested with LKDTM:
      
        # echo EXEC_USERSPACE > /sys/kernel/debug/provoke-crash/DIRECT
        lkdtm: Performing direct entry EXEC_USERSPACE
        lkdtm: attempting ok execution at c0000000005bf560
        lkdtm: attempting bad execution at 00003fff8d940000
        Unable to handle kernel paging request for instruction fetch
        Faulting instruction address: 0x3fff8d940000
        Oops: Kernel access of bad area, sig: 11 [#1]
        NIP: 00003fff8d940000 LR: c0000000005bfa58 CTR: 00003fff8d940000
        REGS: c0000000f1fcf900 TRAP: 0400   Not tainted  (4.9.0-rc5-compiler_gcc-6.2.0-00109-g956dbc06232a)
        MSR: 9000000010009033 <SF,HV,EE,ME,IR,DR,RI,LE>  CR: 48002222  XER: 00000000
        ...
        Call Trace:
          lkdtm_EXEC_USERSPACE+0x104/0x120 (unreliable)
          lkdtm_do_action+0x3c/0x80
          direct_entry+0x100/0x1b0
          full_proxy_write+0x94/0x100
          __vfs_write+0x3c/0x1b0
          vfs_write+0xcc/0x230
          SyS_write+0x60/0x110
          system_call+0x38/0xfc
      Signed-off-by: NBalbir Singh <bsingharora@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      3b10d009
  4. 25 11月, 2016 7 次提交
  5. 24 11月, 2016 1 次提交
  6. 23 11月, 2016 12 次提交
  7. 22 11月, 2016 5 次提交
  8. 18 11月, 2016 4 次提交