The kpkeys_hardened_pgtables feature needs to be initialised in two stages:
1. As soon as the buddy allocator becomes available. The canonical place to handle this is mem_init(). 2. As soon as the linear map can be split. With BBML2-noabort, this requires CPU detection to be completed on all CPUs. The earliest point is therefore after setup_system_features() has been called. With that done, all the bits are in place and we can advertise support for kpkeys_hardened_pgtables by selecting ARCH_HAS_KPKEYS_HARDENED_PGTABLES if ARM64_POE is enabled. Signed-off-by: Kevin Brodsky <[email protected]> --- arch/arm64/Kconfig | 1 + arch/arm64/kernel/smp.c | 2 ++ arch/arm64/mm/mmu.c | 5 +++++ 3 files changed, 8 insertions(+) diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 732d4dbbab20..2faf082cc1d0 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2165,6 +2165,7 @@ config ARM64_POE select ARCH_USES_HIGH_VMA_FLAGS select ARCH_HAS_PKEYS select ARCH_HAS_KPKEYS + select ARCH_HAS_KPKEYS_HARDENED_PGTABLES help The Permission Overlay Extension is used to implement Memory Protection Keys. Memory Protection Keys provides a mechanism for diff --git a/arch/arm64/kernel/smp.c b/arch/arm64/kernel/smp.c index 1aa324104afb..b2efff7a82ef 100644 --- a/arch/arm64/kernel/smp.c +++ b/arch/arm64/kernel/smp.c @@ -35,6 +35,7 @@ #include <linux/kgdb.h> #include <linux/kvm_host.h> #include <linux/nmi.h> +#include <linux/kpkeys.h> #include <asm/alternative.h> #include <asm/atomic.h> @@ -441,6 +442,7 @@ void __init smp_cpus_done(unsigned int max_cpus) hyp_mode_check(); setup_system_features(); setup_user_features(); + kpkeys_hardened_pgtables_init_late(); mark_linear_text_alias_ro(); } diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index 1e2cf0166c1d..1a96c186c4a3 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -2273,3 +2273,8 @@ int arch_set_user_pkey_access(struct task_struct *tsk, int pkey, unsigned long i return 0; } #endif + +void __init mem_init(void) +{ + kpkeys_hardened_pgtables_init(); +} -- 2.51.2
