[PATCH] arm64: Introduce execute-only page access permissions

Will Deacon will.deacon at arm.com
Fri May 2 10:00:28 PDT 2014


On Fri, May 02, 2014 at 04:49:52PM +0100, Catalin Marinas wrote:
> The ARMv8 architecture allows execute-only user permissions by clearing
> the PTE_UXN and PTE_USER bits. The kernel, however, can still access
> such page.
> 
> This patch changes the arm64 __P100 and __S100 protection_map[] macros
> to the new __PAGE_EXECONLY attributes. A side effect is that
> pte_valid_user() no longer triggers for __PAGE_EXECONLY since PTE_USER
> isn't set. To work around this, the check is done on the PTE_NG bit via
> the pte_valid_ng() macro. VM_READ is also checked now for page faults.

How does this interact with things like ptrace and pipes? Can I get the
kernel to read my text for me?

Also: do we really want to differ from x86 here?

Will



More information about the linux-arm-kernel mailing list