[PATCH v3 1/2] arm64: Support execute-only permissions with Enhanced PAN

Vladimir Murzin vladimir.murzin at arm.com
Fri Mar 12 11:19:02 GMT 2021


On 1/26/21 12:23 PM, Will Deacon wrote:
> On Tue, Jan 26, 2021 at 12:05:42PM +0000, Catalin Marinas wrote:
>> On Tue, Jan 26, 2021 at 11:03:06AM +0000, Will Deacon wrote:
>>> On Tue, Jan 19, 2021 at 04:07:22PM +0000, Vladimir Murzin wrote:
>>>>  #define pte_valid_not_user(pte) \
>>>> -	((pte_val(pte) & (PTE_VALID | PTE_USER)) == PTE_VALID)
>>>> +	((pte_val(pte) & (PTE_VALID | PTE_USER | PTE_UXN)) == (PTE_VALID | PTE_UXN))
>>>>  #define pte_valid_user(pte) \
>>>>  	((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
>>>
>>> Won't pte_valid_user() go wrong for exec-only mappings now?
>>
>> I wondered about the same in November (and reproducing my comment
>> below):
>>
>> https://lore.kernel.org/linux-arm-kernel/20201119182236.GN4376@gaia/
>>
>> pte_valid_user() checks for both PTE_VALID and PTE_USER. In theory, a
>> !PTE_UXN is also user-accessible but it's only used in gup_pte_range()
>> via pte_access_permitted(). If "access" in the latter means only
>> read/write, we should be ok. If we keep it as is, a comment would
>> be useful.
> 
> I think we should ensure that:
> 
>   pte_valid(pte) && (pte_valid_not_user(pte) || pte_valid_user(pte))
> 
> is always true, but I don't think it is after this patch. It reminds me
> of some of the tests that Anshuman wrote.

Something like

/*
 * Most of user mappings would have PTE_USER bit set except Execute-only
 * where both PTE_USER and PTE_UXN bits not set
 */
#define pte_valid_user(pte)                                            \
      (((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER)) || \
         ((pte_val(pte) & (PTE_VALID | PTE_UXN)) == PTE_VALID))



Cheers
Vladimir



More information about the linux-arm-kernel mailing list