[PATCH v3 1/2] arm64: Support execute-only permissions with Enhanced PAN
Will Deacon
will at kernel.org
Fri Mar 12 11:20:28 GMT 2021
On Fri, Mar 12, 2021 at 11:19:02AM +0000, Vladimir Murzin wrote:
> On 1/26/21 12:23 PM, Will Deacon wrote:
> > On Tue, Jan 26, 2021 at 12:05:42PM +0000, Catalin Marinas wrote:
> >> On Tue, Jan 26, 2021 at 11:03:06AM +0000, Will Deacon wrote:
> >>> On Tue, Jan 19, 2021 at 04:07:22PM +0000, Vladimir Murzin wrote:
> >>>> #define pte_valid_not_user(pte) \
> >>>> - ((pte_val(pte) & (PTE_VALID | PTE_USER)) == PTE_VALID)
> >>>> + ((pte_val(pte) & (PTE_VALID | PTE_USER | PTE_UXN)) == (PTE_VALID | PTE_UXN))
> >>>> #define pte_valid_user(pte) \
> >>>> ((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
> >>>
> >>> Won't pte_valid_user() go wrong for exec-only mappings now?
> >>
> >> I wondered about the same in November (and reproducing my comment
> >> below):
> >>
> >> https://lore.kernel.org/linux-arm-kernel/20201119182236.GN4376@gaia/
> >>
> >> pte_valid_user() checks for both PTE_VALID and PTE_USER. In theory, a
> >> !PTE_UXN is also user-accessible but it's only used in gup_pte_range()
> >> via pte_access_permitted(). If "access" in the latter means only
> >> read/write, we should be ok. If we keep it as is, a comment would
> >> be useful.
> >
> > I think we should ensure that:
> >
> > pte_valid(pte) && (pte_valid_not_user(pte) || pte_valid_user(pte))
> >
> > is always true, but I don't think it is after this patch. It reminds me
> > of some of the tests that Anshuman wrote.
>
> Something like
>
> /*
> * Most of user mappings would have PTE_USER bit set except Execute-only
> * where both PTE_USER and PTE_UXN bits not set
> */
> #define pte_valid_user(pte) \
> (((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER)) || \
> ((pte_val(pte) & (PTE_VALID | PTE_UXN)) == PTE_VALID))
Yeah, assuming the compiler doesn't make a dog's dinner of it.
Will
More information about the linux-arm-kernel
mailing list