[PATCH v4 0/2] arm64: Support Enhanced PAN

[Vladimir Murzin]

Hi

ARM architecture gains support of Enhanced Privileged Access Never
(EPAN) which allows Privileged Access Never to be used with
Execute-only mappings.

As a consequence 24cecc377463 ("arm64: Revert support for execute-only
user mappings") can be revisited and re-enabled.

Changelog:

  RFC -> v1
      - removed cap check in pte_valid_not_user (per Catalin)
      - local_flush_tlb_all() in cpu_enable_epan() (per Catalin)
      - reordered with CnP (per Catalin)
      - s/HWCAP2_EPAN/HWCAP2_EXECONLY/ (per Catalin)

   v1 -> v2
      - rebased on for-next/uaccess (for INIT_SCTLR_EL1_MMU_ON)
      - moved EPAN enable to proc.S (via INIT_SCTLR_EL1_MMU_ON),
        so no need in enable method from cpufeature, no need to
        keep ordering relative to CnP (per Catalin)

   v2 -> v3
      - rebased on 5.11-rc4

   v3 -> v4
      - rebased on 5.12-rc2
      - restore comments around pte_valid_not_user and
        protection_map[] (per Will)
      - rework the vm_flags initialisation (per Will)
      - moved logic of pte_valid_user() into pte_access_permitted()
        (per Catalin)

Thanks!

Vladimir Murzin (2):
  arm64: Support execute-only permissions with Enhanced PAN
  arm64: Introduce HWCAPS2_EXECONLY

 arch/arm64/Kconfig                    | 17 +++++++++++++++
 arch/arm64/include/asm/cpucaps.h      |  3 ++-
 arch/arm64/include/asm/hwcap.h        |  1 +
 arch/arm64/include/asm/pgtable-prot.h |  5 +++--
 arch/arm64/include/asm/pgtable.h      | 31 ++++++++++++++++++++-------
 arch/arm64/include/asm/sysreg.h       |  4 +++-
 arch/arm64/include/uapi/asm/hwcap.h   |  1 +
 arch/arm64/kernel/cpufeature.c        | 15 +++++++++++++
 arch/arm64/kernel/cpuinfo.c           |  1 +
 arch/arm64/mm/fault.c                 | 18 +++++++++++++++-
 mm/mmap.c                             |  6 ++++++
 11 files changed, 89 insertions(+), 13 deletions(-)

-- 
2.24.0