[PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN
Catalin Marinas
catalin.marinas at arm.com
Fri Mar 26 11:04:45 GMT 2021
On Fri, Mar 12, 2021 at 05:38:10PM +0000, Vladimir Murzin wrote:
> @@ -992,6 +995,18 @@ static inline bool arch_wants_old_prefaulted_pte(void)
> }
> #define arch_wants_old_prefaulted_pte arch_wants_old_prefaulted_pte
>
> +static inline pgprot_t arch_filter_pgprot(pgprot_t prot)
> +{
> + if (cpus_have_const_cap(ARM64_HAS_EPAN))
> + return prot;
> +
> + if (pgprot_val(prot) != pgprot_val(PAGE_EXECONLY))
> + return prot;
> +
> + return PAGE_READONLY_EXEC;
> +}
Just a thought: we could allow exec-only permissions if
!system_uses_hw_pan(), though not sure it's worth it. We'd have 8.0 CPUs
with exec-only then a gap up to 8.7 when we add it back in (since most
kernels will turn PAN on).
--
Catalin
More information about the linux-arm-kernel
mailing list