[PATCH 3/3] arm64: Unconditionally enable EPAN support

[Marc Zyngier]

While FEAT_PAN3 is pretty recent, having it permanently enabled costs
exactly nothing, and does help with exec-only mappings on these fancy
ARMv9.2 machines that are rumoured to exist.

Signed-off-by: Marc Zyngier <maz at kernel.org>
---
 arch/arm64/Kconfig                  | 13 -------------
 arch/arm64/configs/hardening.config |  3 ---
 arch/arm64/include/asm/cpucaps.h    |  2 --
 arch/arm64/kernel/cpufeature.c      |  2 --
 4 files changed, 20 deletions(-)

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index fcfb62ec4bae8..c31079f4b611a 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -2120,19 +2120,6 @@ config ARM64_MTE
 
 endmenu # "ARMv8.5 architectural features"
 
-menu "ARMv8.7 architectural features"
-
-config ARM64_EPAN
-	bool "Enable support for Enhanced Privileged Access Never (EPAN)"
-	default y
-	help
-	  Enhanced Privileged Access Never (EPAN) allows Privileged
-	  Access Never to be used with Execute-only mappings.
-
-	  The feature is detected at runtime, and will remain disabled
-	  if the cpu does not implement the feature.
-endmenu # "ARMv8.7 architectural features"
-
 config AS_HAS_MOPS
 	def_bool $(as-instr,.arch_extension mops)
 
diff --git a/arch/arm64/configs/hardening.config b/arch/arm64/configs/hardening.config
index 24179722927e1..e59034e7af256 100644
--- a/arch/arm64/configs/hardening.config
+++ b/arch/arm64/configs/hardening.config
@@ -18,6 +18,3 @@ CONFIG_ARM64_BTI_KERNEL=y
 CONFIG_ARM64_MTE=y
 CONFIG_KASAN_HW_TAGS=y
 CONFIG_ARM64_E0PD=y
-
-# Available in ARMv8.7 and later.
-CONFIG_ARM64_EPAN=y
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index 177c691914f87..13c0fa54ea19f 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -19,8 +19,6 @@ cpucap_is_possible(const unsigned int cap)
 			   "cap must be < ARM64_NCAPS");
 
 	switch (cap) {
-	case ARM64_HAS_EPAN:
-		return IS_ENABLED(CONFIG_ARM64_EPAN);
 	case ARM64_SVE:
 		return IS_ENABLED(CONFIG_ARM64_SVE);
 	case ARM64_SME:
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 716440d147a2d..30eea68178c87 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2547,7 +2547,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
 		.cpu_enable = cpu_enable_pan,
 		ARM64_CPUID_FIELDS(ID_AA64MMFR1_EL1, PAN, IMP)
 	},
-#ifdef CONFIG_ARM64_EPAN
 	{
 		.desc = "Enhanced Privileged Access Never",
 		.capability = ARM64_HAS_EPAN,
@@ -2555,7 +2554,6 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
 		.matches = has_cpuid_feature,
 		ARM64_CPUID_FIELDS(ID_AA64MMFR1_EL1, PAN, PAN3)
 	},
-#endif /* CONFIG_ARM64_EPAN */
 	{
 		.desc = "LSE atomic instructions",
 		.capability = ARM64_HAS_LSE_ATOMICS,
-- 
2.47.3