[PATCH v3 1/2] arm64: Support execute-only permissions with Enhanced PAN
Vladimir Murzin
vladimir.murzin at arm.com
Fri Mar 12 11:17:04 GMT 2021
On 1/26/21 11:03 AM, Will Deacon wrote:
> On Tue, Jan 19, 2021 at 04:07:22PM +0000, Vladimir Murzin wrote:
>> Enhanced Privileged Access Never (EPAN) allows Privileged Access Never
>> to be used with Execute-only mappings.
>>
>> Absence of such support was a reason for 24cecc377463 ("arm64: Revert
>> support for execute-only user mappings"). Thus now it can be revisited
>> and re-enabled.
>>
>> Cc: Kees Cook <keescook at chromium.org>
>> Cc: Catalin Marinas <catalin.marinas at arm.com>
>> Signed-off-by: Vladimir Murzin <vladimir.murzin at arm.com>
>> ---
>> arch/arm64/Kconfig | 17 +++++++++++++++++
>> arch/arm64/include/asm/cpucaps.h | 3 ++-
>> arch/arm64/include/asm/pgtable-prot.h | 5 +++--
>> arch/arm64/include/asm/pgtable.h | 14 +++++++++++++-
>> arch/arm64/include/asm/sysreg.h | 3 ++-
>> arch/arm64/kernel/cpufeature.c | 12 ++++++++++++
>> arch/arm64/mm/fault.c | 3 +++
>> 7 files changed, 52 insertions(+), 5 deletions(-)
>
> (please cc me on arm64 patches)
Ah, surely I should have done that!
snip...
>> --- a/arch/arm64/include/asm/pgtable.h
>> +++ b/arch/arm64/include/asm/pgtable.h
>> @@ -114,7 +114,7 @@ extern unsigned long empty_zero_page[PAGE_SIZE / sizeof(unsigned long)];
>>
>> #define pte_valid(pte) (!!(pte_val(pte) & PTE_VALID))
>
> We used to have a useful comment here describing why we're looking at UXN.
>
> There was also one next to the protection_map[], which I think we should add
> back.
Noted.
It seems that the rest has been covered by Catalin...
Cheers
Vladimir
More information about the linux-arm-kernel
mailing list