[PATCH v3 1/2] arm64: Support execute-only permissions with Enhanced PAN
Vladimir Murzin
vladimir.murzin at arm.com
Fri Mar 12 11:19:02 GMT 2021
On 1/26/21 12:23 PM, Will Deacon wrote:
> On Tue, Jan 26, 2021 at 12:05:42PM +0000, Catalin Marinas wrote:
>> On Tue, Jan 26, 2021 at 11:03:06AM +0000, Will Deacon wrote:
>>> On Tue, Jan 19, 2021 at 04:07:22PM +0000, Vladimir Murzin wrote:
>>>> #define pte_valid_not_user(pte) \
>>>> - ((pte_val(pte) & (PTE_VALID | PTE_USER)) == PTE_VALID)
>>>> + ((pte_val(pte) & (PTE_VALID | PTE_USER | PTE_UXN)) == (PTE_VALID | PTE_UXN))
>>>> #define pte_valid_user(pte) \
>>>> ((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
>>>
>>> Won't pte_valid_user() go wrong for exec-only mappings now?
>>
>> I wondered about the same in November (and reproducing my comment
>> below):
>>
>> https://lore.kernel.org/linux-arm-kernel/20201119182236.GN4376@gaia/
>>
>> pte_valid_user() checks for both PTE_VALID and PTE_USER. In theory, a
>> !PTE_UXN is also user-accessible but it's only used in gup_pte_range()
>> via pte_access_permitted(). If "access" in the latter means only
>> read/write, we should be ok. If we keep it as is, a comment would
>> be useful.
>
> I think we should ensure that:
>
> pte_valid(pte) && (pte_valid_not_user(pte) || pte_valid_user(pte))
>
> is always true, but I don't think it is after this patch. It reminds me
> of some of the tests that Anshuman wrote.
Something like
/*
* Most of user mappings would have PTE_USER bit set except Execute-only
* where both PTE_USER and PTE_UXN bits not set
*/
#define pte_valid_user(pte) \
(((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER)) || \
((pte_val(pte) & (PTE_VALID | PTE_UXN)) == PTE_VALID))
Cheers
Vladimir
More information about the linux-arm-kernel
mailing list