[PATCH v2 2/3] arm64: gcs: Honour mprotect(PROT_NONE) on shadow stack mappings
David Hildenbrand (Arm)
david at kernel.org
Mon Feb 23 11:20:35 PST 2026
On 2/23/26 18:45, Catalin Marinas wrote:
> vm_get_page_prot() short-circuits the protection_map[] lookup for a
> VM_SHADOW_STACK mapping since it uses a different PIE index from the
> typical read/write/exec permissions. However, the side effect is that it
> also ignores mprotect(PROT_NONE) by creating an accessible PTE.
>
> Special-case the !(vm_flags & VM_ACCESS_FLAGS) flags to use the
> protection_map[VM_NONE] permissions instead. No GCS attributes are
> required for an inaccessible PTE.
>
> Signed-off-by: Catalin Marinas <catalin.marinas at arm.com>
> Fixes: 6497b66ba694 ("arm64/mm: Map pages for guarded control stack")
> Cc: <stable at vger.kernel.org>
> Cc: Mark Brown <broonie at kernel.org>
> Cc: Will Deacon <will at kernel.org>
> Cc: David Hildenbrand <david at kernel.org>
> ---
Reviewed-by: David Hildenbrand (Arm) <david at kernel.org>
--
Cheers,
David
More information about the linux-arm-kernel
mailing list