Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / cab15ce604e550020bb7115b779013b91bcdbc21
commitcab15ce604e550020bb7115b779013b91bcdbc21[log] [tgz]
authorCatalin Marinas <catalin.marinas@arm.com>Thu Aug 11 18:44:50 2016 +0100
committerWill Deacon <will.deacon@arm.com>Thu Aug 25 18:00:29 2016 +0100
tree0ba025b8ad16505532aaa6e1b4cc665473f026fa
parent7419333fa15ec958d12845fcc79b7bdd16de06ec [diff]
arm64: Introduce execute-only page access permissions

The ARMv8 architecture allows execute-only user permissions by clearing
the PTE_UXN and PTE_USER bits. However, the kernel running on a CPU
implementation without User Access Override (ARMv8.2 onwards) can still
access such page, so execute-only page permission does not protect
against read(2)/write(2) etc. accesses. Systems requiring such
protection must enable features like SECCOMP.

This patch changes the arm64 __P100 and __S100 protection_map[] macros
to the new __PAGE_EXECONLY attributes. A side effect is that
pte_user() no longer triggers for __PAGE_EXECONLY since PTE_USER isn't
set. To work around this, the check is done on the PTE_NG bit via the
pte_ng() macro. VM_READ is also checked now for page faults.

Reviewed-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
4 files changed
tree: 0ba025b8ad16505532aaa6e1b4cc665473f026fa
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitignore
  26. .mailmap
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. README
  34. REPORTING-BUGS