| author | Catalin Marinas <catalin.marinas@arm.com> | |
| Thu, 3 Apr 2014 15:17:32 +0000 (16:17 +0100) | ||
| committer | Mark Brown <broonie@linaro.org> | |
| Mon, 11 Aug 2014 20:41:20 +0000 (21:41 +0100) | ||
| commit | 751f9957482de3100572b26e234e95f7dc5af8b2 | |
| tree | 9ea28624691414ccb55acd00f988fe77c3838054 | tree | snapshot (tar.xz tar.gz zip) |
| parent | fec428515d877aba91e5dbe59883584dc0afffba | commit | diff |
arm64: Introduce execute-only page access permissions
The ARMv8 architecture allows execute-only user permissions by clearing
the PTE_UXN and PTE_USER bits. The kernel, however, can still access
such page, so execute-only page permission does not protect against
read(2)/write(2) etc. accesses. Systems requiring such protection must
implement/enable features like SECCOMP.
This patch changes the arm64 __P100 and __S100 protection_map[] macros
to the new __PAGE_EXECONLY attributes. A side effect is that
pte_valid_user() no longer triggers for __PAGE_EXECONLY since PTE_USER
isn't set. To work around this, the check is done on the PTE_NG bit via
the pte_valid_ng() macro. VM_READ is also checked now for page faults.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
(cherry picked from commit bc07c2c6e9ed125d362af0214b6313dca180cb08)
Signed-off-by: Mark Brown <broonie@linaro.org>
The ARMv8 architecture allows execute-only user permissions by clearing
the PTE_UXN and PTE_USER bits. The kernel, however, can still access
such page, so execute-only page permission does not protect against
read(2)/write(2) etc. accesses. Systems requiring such protection must
implement/enable features like SECCOMP.
This patch changes the arm64 __P100 and __S100 protection_map[] macros
to the new __PAGE_EXECONLY attributes. A side effect is that
pte_valid_user() no longer triggers for __PAGE_EXECONLY since PTE_USER
isn't set. To work around this, the check is done on the PTE_NG bit via
the pte_valid_ng() macro. VM_READ is also checked now for page faults.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
(cherry picked from commit bc07c2c6e9ed125d362af0214b6313dca180cb08)
Signed-off-by: Mark Brown <broonie@linaro.org>
| arch/arm64/include/asm/pgtable.h | diff | blob | history | |
| arch/arm64/mm/fault.c | diff | blob | history |