All of lore.kernel.org
 help / color / mirror / Atom feed
From: Geert Uytterhoeven <geert@linux-m68k.org>
To: Vladimir Murzin <vladimir.murzin@arm.com>
Cc: Linux ARM <linux-arm-kernel@lists.infradead.org>,
	Kees Cook <keescook@chromium.org>,
	 Dave Martin <dave.martin@arm.com>,
	Catalin Marinas <catalin.marinas@arm.com>,
	 Will Deacon <will@kernel.org>
Subject: Re: [PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN
Date: Tue, 30 Mar 2021 10:47:31 +0200	[thread overview]
Message-ID: <CAMuHMdUotkG0ACt0YGQ4ab37KG97Fd25frKy742vFU8ba+pcnA@mail.gmail.com> (raw)
In-Reply-To: <20210312173811.58284-2-vladimir.murzin@arm.com>

Hi Vladimir,

On Fri, Mar 12, 2021 at 6:47 PM Vladimir Murzin <vladimir.murzin@arm.com> wrote:
> Enhanced Privileged Access Never (EPAN) allows Privileged Access Never
> to be used with Execute-only mappings.
>
> Absence of such support was a reason for 24cecc377463 ("arm64: Revert
> support for execute-only user mappings"). Thus now it can be revisited
> and re-enabled.
>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>

Thanks for your patch, which is now commit 18107f8a2df6bf1c ("arm64:
Support execute-only permissions with Enhanced PAN") in arm64/for-next.

> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1060,6 +1060,9 @@ config ARCH_WANT_HUGE_PMD_SHARE
>  config ARCH_HAS_CACHE_LINE_SIZE
>         def_bool y
>
> +config ARCH_HAS_FILTER_PGPROT
> +       def_bool y
> +
>  config ARCH_ENABLE_SPLIT_PMD_PTLOCK
>         def_bool y if PGTABLE_LEVELS > 2
>
> @@ -1683,6 +1686,20 @@ config ARM64_MTE
>
>  endmenu
>
> +menu "ARMv8.7 architectural features"
> +
> +config ARM64_EPAN
> +       bool "Enable support for Enhanced Privileged Access Never (EPAN)"
> +       default y
> +       depends on ARM64_PAN
> +       help
> +        Enhanced Privileged Access Never (EPAN) allows Privileged
> +        Access Never to be used with Execute-only mappings.

Does EPAN require more hardware support than PAN, which is part of the
ARMv8.1 Extensions according to the help text for ARM64_PAN?
If yes, it is a good idea to document that here, so people know if it
makes sense to enable this option for their hardware.

Thanks!

> +
> +        The feature is detected at runtime, and will remain disabled
> +        if the cpu does not implement the feature.
> +endmenu
> +

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel

  parent reply	other threads:[~2021-03-30  8:49 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-12 17:38 [PATCH v4 0/2] arm64: Support Enhanced PAN Vladimir Murzin
2021-03-12 17:38 ` [PATCH v4 1/2] arm64: Support execute-only permissions with " Vladimir Murzin
2021-03-25 19:06   ` Will Deacon
2021-03-26 11:04   ` Catalin Marinas
2021-03-30  8:47   ` Geert Uytterhoeven [this message]
2021-03-30  9:30     ` Catalin Marinas
2021-03-30  9:34       ` Geert Uytterhoeven
2021-03-12 17:38 ` [PATCH v4 2/2] arm64: Introduce HWCAPS2_EXECONLY Vladimir Murzin
2021-03-25 19:00   ` Will Deacon
2021-03-26  9:35     ` Catalin Marinas
2021-03-29  8:53       ` Will Deacon
2021-03-26 11:05 ` (subset) [PATCH v4 0/2] arm64: Support Enhanced PAN Catalin Marinas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAMuHMdUotkG0ACt0YGQ4ab37KG97Fd25frKy742vFU8ba+pcnA@mail.gmail.com \
    --to=geert@linux-m68k.org \
    --cc=catalin.marinas@arm.com \
    --cc=dave.martin@arm.com \
    --cc=keescook@chromium.org \
    --cc=linux-arm-kernel@lists.infradead.org \
    --cc=vladimir.murzin@arm.com \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.