* [PATCH v4 0/2] arm64: Support Enhanced PAN
@ 2021-03-12 17:38 Vladimir Murzin
2021-03-12 17:38 ` [PATCH v4 1/2] arm64: Support execute-only permissions with " Vladimir Murzin
` (2 more replies)
0 siblings, 3 replies; 12+ messages in thread
From: Vladimir Murzin @ 2021-03-12 17:38 UTC (permalink / raw)
To: linux-arm-kernel; +Cc: keescook, dave.martin, catalin.marinas, will
Hi
ARM architecture gains support of Enhanced Privileged Access Never
(EPAN) which allows Privileged Access Never to be used with
Execute-only mappings.
As a consequence 24cecc377463 ("arm64: Revert support for execute-only
user mappings") can be revisited and re-enabled.
Changelog:
RFC -> v1
- removed cap check in pte_valid_not_user (per Catalin)
- local_flush_tlb_all() in cpu_enable_epan() (per Catalin)
- reordered with CnP (per Catalin)
- s/HWCAP2_EPAN/HWCAP2_EXECONLY/ (per Catalin)
v1 -> v2
- rebased on for-next/uaccess (for INIT_SCTLR_EL1_MMU_ON)
- moved EPAN enable to proc.S (via INIT_SCTLR_EL1_MMU_ON),
so no need in enable method from cpufeature, no need to
keep ordering relative to CnP (per Catalin)
v2 -> v3
- rebased on 5.11-rc4
v3 -> v4
- rebased on 5.12-rc2
- restore comments around pte_valid_not_user and
protection_map[] (per Will)
- rework the vm_flags initialisation (per Will)
- moved logic of pte_valid_user() into pte_access_permitted()
(per Catalin)
Thanks!
Vladimir Murzin (2):
arm64: Support execute-only permissions with Enhanced PAN
arm64: Introduce HWCAPS2_EXECONLY
arch/arm64/Kconfig | 17 +++++++++++++++
arch/arm64/include/asm/cpucaps.h | 3 ++-
arch/arm64/include/asm/hwcap.h | 1 +
arch/arm64/include/asm/pgtable-prot.h | 5 +++--
arch/arm64/include/asm/pgtable.h | 31 ++++++++++++++++++++-------
arch/arm64/include/asm/sysreg.h | 4 +++-
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/kernel/cpufeature.c | 15 +++++++++++++
arch/arm64/kernel/cpuinfo.c | 1 +
arch/arm64/mm/fault.c | 18 +++++++++++++++-
mm/mmap.c | 6 ++++++
11 files changed, 89 insertions(+), 13 deletions(-)
--
2.24.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN
2021-03-12 17:38 [PATCH v4 0/2] arm64: Support Enhanced PAN Vladimir Murzin
@ 2021-03-12 17:38 ` Vladimir Murzin
2021-03-25 19:06 ` Will Deacon
` (2 more replies)
2021-03-12 17:38 ` [PATCH v4 2/2] arm64: Introduce HWCAPS2_EXECONLY Vladimir Murzin
2021-03-26 11:05 ` (subset) [PATCH v4 0/2] arm64: Support Enhanced PAN Catalin Marinas
2 siblings, 3 replies; 12+ messages in thread
From: Vladimir Murzin @ 2021-03-12 17:38 UTC (permalink / raw)
To: linux-arm-kernel; +Cc: keescook, dave.martin, catalin.marinas, will
Enhanced Privileged Access Never (EPAN) allows Privileged Access Never
to be used with Execute-only mappings.
Absence of such support was a reason for 24cecc377463 ("arm64: Revert
support for execute-only user mappings"). Thus now it can be revisited
and re-enabled.
Cc: Kees Cook <keescook@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
---
arch/arm64/Kconfig | 17 +++++++++++++++
arch/arm64/include/asm/cpucaps.h | 3 ++-
arch/arm64/include/asm/pgtable-prot.h | 5 +++--
arch/arm64/include/asm/pgtable.h | 31 ++++++++++++++++++++-------
arch/arm64/include/asm/sysreg.h | 3 ++-
arch/arm64/kernel/cpufeature.c | 12 +++++++++++
arch/arm64/mm/fault.c | 18 +++++++++++++++-
mm/mmap.c | 6 ++++++
8 files changed, 82 insertions(+), 13 deletions(-)
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 1f212b47a48a..bc0168768b1f 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1060,6 +1060,9 @@ config ARCH_WANT_HUGE_PMD_SHARE
config ARCH_HAS_CACHE_LINE_SIZE
def_bool y
+config ARCH_HAS_FILTER_PGPROT
+ def_bool y
+
config ARCH_ENABLE_SPLIT_PMD_PTLOCK
def_bool y if PGTABLE_LEVELS > 2
@@ -1683,6 +1686,20 @@ config ARM64_MTE
endmenu
+menu "ARMv8.7 architectural features"
+
+config ARM64_EPAN
+ bool "Enable support for Enhanced Privileged Access Never (EPAN)"
+ default y
+ depends on ARM64_PAN
+ help
+ Enhanced Privileged Access Never (EPAN) allows Privileged
+ Access Never to be used with Execute-only mappings.
+
+ The feature is detected at runtime, and will remain disabled
+ if the cpu does not implement the feature.
+endmenu
+
config ARM64_SVE
bool "ARM Scalable Vector Extension support"
default y
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index b77d997b173b..9e3ec4dd56d8 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -66,7 +66,8 @@
#define ARM64_WORKAROUND_1508412 58
#define ARM64_HAS_LDAPR 59
#define ARM64_KVM_PROTECTED_MODE 60
+#define ARM64_HAS_EPAN 61
-#define ARM64_NCAPS 61
+#define ARM64_NCAPS 62
#endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
index 046be789fbb4..f91c2aa52489 100644
--- a/arch/arm64/include/asm/pgtable-prot.h
+++ b/arch/arm64/include/asm/pgtable-prot.h
@@ -88,12 +88,13 @@ extern bool arm64_use_ng_mappings;
#define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_WRITE)
#define PAGE_READONLY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN | PTE_UXN)
#define PAGE_READONLY_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_RDONLY | PTE_NG | PTE_PXN)
+#define PAGE_EXECONLY __pgprot(_PAGE_DEFAULT | PTE_RDONLY | PTE_NG | PTE_PXN)
#define __P000 PAGE_NONE
#define __P001 PAGE_READONLY
#define __P010 PAGE_READONLY
#define __P011 PAGE_READONLY
-#define __P100 PAGE_READONLY_EXEC
+#define __P100 PAGE_EXECONLY
#define __P101 PAGE_READONLY_EXEC
#define __P110 PAGE_READONLY_EXEC
#define __P111 PAGE_READONLY_EXEC
@@ -102,7 +103,7 @@ extern bool arm64_use_ng_mappings;
#define __S001 PAGE_READONLY
#define __S010 PAGE_SHARED
#define __S011 PAGE_SHARED
-#define __S100 PAGE_READONLY_EXEC
+#define __S100 PAGE_EXECONLY
#define __S101 PAGE_READONLY_EXEC
#define __S110 PAGE_SHARED_EXEC
#define __S111 PAGE_SHARED_EXEC
diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index e17b96d0e4b5..4b92904f278c 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -113,11 +113,12 @@ extern unsigned long empty_zero_page[PAGE_SIZE / sizeof(unsigned long)];
#define pte_dirty(pte) (pte_sw_dirty(pte) || pte_hw_dirty(pte))
#define pte_valid(pte) (!!(pte_val(pte) & PTE_VALID))
+/*
+ * Execute-only user mappings do not have the PTE_USER bit set. All valid
+ * kernel mappings have the PTE_UXN bit set.
+ */
#define pte_valid_not_user(pte) \
- ((pte_val(pte) & (PTE_VALID | PTE_USER)) == PTE_VALID)
-#define pte_valid_user(pte) \
- ((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER))
-
+ ((pte_val(pte) & (PTE_VALID | PTE_USER | PTE_UXN)) == (PTE_VALID | PTE_UXN))
/*
* Could the pte be present in the TLB? We must check mm_tlb_flush_pending
* so that we don't erroneously return false for pages that have been
@@ -130,12 +131,14 @@ extern unsigned long empty_zero_page[PAGE_SIZE / sizeof(unsigned long)];
(mm_tlb_flush_pending(mm) ? pte_present(pte) : pte_valid(pte))
/*
- * p??_access_permitted() is true for valid user mappings (subject to the
- * write permission check). PROT_NONE mappings do not have the PTE_VALID bit
- * set.
+ * p??_access_permitted() is true for valid user mappings (PTE_USER
+ * bit set, subject to the write permission check). For execute-only
+ * mappings, like PROT_EXEC with EPAN (both PTE_USER and PTE_UXN bits
+ * not set) must return false. PROT_NONE mappings do not have the
+ * PTE_VALID bit set.
*/
#define pte_access_permitted(pte, write) \
- (pte_valid_user(pte) && (!(write) || pte_write(pte)))
+ (((pte_val(pte) & (PTE_VALID | PTE_USER)) == (PTE_VALID | PTE_USER)) && (!(write) || pte_write(pte)))
#define pmd_access_permitted(pmd, write) \
(pte_access_permitted(pmd_pte(pmd), (write)))
#define pud_access_permitted(pud, write) \
@@ -992,6 +995,18 @@ static inline bool arch_wants_old_prefaulted_pte(void)
}
#define arch_wants_old_prefaulted_pte arch_wants_old_prefaulted_pte
+static inline pgprot_t arch_filter_pgprot(pgprot_t prot)
+{
+ if (cpus_have_const_cap(ARM64_HAS_EPAN))
+ return prot;
+
+ if (pgprot_val(prot) != pgprot_val(PAGE_EXECONLY))
+ return prot;
+
+ return PAGE_READONLY_EXEC;
+}
+
+
#endif /* !__ASSEMBLY__ */
#endif /* __ASM_PGTABLE_H */
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index dfd4edbfe360..817cb3dbcb79 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -597,6 +597,7 @@
(SCTLR_EL2_RES1 | ENDIAN_SET_EL2)
/* SCTLR_EL1 specific flags. */
+#define SCTLR_EL1_EPAN (BIT(57))
#define SCTLR_EL1_ATA0 (BIT(42))
#define SCTLR_EL1_TCF0_SHIFT 38
@@ -637,7 +638,7 @@
SCTLR_EL1_SED | SCTLR_ELx_I | SCTLR_EL1_DZE | SCTLR_EL1_UCT | \
SCTLR_EL1_NTWE | SCTLR_ELx_IESB | SCTLR_EL1_SPAN | SCTLR_ELx_ITFSB | \
SCTLR_ELx_ATA | SCTLR_EL1_ATA0 | ENDIAN_SET_EL1 | SCTLR_EL1_UCI | \
- SCTLR_EL1_RES1)
+ SCTLR_EL1_EPAN | SCTLR_EL1_RES1)
/* MAIR_ELx memory attributes (used by Linux) */
#define MAIR_ATTR_DEVICE_nGnRnE UL(0x00)
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 066030717a4c..2ab04967dca7 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -1821,6 +1821,18 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.cpu_enable = cpu_enable_pan,
},
#endif /* CONFIG_ARM64_PAN */
+#ifdef CONFIG_ARM64_EPAN
+ {
+ .desc = "Enhanced Privileged Access Never",
+ .capability = ARM64_HAS_EPAN,
+ .type = ARM64_CPUCAP_SYSTEM_FEATURE,
+ .matches = has_cpuid_feature,
+ .sys_reg = SYS_ID_AA64MMFR1_EL1,
+ .field_pos = ID_AA64MMFR1_PAN_SHIFT,
+ .sign = FTR_UNSIGNED,
+ .min_field_value = 3,
+ },
+#endif /* CONFIG_ARM64_EPAN */
#ifdef CONFIG_ARM64_LSE_ATOMICS
{
.desc = "LSE atomic instructions",
diff --git a/arch/arm64/mm/fault.c b/arch/arm64/mm/fault.c
index c516f3a6dd4e..0635b70bbf78 100644
--- a/arch/arm64/mm/fault.c
+++ b/arch/arm64/mm/fault.c
@@ -527,7 +527,7 @@ static int __kprobes do_page_fault(unsigned long far, unsigned int esr,
const struct fault_info *inf;
struct mm_struct *mm = current->mm;
vm_fault_t fault;
- unsigned long vm_flags = VM_ACCESS_FLAGS;
+ unsigned long vm_flags;
unsigned int mm_flags = FAULT_FLAG_DEFAULT;
unsigned long addr = untagged_addr(far);
@@ -544,12 +544,28 @@ static int __kprobes do_page_fault(unsigned long far, unsigned int esr,
if (user_mode(regs))
mm_flags |= FAULT_FLAG_USER;
+ /*
+ * vm_flags tells us what bits we must have in vma->vm_flags
+ * for the fault to be benign, __do_page_fault() would check
+ * vma->vm_flags & vm_flags and returns an error if the
+ * intersection is empty
+ */
if (is_el0_instruction_abort(esr)) {
+ /* It was exec fault */
vm_flags = VM_EXEC;
mm_flags |= FAULT_FLAG_INSTRUCTION;
} else if (is_write_abort(esr)) {
+ /* It was write fault */
vm_flags = VM_WRITE;
mm_flags |= FAULT_FLAG_WRITE;
+ } else {
+ /* It was read fault */
+ vm_flags = VM_READ;
+ /* Write implies read */
+ vm_flags |= VM_WRITE;
+ /* If EPAN is absent then exec implies read */
+ if (!cpus_have_const_cap(ARM64_HAS_EPAN))
+ vm_flags |= VM_EXEC;
}
if (is_ttbr0_addr(addr) && is_el1_permission_fault(addr, esr, regs)) {
diff --git a/mm/mmap.c b/mm/mmap.c
index 3f287599a7a3..1d96a21acb2f 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -93,6 +93,12 @@ static void unmap_region(struct mm_struct *mm,
* MAP_PRIVATE r: (no) no r: (yes) yes r: (no) yes r: (no) yes
* w: (no) no w: (no) no w: (copy) copy w: (no) no
* x: (no) no x: (no) yes x: (no) yes x: (yes) yes
+ *
+ * On arm64, PROT_EXEC has the following behaviour for both MAP_SHARED and
+ * MAP_PRIVATE (with Enhanced PAN supported):
+ * r: (no) no
+ * w: (no) no
+ * x: (yes) yes
*/
pgprot_t protection_map[16] __ro_after_init = {
__P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111,
--
2.24.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH v4 2/2] arm64: Introduce HWCAPS2_EXECONLY
2021-03-12 17:38 [PATCH v4 0/2] arm64: Support Enhanced PAN Vladimir Murzin
2021-03-12 17:38 ` [PATCH v4 1/2] arm64: Support execute-only permissions with " Vladimir Murzin
@ 2021-03-12 17:38 ` Vladimir Murzin
2021-03-25 19:00 ` Will Deacon
2021-03-26 11:05 ` (subset) [PATCH v4 0/2] arm64: Support Enhanced PAN Catalin Marinas
2 siblings, 1 reply; 12+ messages in thread
From: Vladimir Murzin @ 2021-03-12 17:38 UTC (permalink / raw)
To: linux-arm-kernel; +Cc: keescook, dave.martin, catalin.marinas, will
With EPAN supported it might be handy to user know that PROT_EXEC
gives execute-only permission, so advertise it via HWCAPS2_EXECONLY
Cc: Kees Cook <keescook@chromium.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
---
arch/arm64/include/asm/hwcap.h | 1 +
arch/arm64/include/asm/sysreg.h | 1 +
arch/arm64/include/uapi/asm/hwcap.h | 1 +
arch/arm64/kernel/cpufeature.c | 3 +++
arch/arm64/kernel/cpuinfo.c | 1 +
5 files changed, 7 insertions(+)
diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h
index 9a5498c2c8ee..5ee5bce79233 100644
--- a/arch/arm64/include/asm/hwcap.h
+++ b/arch/arm64/include/asm/hwcap.h
@@ -105,6 +105,7 @@
#define KERNEL_HWCAP_RNG __khwcap2_feature(RNG)
#define KERNEL_HWCAP_BTI __khwcap2_feature(BTI)
#define KERNEL_HWCAP_MTE __khwcap2_feature(MTE)
+#define KERNEL_HWCAP_EXECONLY __khwcap2_feature(EXECONLY)
/*
* This yields a mask that user programs can use to figure out what
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index 817cb3dbcb79..7421139dc44f 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -817,6 +817,7 @@
#define ID_AA64MMFR1_VMIDBITS_8 0
#define ID_AA64MMFR1_VMIDBITS_16 2
+#define ID_AA64MMFR1_EPAN 3
/* id_aa64mmfr2 */
#define ID_AA64MMFR2_E0PD_SHIFT 60
diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h
index b8f41aa234ee..61471f47db32 100644
--- a/arch/arm64/include/uapi/asm/hwcap.h
+++ b/arch/arm64/include/uapi/asm/hwcap.h
@@ -75,5 +75,6 @@
#define HWCAP2_RNG (1 << 16)
#define HWCAP2_BTI (1 << 17)
#define HWCAP2_MTE (1 << 18)
+#define HWCAP2_EXECONLY (1 << 19)
#endif /* _UAPI__ASM_HWCAP_H */
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 2ab04967dca7..a49bccb80873 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -2332,6 +2332,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = {
#ifdef CONFIG_ARM64_MTE
HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_MTE_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_MTE, CAP_HWCAP, KERNEL_HWCAP_MTE),
#endif /* CONFIG_ARM64_MTE */
+#ifdef CONFIG_ARM64_EPAN
+ HWCAP_CAP(SYS_ID_AA64MMFR1_EL1, ID_AA64MMFR1_PAN_SHIFT, FTR_UNSIGNED, ID_AA64MMFR1_EPAN, CAP_HWCAP, KERNEL_HWCAP_EXECONLY),
+#endif
{},
};
diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c
index 77605aec25fe..34c98d984fe3 100644
--- a/arch/arm64/kernel/cpuinfo.c
+++ b/arch/arm64/kernel/cpuinfo.c
@@ -94,6 +94,7 @@ static const char *const hwcap_str[] = {
[KERNEL_HWCAP_RNG] = "rng",
[KERNEL_HWCAP_BTI] = "bti",
[KERNEL_HWCAP_MTE] = "mte",
+ [KERNEL_HWCAP_EXECONLY] = "xo",
};
#ifdef CONFIG_COMPAT
--
2.24.0
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply related [flat|nested] 12+ messages in thread
* Re: [PATCH v4 2/2] arm64: Introduce HWCAPS2_EXECONLY
2021-03-12 17:38 ` [PATCH v4 2/2] arm64: Introduce HWCAPS2_EXECONLY Vladimir Murzin
@ 2021-03-25 19:00 ` Will Deacon
2021-03-26 9:35 ` Catalin Marinas
0 siblings, 1 reply; 12+ messages in thread
From: Will Deacon @ 2021-03-25 19:00 UTC (permalink / raw)
To: Vladimir Murzin; +Cc: linux-arm-kernel, keescook, dave.martin, catalin.marinas
On Fri, Mar 12, 2021 at 05:38:11PM +0000, Vladimir Murzin wrote:
> With EPAN supported it might be handy to user know that PROT_EXEC
> gives execute-only permission, so advertise it via HWCAPS2_EXECONLY
>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
> ---
> arch/arm64/include/asm/hwcap.h | 1 +
> arch/arm64/include/asm/sysreg.h | 1 +
> arch/arm64/include/uapi/asm/hwcap.h | 1 +
> arch/arm64/kernel/cpufeature.c | 3 +++
> arch/arm64/kernel/cpuinfo.c | 1 +
> 5 files changed, 7 insertions(+)
I still don't see the need for this patch. Can we avoid merging it until
somebody has a use for it, please?
Will
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN
2021-03-12 17:38 ` [PATCH v4 1/2] arm64: Support execute-only permissions with " Vladimir Murzin
@ 2021-03-25 19:06 ` Will Deacon
2021-03-26 11:04 ` Catalin Marinas
2021-03-30 8:47 ` Geert Uytterhoeven
2 siblings, 0 replies; 12+ messages in thread
From: Will Deacon @ 2021-03-25 19:06 UTC (permalink / raw)
To: Vladimir Murzin; +Cc: linux-arm-kernel, keescook, dave.martin, catalin.marinas
On Fri, Mar 12, 2021 at 05:38:10PM +0000, Vladimir Murzin wrote:
> Enhanced Privileged Access Never (EPAN) allows Privileged Access Never
> to be used with Execute-only mappings.
>
> Absence of such support was a reason for 24cecc377463 ("arm64: Revert
> support for execute-only user mappings"). Thus now it can be revisited
> and re-enabled.
>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
> ---
> arch/arm64/Kconfig | 17 +++++++++++++++
> arch/arm64/include/asm/cpucaps.h | 3 ++-
> arch/arm64/include/asm/pgtable-prot.h | 5 +++--
> arch/arm64/include/asm/pgtable.h | 31 ++++++++++++++++++++-------
> arch/arm64/include/asm/sysreg.h | 3 ++-
> arch/arm64/kernel/cpufeature.c | 12 +++++++++++
> arch/arm64/mm/fault.c | 18 +++++++++++++++-
> mm/mmap.c | 6 ++++++
> 8 files changed, 82 insertions(+), 13 deletions(-)
Acked-by: Will Deacon <will@kernel.org>
Will
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v4 2/2] arm64: Introduce HWCAPS2_EXECONLY
2021-03-25 19:00 ` Will Deacon
@ 2021-03-26 9:35 ` Catalin Marinas
2021-03-29 8:53 ` Will Deacon
0 siblings, 1 reply; 12+ messages in thread
From: Catalin Marinas @ 2021-03-26 9:35 UTC (permalink / raw)
To: Will Deacon; +Cc: Vladimir Murzin, linux-arm-kernel, keescook, dave.martin
On Thu, Mar 25, 2021 at 07:00:00PM +0000, Will Deacon wrote:
> On Fri, Mar 12, 2021 at 05:38:11PM +0000, Vladimir Murzin wrote:
> > With EPAN supported it might be handy to user know that PROT_EXEC
> > gives execute-only permission, so advertise it via HWCAPS2_EXECONLY
> >
> > Cc: Kees Cook <keescook@chromium.org>
> > Cc: Catalin Marinas <catalin.marinas@arm.com>
> > Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
> > ---
> > arch/arm64/include/asm/hwcap.h | 1 +
> > arch/arm64/include/asm/sysreg.h | 1 +
> > arch/arm64/include/uapi/asm/hwcap.h | 1 +
> > arch/arm64/kernel/cpufeature.c | 3 +++
> > arch/arm64/kernel/cpuinfo.c | 1 +
> > 5 files changed, 7 insertions(+)
>
> I still don't see the need for this patch. Can we avoid merging it until
> somebody has a use for it, please?
It's more about telling user-space that the feature is present though we
didn't do this last time we had exec-only permissions either. I was
hoping we can do better this time. OTOH, probably no-one will check for
this HWCAP anyway, so let's wait until someone asks for it.
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN
2021-03-12 17:38 ` [PATCH v4 1/2] arm64: Support execute-only permissions with " Vladimir Murzin
2021-03-25 19:06 ` Will Deacon
@ 2021-03-26 11:04 ` Catalin Marinas
2021-03-30 8:47 ` Geert Uytterhoeven
2 siblings, 0 replies; 12+ messages in thread
From: Catalin Marinas @ 2021-03-26 11:04 UTC (permalink / raw)
To: Vladimir Murzin; +Cc: linux-arm-kernel, keescook, dave.martin, will
On Fri, Mar 12, 2021 at 05:38:10PM +0000, Vladimir Murzin wrote:
> @@ -992,6 +995,18 @@ static inline bool arch_wants_old_prefaulted_pte(void)
> }
> #define arch_wants_old_prefaulted_pte arch_wants_old_prefaulted_pte
>
> +static inline pgprot_t arch_filter_pgprot(pgprot_t prot)
> +{
> + if (cpus_have_const_cap(ARM64_HAS_EPAN))
> + return prot;
> +
> + if (pgprot_val(prot) != pgprot_val(PAGE_EXECONLY))
> + return prot;
> +
> + return PAGE_READONLY_EXEC;
> +}
Just a thought: we could allow exec-only permissions if
!system_uses_hw_pan(), though not sure it's worth it. We'd have 8.0 CPUs
with exec-only then a gap up to 8.7 when we add it back in (since most
kernels will turn PAN on).
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: (subset) [PATCH v4 0/2] arm64: Support Enhanced PAN
2021-03-12 17:38 [PATCH v4 0/2] arm64: Support Enhanced PAN Vladimir Murzin
2021-03-12 17:38 ` [PATCH v4 1/2] arm64: Support execute-only permissions with " Vladimir Murzin
2021-03-12 17:38 ` [PATCH v4 2/2] arm64: Introduce HWCAPS2_EXECONLY Vladimir Murzin
@ 2021-03-26 11:05 ` Catalin Marinas
2 siblings, 0 replies; 12+ messages in thread
From: Catalin Marinas @ 2021-03-26 11:05 UTC (permalink / raw)
To: Vladimir Murzin, linux-arm-kernel; +Cc: Will Deacon, dave.martin, keescook
On Fri, 12 Mar 2021 17:38:09 +0000, Vladimir Murzin wrote:
> ARM architecture gains support of Enhanced Privileged Access Never
> (EPAN) which allows Privileged Access Never to be used with
> Execute-only mappings.
>
> As a consequence 24cecc377463 ("arm64: Revert support for execute-only
> user mappings") can be revisited and re-enabled.
>
> [...]
Applied to arm64 (for-next/epan), thanks!
[1/2] arm64: Support execute-only permissions with Enhanced PAN
https://git.kernel.org/arm64/c/18107f8a2df6
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v4 2/2] arm64: Introduce HWCAPS2_EXECONLY
2021-03-26 9:35 ` Catalin Marinas
@ 2021-03-29 8:53 ` Will Deacon
0 siblings, 0 replies; 12+ messages in thread
From: Will Deacon @ 2021-03-29 8:53 UTC (permalink / raw)
To: Catalin Marinas; +Cc: Vladimir Murzin, linux-arm-kernel, keescook, dave.martin
On Fri, Mar 26, 2021 at 09:35:53AM +0000, Catalin Marinas wrote:
> On Thu, Mar 25, 2021 at 07:00:00PM +0000, Will Deacon wrote:
> > On Fri, Mar 12, 2021 at 05:38:11PM +0000, Vladimir Murzin wrote:
> > > With EPAN supported it might be handy to user know that PROT_EXEC
> > > gives execute-only permission, so advertise it via HWCAPS2_EXECONLY
> > >
> > > Cc: Kees Cook <keescook@chromium.org>
> > > Cc: Catalin Marinas <catalin.marinas@arm.com>
> > > Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
> > > ---
> > > arch/arm64/include/asm/hwcap.h | 1 +
> > > arch/arm64/include/asm/sysreg.h | 1 +
> > > arch/arm64/include/uapi/asm/hwcap.h | 1 +
> > > arch/arm64/kernel/cpufeature.c | 3 +++
> > > arch/arm64/kernel/cpuinfo.c | 1 +
> > > 5 files changed, 7 insertions(+)
> >
> > I still don't see the need for this patch. Can we avoid merging it until
> > somebody has a use for it, please?
>
> It's more about telling user-space that the feature is present though we
> didn't do this last time we had exec-only permissions either. I was
> hoping we can do better this time. OTOH, probably no-one will check for
> this HWCAP anyway, so let's wait until someone asks for it.
Yes, that's what I mean by "somebody has a use for it" -- I don't understand
what userspace would do with this and it's certainly not using it now.
Will
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN
2021-03-12 17:38 ` [PATCH v4 1/2] arm64: Support execute-only permissions with " Vladimir Murzin
2021-03-25 19:06 ` Will Deacon
2021-03-26 11:04 ` Catalin Marinas
@ 2021-03-30 8:47 ` Geert Uytterhoeven
2021-03-30 9:30 ` Catalin Marinas
2 siblings, 1 reply; 12+ messages in thread
From: Geert Uytterhoeven @ 2021-03-30 8:47 UTC (permalink / raw)
To: Vladimir Murzin
Cc: Linux ARM, Kees Cook, Dave Martin, Catalin Marinas, Will Deacon
Hi Vladimir,
On Fri, Mar 12, 2021 at 6:47 PM Vladimir Murzin <vladimir.murzin@arm.com> wrote:
> Enhanced Privileged Access Never (EPAN) allows Privileged Access Never
> to be used with Execute-only mappings.
>
> Absence of such support was a reason for 24cecc377463 ("arm64: Revert
> support for execute-only user mappings"). Thus now it can be revisited
> and re-enabled.
>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
Thanks for your patch, which is now commit 18107f8a2df6bf1c ("arm64:
Support execute-only permissions with Enhanced PAN") in arm64/for-next.
> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1060,6 +1060,9 @@ config ARCH_WANT_HUGE_PMD_SHARE
> config ARCH_HAS_CACHE_LINE_SIZE
> def_bool y
>
> +config ARCH_HAS_FILTER_PGPROT
> + def_bool y
> +
> config ARCH_ENABLE_SPLIT_PMD_PTLOCK
> def_bool y if PGTABLE_LEVELS > 2
>
> @@ -1683,6 +1686,20 @@ config ARM64_MTE
>
> endmenu
>
> +menu "ARMv8.7 architectural features"
> +
> +config ARM64_EPAN
> + bool "Enable support for Enhanced Privileged Access Never (EPAN)"
> + default y
> + depends on ARM64_PAN
> + help
> + Enhanced Privileged Access Never (EPAN) allows Privileged
> + Access Never to be used with Execute-only mappings.
Does EPAN require more hardware support than PAN, which is part of the
ARMv8.1 Extensions according to the help text for ARM64_PAN?
If yes, it is a good idea to document that here, so people know if it
makes sense to enable this option for their hardware.
Thanks!
> +
> + The feature is detected at runtime, and will remain disabled
> + if the cpu does not implement the feature.
> +endmenu
> +
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN
2021-03-30 8:47 ` Geert Uytterhoeven
@ 2021-03-30 9:30 ` Catalin Marinas
2021-03-30 9:34 ` Geert Uytterhoeven
0 siblings, 1 reply; 12+ messages in thread
From: Catalin Marinas @ 2021-03-30 9:30 UTC (permalink / raw)
To: Geert Uytterhoeven
Cc: Vladimir Murzin, Linux ARM, Kees Cook, Dave Martin, Will Deacon
On Tue, Mar 30, 2021 at 10:47:31AM +0200, Geert Uytterhoeven wrote:
> On Fri, Mar 12, 2021 at 6:47 PM Vladimir Murzin <vladimir.murzin@arm.com> wrote:
> > Enhanced Privileged Access Never (EPAN) allows Privileged Access Never
> > to be used with Execute-only mappings.
> >
> > Absence of such support was a reason for 24cecc377463 ("arm64: Revert
> > support for execute-only user mappings"). Thus now it can be revisited
> > and re-enabled.
> >
> > Cc: Kees Cook <keescook@chromium.org>
> > Cc: Catalin Marinas <catalin.marinas@arm.com>
> > Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
>
> Thanks for your patch, which is now commit 18107f8a2df6bf1c ("arm64:
> Support execute-only permissions with Enhanced PAN") in arm64/for-next.
>
> > --- a/arch/arm64/Kconfig
> > +++ b/arch/arm64/Kconfig
> > @@ -1060,6 +1060,9 @@ config ARCH_WANT_HUGE_PMD_SHARE
> > config ARCH_HAS_CACHE_LINE_SIZE
> > def_bool y
> >
> > +config ARCH_HAS_FILTER_PGPROT
> > + def_bool y
> > +
> > config ARCH_ENABLE_SPLIT_PMD_PTLOCK
> > def_bool y if PGTABLE_LEVELS > 2
> >
> > @@ -1683,6 +1686,20 @@ config ARM64_MTE
> >
> > endmenu
> >
> > +menu "ARMv8.7 architectural features"
> > +
> > +config ARM64_EPAN
> > + bool "Enable support for Enhanced Privileged Access Never (EPAN)"
> > + default y
> > + depends on ARM64_PAN
> > + help
> > + Enhanced Privileged Access Never (EPAN) allows Privileged
> > + Access Never to be used with Execute-only mappings.
>
> Does EPAN require more hardware support than PAN, which is part of the
> ARMv8.1 Extensions according to the help text for ARM64_PAN?
> If yes, it is a good idea to document that here, so people know if it
> makes sense to enable this option for their hardware.
The ARM64_EPAN option is under the "ARMv8.7 architectural features" as
it's a new CPU feature (same as PAN but also works on exec-only user
mappings). We could expand this text a bit to include ARMv8.7 as we do
for ARM64_PAN, if that's what you meant.
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN
2021-03-30 9:30 ` Catalin Marinas
@ 2021-03-30 9:34 ` Geert Uytterhoeven
0 siblings, 0 replies; 12+ messages in thread
From: Geert Uytterhoeven @ 2021-03-30 9:34 UTC (permalink / raw)
To: Catalin Marinas
Cc: Vladimir Murzin, Linux ARM, Kees Cook, Dave Martin, Will Deacon
Hi Catalin,
On Tue, Mar 30, 2021 at 11:30 AM Catalin Marinas
<catalin.marinas@arm.com> wrote:
> On Tue, Mar 30, 2021 at 10:47:31AM +0200, Geert Uytterhoeven wrote:
> > On Fri, Mar 12, 2021 at 6:47 PM Vladimir Murzin <vladimir.murzin@arm.com> wrote:
> > > Enhanced Privileged Access Never (EPAN) allows Privileged Access Never
> > > to be used with Execute-only mappings.
> > >
> > > Absence of such support was a reason for 24cecc377463 ("arm64: Revert
> > > support for execute-only user mappings"). Thus now it can be revisited
> > > and re-enabled.
> > >
> > > Cc: Kees Cook <keescook@chromium.org>
> > > Cc: Catalin Marinas <catalin.marinas@arm.com>
> > > Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
> >
> > Thanks for your patch, which is now commit 18107f8a2df6bf1c ("arm64:
> > Support execute-only permissions with Enhanced PAN") in arm64/for-next.
> >
> > > --- a/arch/arm64/Kconfig
> > > +++ b/arch/arm64/Kconfig
> > > @@ -1060,6 +1060,9 @@ config ARCH_WANT_HUGE_PMD_SHARE
> > > config ARCH_HAS_CACHE_LINE_SIZE
> > > def_bool y
> > >
> > > +config ARCH_HAS_FILTER_PGPROT
> > > + def_bool y
> > > +
> > > config ARCH_ENABLE_SPLIT_PMD_PTLOCK
> > > def_bool y if PGTABLE_LEVELS > 2
> > >
> > > @@ -1683,6 +1686,20 @@ config ARM64_MTE
> > >
> > > endmenu
> > >
> > > +menu "ARMv8.7 architectural features"
> > > +
> > > +config ARM64_EPAN
> > > + bool "Enable support for Enhanced Privileged Access Never (EPAN)"
> > > + default y
> > > + depends on ARM64_PAN
> > > + help
> > > + Enhanced Privileged Access Never (EPAN) allows Privileged
> > > + Access Never to be used with Execute-only mappings.
> >
> > Does EPAN require more hardware support than PAN, which is part of the
> > ARMv8.1 Extensions according to the help text for ARM64_PAN?
> > If yes, it is a good idea to document that here, so people know if it
> > makes sense to enable this option for their hardware.
>
> The ARM64_EPAN option is under the "ARMv8.7 architectural features" as
> it's a new CPU feature (same as PAN but also works on exec-only user
> mappings). We could expand this text a bit to include ARMv8.7 as we do
> for ARM64_PAN, if that's what you meant.
Thank you, I completely missed that menu header when running "make
oldconfig".
Sorry for the noise.
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2021-03-30 9:37 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-12 17:38 [PATCH v4 0/2] arm64: Support Enhanced PAN Vladimir Murzin
2021-03-12 17:38 ` [PATCH v4 1/2] arm64: Support execute-only permissions with " Vladimir Murzin
2021-03-25 19:06 ` Will Deacon
2021-03-26 11:04 ` Catalin Marinas
2021-03-30 8:47 ` Geert Uytterhoeven
2021-03-30 9:30 ` Catalin Marinas
2021-03-30 9:34 ` Geert Uytterhoeven
2021-03-12 17:38 ` [PATCH v4 2/2] arm64: Introduce HWCAPS2_EXECONLY Vladimir Murzin
2021-03-25 19:00 ` Will Deacon
2021-03-26 9:35 ` Catalin Marinas
2021-03-29 8:53 ` Will Deacon
2021-03-26 11:05 ` (subset) [PATCH v4 0/2] arm64: Support Enhanced PAN Catalin Marinas
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).