From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 170B0C433DB for ; Tue, 30 Mar 2021 09:32:26 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6828A61874 for ; Tue, 30 Mar 2021 09:32:25 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 6828A61874 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Gn/0GKDpN9MlVjeXoZ7WpoIAJyoXSu8DnLxkQbew4mI=; b=DMEY8cMZkrbMlF+LXS3Zxt2Wl sjnsXVV3cxgspy8N+rQr0I13eW8y4XM/Yc1vqgDuNTpBcvy4m+y0cZTNfO3p6pNer6wOk5fa1dyfI Pez9KB662B136Sodg/o4s+g944CmWOiAOLc4+SGOSRv0Zt+qtr5PRLZTDy4jy4xIQQwz0TL34ls+A jh/j/SLJdICgrssGSml6jm9tLsiTb9yRKMbr0yddSyRD/Nghcir5WiJVz9qgW0OEU9+e6+W5m+1Lf zbcs/KtxpI9zEvRk6ugYc9nKkEggLb9w4tjthhR7IG+AloaFRW68AcwUDLuq/caKVRxaac4jPcrVg X6O23hNIg==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lRAhh-003DPP-3c; Tue, 30 Mar 2021 09:30:29 +0000 Received: from mail.kernel.org ([198.145.29.99]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lRAhX-003DKr-4K for linux-arm-kernel@lists.infradead.org; Tue, 30 Mar 2021 09:30:22 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id 23EF561990; Tue, 30 Mar 2021 09:30:13 +0000 (UTC) Date: Tue, 30 Mar 2021 10:30:11 +0100 From: Catalin Marinas To: Geert Uytterhoeven Cc: Vladimir Murzin , Linux ARM , Kees Cook , Dave Martin , Will Deacon Subject: Re: [PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN Message-ID: <20210330093009.GB18075@arm.com> References: <20210312173811.58284-1-vladimir.murzin@arm.com> <20210312173811.58284-2-vladimir.murzin@arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210330_103020_167734_E20F8243 X-CRM114-Status: GOOD ( 19.81 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Mar 30, 2021 at 10:47:31AM +0200, Geert Uytterhoeven wrote: > On Fri, Mar 12, 2021 at 6:47 PM Vladimir Murzin wrote: > > Enhanced Privileged Access Never (EPAN) allows Privileged Access Never > > to be used with Execute-only mappings. > > > > Absence of such support was a reason for 24cecc377463 ("arm64: Revert > > support for execute-only user mappings"). Thus now it can be revisited > > and re-enabled. > > > > Cc: Kees Cook > > Cc: Catalin Marinas > > Signed-off-by: Vladimir Murzin > > Thanks for your patch, which is now commit 18107f8a2df6bf1c ("arm64: > Support execute-only permissions with Enhanced PAN") in arm64/for-next. > > > --- a/arch/arm64/Kconfig > > +++ b/arch/arm64/Kconfig > > @@ -1060,6 +1060,9 @@ config ARCH_WANT_HUGE_PMD_SHARE > > config ARCH_HAS_CACHE_LINE_SIZE > > def_bool y > > > > +config ARCH_HAS_FILTER_PGPROT > > + def_bool y > > + > > config ARCH_ENABLE_SPLIT_PMD_PTLOCK > > def_bool y if PGTABLE_LEVELS > 2 > > > > @@ -1683,6 +1686,20 @@ config ARM64_MTE > > > > endmenu > > > > +menu "ARMv8.7 architectural features" > > + > > +config ARM64_EPAN > > + bool "Enable support for Enhanced Privileged Access Never (EPAN)" > > + default y > > + depends on ARM64_PAN > > + help > > + Enhanced Privileged Access Never (EPAN) allows Privileged > > + Access Never to be used with Execute-only mappings. > > Does EPAN require more hardware support than PAN, which is part of the > ARMv8.1 Extensions according to the help text for ARM64_PAN? > If yes, it is a good idea to document that here, so people know if it > makes sense to enable this option for their hardware. The ARM64_EPAN option is under the "ARMv8.7 architectural features" as it's a new CPU feature (same as PAN but also works on exec-only user mappings). We could expand this text a bit to include ARMv8.7 as we do for ARM64_PAN, if that's what you meant. -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel