From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=+/G9=I4=lists.infradead.org=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,
	INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6F813C433DB
	for <linux-arm-kernel@archiver.kernel.org>; Tue, 30 Mar 2021 08:49:20 +0000 (UTC)
Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id E21B961935
	for <linux-arm-kernel@archiver.kernel.org>; Tue, 30 Mar 2021 08:49:19 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org E21B961935
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-m68k.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding
	:Content-Type:List-Subscribe:List-Help:List-Post:List-Archive:
	List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To:
	References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner;
	 bh=p1DexAxXLU/U+hxPe++Hxk1LtZtYT2PqDJimOE9fKe0=; b=NRW/l4au7X4pEp+8mQ6CW+riS
	0JGxwhIpKHGe8fncg6Ke60KwSbqCLwFPH8P8+lIowTDloX6RgRiEPK2nIxRUJ2wlR/depTDOKc75E
	tKxtn5tqJVIAuIaOs7HRCKigcPbdLFGcAgGqebx5BO0X/hMNW+S0eyD1gb4ztnHRLnZHtDj6EQZai
	CBp1qGzDsv/oIW1FLjanPAMUa5RO2c5In/OnKQfWApC8WZQJIf1XQcnUuDh2XZAHr23MzlBoKlCDe
	yLy4znU4C4o/7OIZIpQxOMu1PTPgBJ8kSx9Yw/wp3Po3eS/foMdibvn2W7wJx6w9Ds9RTl6rVvVTn
	13Eoui6rQ==;
Received: from localhost ([::1] helo=desiato.infradead.org)
	by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux))
	id 1lRA2Q-0035FV-67; Tue, 30 Mar 2021 08:47:50 +0000
Received: from mail-vs1-f50.google.com ([209.85.217.50])
 by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux))
 id 1lRA2K-0035EZ-2Y
 for linux-arm-kernel@lists.infradead.org; Tue, 30 Mar 2021 08:47:45 +0000
Received: by mail-vs1-f50.google.com with SMTP id a15so7757175vsi.0
 for <linux-arm-kernel@lists.infradead.org>;
 Tue, 30 Mar 2021 01:47:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=sxUH3IjCnMtE13f5BNtq/hjr1gesYuX/E5GZMUz0yds=;
 b=N6OoPFsg2WrZYPhPgcUaA6msMAhKZWGm9kH6ZeHtfTsMFvo9fytrES69kfJ0bM5gmr
 0ct9IYRolst+iYgD4uYCtnqArn5x4cP/mXSWGLBomLS2eye+vc9Fx7Laby3eEv4nLhTo
 SIsdjsWh6NWmC2MU/0LqNLEufyPqUV1znAL/vs+YZyrmOuEXosonHAwPVtb2TbuC7Ja5
 SjAFOK3l48xDBrqqPpzE9bSqAYTNm4p2hSnsPD5woq5Ub9A6JilzLkQKeZ+RFrwpXqEI
 r0jiD7SGYIc3yuEZ/NiSMIm2upRQExsELr74b4fAPq2lZlm6lOSqf/GU+Anr4rdllZEf
 jp6w==
X-Gm-Message-State: AOAM5328Up8jRofLbkjiqRB0rtga2ChxKbnjhl0xTk0xQqT+iqd29nok
 XTrg7nB4l48T4sU+f98rTPPdR7lKmZgo4H1vD8ngT+6Vmac=
X-Google-Smtp-Source: ABdhPJwyDgXefZhQiDJpSFUZTRYEdTAHiPHnDPrtg5qKXF/kBFrkU7MoHWoBWgOVh0uBHnM1qAYOVWHSped6pZ465rI=
X-Received: by 2002:a67:efd0:: with SMTP id s16mr17396017vsp.3.1617094062980; 
 Tue, 30 Mar 2021 01:47:42 -0700 (PDT)
MIME-Version: 1.0
References: <20210312173811.58284-1-vladimir.murzin@arm.com>
 <20210312173811.58284-2-vladimir.murzin@arm.com>
In-Reply-To: <20210312173811.58284-2-vladimir.murzin@arm.com>
From: Geert Uytterhoeven <geert@linux-m68k.org>
Date: Tue, 30 Mar 2021 10:47:31 +0200
Message-ID: <CAMuHMdUotkG0ACt0YGQ4ab37KG97Fd25frKy742vFU8ba+pcnA@mail.gmail.com>
Subject: Re: [PATCH v4 1/2] arm64: Support execute-only permissions with
 Enhanced PAN
To: Vladimir Murzin <vladimir.murzin@arm.com>
Cc: Linux ARM <linux-arm-kernel@lists.infradead.org>,
 Kees Cook <keescook@chromium.org>, 
 Dave Martin <dave.martin@arm.com>, Catalin Marinas <catalin.marinas@arm.com>, 
 Will Deacon <will@kernel.org>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20210330_094744_188175_9F5F0864 
X-CRM114-Status: GOOD (  24.84  )
X-BeenThere: linux-arm-kernel@lists.infradead.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: <linux-arm-kernel.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/linux-arm-kernel/>
List-Post: <mailto:linux-arm-kernel@lists.infradead.org>
List-Help: <mailto:linux-arm-kernel-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/linux-arm-kernel>, 
 <mailto:linux-arm-kernel-request@lists.infradead.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "linux-arm-kernel" <linux-arm-kernel-bounces@lists.infradead.org>
Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org

Hi Vladimir,

On Fri, Mar 12, 2021 at 6:47 PM Vladimir Murzin <vladimir.murzin@arm.com> wrote:
> Enhanced Privileged Access Never (EPAN) allows Privileged Access Never
> to be used with Execute-only mappings.
>
> Absence of such support was a reason for 24cecc377463 ("arm64: Revert
> support for execute-only user mappings"). Thus now it can be revisited
> and re-enabled.
>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: Catalin Marinas <catalin.marinas@arm.com>
> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>

Thanks for your patch, which is now commit 18107f8a2df6bf1c ("arm64:
Support execute-only permissions with Enhanced PAN") in arm64/for-next.

> --- a/arch/arm64/Kconfig
> +++ b/arch/arm64/Kconfig
> @@ -1060,6 +1060,9 @@ config ARCH_WANT_HUGE_PMD_SHARE
>  config ARCH_HAS_CACHE_LINE_SIZE
>         def_bool y
>
> +config ARCH_HAS_FILTER_PGPROT
> +       def_bool y
> +
>  config ARCH_ENABLE_SPLIT_PMD_PTLOCK
>         def_bool y if PGTABLE_LEVELS > 2
>
> @@ -1683,6 +1686,20 @@ config ARM64_MTE
>
>  endmenu
>
> +menu "ARMv8.7 architectural features"
> +
> +config ARM64_EPAN
> +       bool "Enable support for Enhanced Privileged Access Never (EPAN)"
> +       default y
> +       depends on ARM64_PAN
> +       help
> +        Enhanced Privileged Access Never (EPAN) allows Privileged
> +        Access Never to be used with Execute-only mappings.

Does EPAN require more hardware support than PAN, which is part of the
ARMv8.1 Extensions according to the help text for ARM64_PAN?
If yes, it is a good idea to document that here, so people know if it
makes sense to enable this option for their hardware.

Thanks!

> +
> +        The feature is detected at runtime, and will remain disabled
> +        if the cpu does not implement the feature.
> +endmenu
> +

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel