From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7B8E1C433DB for ; Tue, 30 Mar 2021 09:37:39 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DC3BC61606 for ; Tue, 30 Mar 2021 09:37:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DC3BC61606 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-m68k.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:Cc:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=0NycrNuLsVpwQZLm4GjeeZd//r7l3g1S7bEFeKwX9HI=; b=K4R9GwHXigjyfezCSnnggIV8r NSSlFP0lN7OeVVxMFSQhE6EpkXq1p5nVN7YeShCAGUpkWQ5jXYXSbfFC3KOPyUWZz6coaqcpYnnpm yX3AOj70Y/2d3BtvIIPC4QCge0s20533/mKhdYhIrRVQTNaNdaTuFU00KKM3D9eRB9V8tM0oyXDWg bWRVfKQDsR9g5Etx4WUXRks06hl1xm5dzp4bXNYmkFhJILvi5DlKRpgkgVsWuotCfVxMerU6T8AaU G/pcdnnsmS5CokTBvmDOLcxpbvTSshWNNiRi3al+32TlHQSLK4FKD759ZIkbysQ2s4kerBr0UuNoe ANSiWBMWg==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lRAmb-003Ee9-Bs; Tue, 30 Mar 2021 09:35:33 +0000 Received: from mail-vk1-f176.google.com ([209.85.221.176]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lRAlv-003EUG-Jd for linux-arm-kernel@lists.infradead.org; Tue, 30 Mar 2021 09:34:54 +0000 Received: by mail-vk1-f176.google.com with SMTP id j15so3417628vkc.1 for ; Tue, 30 Mar 2021 02:34:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fX1Q9rRfxLP6CD98EUvnNgEaxgmHZeq0op7kCUXvcUA=; b=oAyi29W9PW2GCYka+/8+3/4nzOR1O8VnFuveGtNHV/QhZGqhIKeTca7yttAcoICs5F x+Dd/J+0N07Btdl9rE66VbO98Gr6qUSHjIPdFytGERgcCNOKIx0uGvEFRst6p0Idr7wm ntnDWk9ocXU11B4s5uJkErj7IierP33D0iRUhRQ1NC0h5Vx+7fwqSuVNIypZci1gn62y q0NNXfQiEmKBjQIVutKgPg88mE5eYzjBIHYbXVEXVPNUnvR/IeoGnbNHoro/RU6u751C Im4dQNIecF4sVEb8RU4WCmL3oKs3aLgHhSVDOAdPEgxQNgiep+pC5G2xC8wQgPN/9Dsb Dc7g== X-Gm-Message-State: AOAM530WvOcweOJKiaU6NSAJSotV+g5q7SkmKhulN4YABfKk/j6i2SPP rsvO5oiks6EZjAnbisuAL5dJbZHgydNMtqdj3NM= X-Google-Smtp-Source: ABdhPJwqDMp3VCsWipCE4AGoJjoOTe1j5f1KcQLS9WvGeG7zVQAt0E1WMvW911l+TGTUk368xmS3iI2xxz+C5E/0nZw= X-Received: by 2002:a1f:2502:: with SMTP id l2mr16873014vkl.5.1617096890510; Tue, 30 Mar 2021 02:34:50 -0700 (PDT) MIME-Version: 1.0 References: <20210312173811.58284-1-vladimir.murzin@arm.com> <20210312173811.58284-2-vladimir.murzin@arm.com> <20210330093009.GB18075@arm.com> In-Reply-To: <20210330093009.GB18075@arm.com> From: Geert Uytterhoeven Date: Tue, 30 Mar 2021 11:34:39 +0200 Message-ID: Subject: Re: [PATCH v4 1/2] arm64: Support execute-only permissions with Enhanced PAN To: Catalin Marinas Cc: Vladimir Murzin , Linux ARM , Kees Cook , Dave Martin , Will Deacon X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210330_103452_191212_6F0C4F8A X-CRM114-Status: GOOD ( 33.37 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Hi Catalin, On Tue, Mar 30, 2021 at 11:30 AM Catalin Marinas wrote: > On Tue, Mar 30, 2021 at 10:47:31AM +0200, Geert Uytterhoeven wrote: > > On Fri, Mar 12, 2021 at 6:47 PM Vladimir Murzin wrote: > > > Enhanced Privileged Access Never (EPAN) allows Privileged Access Never > > > to be used with Execute-only mappings. > > > > > > Absence of such support was a reason for 24cecc377463 ("arm64: Revert > > > support for execute-only user mappings"). Thus now it can be revisited > > > and re-enabled. > > > > > > Cc: Kees Cook > > > Cc: Catalin Marinas > > > Signed-off-by: Vladimir Murzin > > > > Thanks for your patch, which is now commit 18107f8a2df6bf1c ("arm64: > > Support execute-only permissions with Enhanced PAN") in arm64/for-next. > > > > > --- a/arch/arm64/Kconfig > > > +++ b/arch/arm64/Kconfig > > > @@ -1060,6 +1060,9 @@ config ARCH_WANT_HUGE_PMD_SHARE > > > config ARCH_HAS_CACHE_LINE_SIZE > > > def_bool y > > > > > > +config ARCH_HAS_FILTER_PGPROT > > > + def_bool y > > > + > > > config ARCH_ENABLE_SPLIT_PMD_PTLOCK > > > def_bool y if PGTABLE_LEVELS > 2 > > > > > > @@ -1683,6 +1686,20 @@ config ARM64_MTE > > > > > > endmenu > > > > > > +menu "ARMv8.7 architectural features" > > > + > > > +config ARM64_EPAN > > > + bool "Enable support for Enhanced Privileged Access Never (EPAN)" > > > + default y > > > + depends on ARM64_PAN > > > + help > > > + Enhanced Privileged Access Never (EPAN) allows Privileged > > > + Access Never to be used with Execute-only mappings. > > > > Does EPAN require more hardware support than PAN, which is part of the > > ARMv8.1 Extensions according to the help text for ARM64_PAN? > > If yes, it is a good idea to document that here, so people know if it > > makes sense to enable this option for their hardware. > > The ARM64_EPAN option is under the "ARMv8.7 architectural features" as > it's a new CPU feature (same as PAN but also works on exec-only user > mappings). We could expand this text a bit to include ARMv8.7 as we do > for ARM64_PAN, if that's what you meant. Thank you, I completely missed that menu header when running "make oldconfig". Sorry for the noise. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel