Message ID | 20230731-arm64-gcs-v3-11-cddf9f980d98@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | arm64/gcs: Provide support for GCS in userspace | expand |
On Mon, Jul 31, 2023 at 02:43:20PM +0100, Mark Brown wrote: > Map pages flagged as being part of a GCS as such rather than using the > full set of generic VM flags. > > This is done using a conditional rather than extending the size of > protection_map since that would make for a very sparse array. > > Signed-off-by: Mark Brown <broonie@kernel.org> > --- > arch/arm64/mm/mmap.c | 17 ++++++++++++++++- > 1 file changed, 16 insertions(+), 1 deletion(-) > > diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c > index 8f5b7ce857ed..e2ca770920ed 100644 > --- a/arch/arm64/mm/mmap.c > +++ b/arch/arm64/mm/mmap.c > @@ -79,8 +79,23 @@ arch_initcall(adjust_protection_map); > > pgprot_t vm_get_page_prot(unsigned long vm_flags) > { > - pteval_t prot = pgprot_val(protection_map[vm_flags & > + pteval_t prot; > + > + /* > + * If this is a GCS then only interpret VM_WRITE. > + * > + * TODO: Just make protection_map[] bigger? Nothing seems > + * ideal here. > + */ I think extending protection_map and updating adjust_protection_map() is cleaner and probably faster. > + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { > + if (vm_flags & VM_WRITE) > + prot = _PAGE_GCS; > + else > + prot = _PAGE_GCS_RO; > + } else { > + prot = pgprot_val(protection_map[vm_flags & > (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); > + } > > if (vm_flags & VM_ARM64_BTI) > prot |= PTE_GP; > > -- > 2.30.2 > >
On Tue, Aug 01, 2023 at 08:02:31PM +0300, Mike Rapoport wrote: > On Mon, Jul 31, 2023 at 02:43:20PM +0100, Mark Brown wrote: > > { > > - pteval_t prot = pgprot_val(protection_map[vm_flags & > > + pteval_t prot; > > + > > + /* > > + * If this is a GCS then only interpret VM_WRITE. > > + * > > + * TODO: Just make protection_map[] bigger? Nothing seems > > + * ideal here. > > + */ > I think extending protection_map and updating adjust_protection_map() is > cleaner and probably faster. That was my initial thought but then I immediately started second guessing myself about review comments. Hopefully Will or Catalin will weigh in.
diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 8f5b7ce857ed..e2ca770920ed 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,8 +79,23 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* + * If this is a GCS then only interpret VM_WRITE. + * + * TODO: Just make protection_map[] bigger? Nothing seems + * ideal here. + */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP;
Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Signed-off-by: Mark Brown <broonie@kernel.org> --- arch/arm64/mm/mmap.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-)