Message ID | 20230807-arm64-gcs-v4-11-68cfa37f9069@kernel.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | arm64/gcs: Provide support for GCS in userspace | expand |
On Mon, Aug 07, 2023 at 11:00:16PM +0100, Mark Brown wrote: > diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c > index 8f5b7ce857ed..8f40198cd44e 100644 > --- a/arch/arm64/mm/mmap.c > +++ b/arch/arm64/mm/mmap.c > @@ -79,8 +79,18 @@ arch_initcall(adjust_protection_map); > > pgprot_t vm_get_page_prot(unsigned long vm_flags) > { > - pteval_t prot = pgprot_val(protection_map[vm_flags & > + pteval_t prot; > + > + /* If this is a GCS then only interpret VM_WRITE. */ > + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { > + if (vm_flags & VM_WRITE) > + prot = _PAGE_GCS; > + else > + prot = _PAGE_GCS_RO; > + } else { > + prot = pgprot_val(protection_map[vm_flags & > (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); > + } > > if (vm_flags & VM_ARM64_BTI) > prot |= PTE_GP; Some combinations here don't make sense like GCS + exec or BTI. I think the code above (correctly) ignores exec but it still sets PTE_GP if BTI (the architecture may allow this but you can't execute from the GCS page anyway). I haven't checked the x86 patches to see when VM_SHADOW_STACK is set but if there's no additional check at a higher level, we should add something to arch_validate_flags(), assuming it's called on those paths.
diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 8f5b7ce857ed..8f40198cd44e 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,8 +79,18 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) { - pteval_t prot = pgprot_val(protection_map[vm_flags & + pteval_t prot; + + /* If this is a GCS then only interpret VM_WRITE. */ + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { + if (vm_flags & VM_WRITE) + prot = _PAGE_GCS; + else + prot = _PAGE_GCS_RO; + } else { + prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); + } if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP;
Map pages flagged as being part of a GCS as such rather than using the full set of generic VM flags. This is done using a conditional rather than extending the size of protection_map since that would make for a very sparse array. Signed-off-by: Mark Brown <broonie@kernel.org> --- arch/arm64/mm/mmap.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-)