| Message ID | 20210312173811.58284-3-vladimir.murzin@arm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | arm64: Support Enhanced PAN | expand |
On Fri, Mar 12, 2021 at 05:38:11PM +0000, Vladimir Murzin wrote: > With EPAN supported it might be handy to user know that PROT_EXEC > gives execute-only permission, so advertise it via HWCAPS2_EXECONLY > > Cc: Kees Cook <keescook@chromium.org> > Cc: Catalin Marinas <catalin.marinas@arm.com> > Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com> > --- > arch/arm64/include/asm/hwcap.h | 1 + > arch/arm64/include/asm/sysreg.h | 1 + > arch/arm64/include/uapi/asm/hwcap.h | 1 + > arch/arm64/kernel/cpufeature.c | 3 +++ > arch/arm64/kernel/cpuinfo.c | 1 + > 5 files changed, 7 insertions(+) I still don't see the need for this patch. Can we avoid merging it until somebody has a use for it, please? Will
On Thu, Mar 25, 2021 at 07:00:00PM +0000, Will Deacon wrote: > On Fri, Mar 12, 2021 at 05:38:11PM +0000, Vladimir Murzin wrote: > > With EPAN supported it might be handy to user know that PROT_EXEC > > gives execute-only permission, so advertise it via HWCAPS2_EXECONLY > > > > Cc: Kees Cook <keescook@chromium.org> > > Cc: Catalin Marinas <catalin.marinas@arm.com> > > Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com> > > --- > > arch/arm64/include/asm/hwcap.h | 1 + > > arch/arm64/include/asm/sysreg.h | 1 + > > arch/arm64/include/uapi/asm/hwcap.h | 1 + > > arch/arm64/kernel/cpufeature.c | 3 +++ > > arch/arm64/kernel/cpuinfo.c | 1 + > > 5 files changed, 7 insertions(+) > > I still don't see the need for this patch. Can we avoid merging it until > somebody has a use for it, please? It's more about telling user-space that the feature is present though we didn't do this last time we had exec-only permissions either. I was hoping we can do better this time. OTOH, probably no-one will check for this HWCAP anyway, so let's wait until someone asks for it.
On Fri, Mar 26, 2021 at 09:35:53AM +0000, Catalin Marinas wrote: > On Thu, Mar 25, 2021 at 07:00:00PM +0000, Will Deacon wrote: > > On Fri, Mar 12, 2021 at 05:38:11PM +0000, Vladimir Murzin wrote: > > > With EPAN supported it might be handy to user know that PROT_EXEC > > > gives execute-only permission, so advertise it via HWCAPS2_EXECONLY > > > > > > Cc: Kees Cook <keescook@chromium.org> > > > Cc: Catalin Marinas <catalin.marinas@arm.com> > > > Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com> > > > --- > > > arch/arm64/include/asm/hwcap.h | 1 + > > > arch/arm64/include/asm/sysreg.h | 1 + > > > arch/arm64/include/uapi/asm/hwcap.h | 1 + > > > arch/arm64/kernel/cpufeature.c | 3 +++ > > > arch/arm64/kernel/cpuinfo.c | 1 + > > > 5 files changed, 7 insertions(+) > > > > I still don't see the need for this patch. Can we avoid merging it until > > somebody has a use for it, please? > > It's more about telling user-space that the feature is present though we > didn't do this last time we had exec-only permissions either. I was > hoping we can do better this time. OTOH, probably no-one will check for > this HWCAP anyway, so let's wait until someone asks for it. Yes, that's what I mean by "somebody has a use for it" -- I don't understand what userspace would do with this and it's certainly not using it now. Will
diff --git a/arch/arm64/include/asm/hwcap.h b/arch/arm64/include/asm/hwcap.h index 9a5498c2c8ee..5ee5bce79233 100644 --- a/arch/arm64/include/asm/hwcap.h +++ b/arch/arm64/include/asm/hwcap.h @@ -105,6 +105,7 @@ #define KERNEL_HWCAP_RNG __khwcap2_feature(RNG) #define KERNEL_HWCAP_BTI __khwcap2_feature(BTI) #define KERNEL_HWCAP_MTE __khwcap2_feature(MTE) +#define KERNEL_HWCAP_EXECONLY __khwcap2_feature(EXECONLY) /* * This yields a mask that user programs can use to figure out what diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h index 817cb3dbcb79..7421139dc44f 100644 --- a/arch/arm64/include/asm/sysreg.h +++ b/arch/arm64/include/asm/sysreg.h @@ -817,6 +817,7 @@ #define ID_AA64MMFR1_VMIDBITS_8 0 #define ID_AA64MMFR1_VMIDBITS_16 2 +#define ID_AA64MMFR1_EPAN 3 /* id_aa64mmfr2 */ #define ID_AA64MMFR2_E0PD_SHIFT 60 diff --git a/arch/arm64/include/uapi/asm/hwcap.h b/arch/arm64/include/uapi/asm/hwcap.h index b8f41aa234ee..61471f47db32 100644 --- a/arch/arm64/include/uapi/asm/hwcap.h +++ b/arch/arm64/include/uapi/asm/hwcap.h @@ -75,5 +75,6 @@ #define HWCAP2_RNG (1 << 16) #define HWCAP2_BTI (1 << 17) #define HWCAP2_MTE (1 << 18) +#define HWCAP2_EXECONLY (1 << 19) #endif /* _UAPI__ASM_HWCAP_H */ diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index 2ab04967dca7..a49bccb80873 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2332,6 +2332,9 @@ static const struct arm64_cpu_capabilities arm64_elf_hwcaps[] = { #ifdef CONFIG_ARM64_MTE HWCAP_CAP(SYS_ID_AA64PFR1_EL1, ID_AA64PFR1_MTE_SHIFT, FTR_UNSIGNED, ID_AA64PFR1_MTE, CAP_HWCAP, KERNEL_HWCAP_MTE), #endif /* CONFIG_ARM64_MTE */ +#ifdef CONFIG_ARM64_EPAN + HWCAP_CAP(SYS_ID_AA64MMFR1_EL1, ID_AA64MMFR1_PAN_SHIFT, FTR_UNSIGNED, ID_AA64MMFR1_EPAN, CAP_HWCAP, KERNEL_HWCAP_EXECONLY), +#endif {}, }; diff --git a/arch/arm64/kernel/cpuinfo.c b/arch/arm64/kernel/cpuinfo.c index 77605aec25fe..34c98d984fe3 100644 --- a/arch/arm64/kernel/cpuinfo.c +++ b/arch/arm64/kernel/cpuinfo.c @@ -94,6 +94,7 @@ static const char *const hwcap_str[] = { [KERNEL_HWCAP_RNG] = "rng", [KERNEL_HWCAP_BTI] = "bti", [KERNEL_HWCAP_MTE] = "mte", + [KERNEL_HWCAP_EXECONLY] = "xo", }; #ifdef CONFIG_COMPAT
With EPAN supported it might be handy to user know that PROT_EXEC gives execute-only permission, so advertise it via HWCAPS2_EXECONLY Cc: Kees Cook <keescook@chromium.org> Cc: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com> --- arch/arm64/include/asm/hwcap.h | 1 + arch/arm64/include/asm/sysreg.h | 1 + arch/arm64/include/uapi/asm/hwcap.h | 1 + arch/arm64/kernel/cpufeature.c | 3 +++ arch/arm64/kernel/cpuinfo.c | 1 + 5 files changed, 7 insertions(+)