On Thu, Aug 22, 2024 at 02:15:17AM +0100, Mark Brown wrote: > diff --git a/arch/arm64/include/asm/mman.h b/arch/arm64/include/asm/mman.h > index c21849ffdd88..37dfd2882f04 100644 > --- a/arch/arm64/include/asm/mman.h > +++ b/arch/arm64/include/asm/mman.h > @@ -61,6 +61,15 @@ static inline bool arch_validate_flags(unsigned long vm_flags) > return false; > } > > + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { > + /* An executable GCS isn't a good idea. */ > + if (vm_flags & VM_EXEC) > + return false; Later we should look at clear VM_MAYEXEC in the core code (if the x86 folk agree). > + > + /* The memory management core should prevent this */ > + VM_WARN_ON(vm_flags & VM_SHARED); > + } > + > return true; > > } > diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c > index 642bdf908b22..3ed63fc8cd0a 100644 > --- a/arch/arm64/mm/mmap.c > +++ b/arch/arm64/mm/mmap.c > @@ -83,9 +83,17 @@ arch_initcall(adjust_protection_map); > > pgprot_t vm_get_page_prot(unsigned long vm_flags) > { > - pteval_t prot = pgprot_val(protection_map[vm_flags & > + pteval_t prot; > + > + /* Short circuit GCS to avoid bloating the table. */ > + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { > + prot = _PAGE_GCS_RO; > + } else { > + prot = pgprot_val(protection_map[vm_flags & > (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]); > + } > > + /* VM_ARM64_BTI on a GCS is rejected in arch_validate_flags() */ Not anymore. > if (vm_flags & VM_ARM64_BTI) > prot |= PTE_GP; Other than the comment above, it looks good. Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx>