On 03/10/19 23:23, Rick Edgecombe wrote: > + > + protection_map[4] = PAGE_EXECONLY; > + protection_map[12] = PAGE_EXECONLY; Can you add #defines for the bits in protection_map? Also perhaps you can replace the p_xo/p_xr/s_xo/s_xr checks with just with "if (pgtable_kvmxo_enabled()". Paolo > + /* Prefer non-pkey XO capability if available, to save a pkey */ > + > + if (flags & MAP_PRIVATE && (p_xo != p_xr)) > + return 0; > + > + if (flags & MAP_SHARED && (s_xo != s_xr)) > + return 0; > > + pkey = execute_only_pkey(current->mm); > + if (pkey < 0)
