On Mon, Jul 31, 2023 at 02:43:20PM +0100, Mark Brown wrote:
> Map pages flagged as being part of a GCS as such rather than using the
> full set of generic VM flags.
>
> This is done using a conditional rather than extending the size of
> protection_map since that would make for a very sparse array.
>
> Signed-off-by: Mark Brown <broonie@xxxxxxxxxx>
> ---
> arch/arm64/mm/mmap.c | 17 ++++++++++++++++-
> 1 file changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c
> index 8f5b7ce857ed..e2ca770920ed 100644
> --- a/arch/arm64/mm/mmap.c
> +++ b/arch/arm64/mm/mmap.c
> @@ -79,8 +79,23 @@ arch_initcall(adjust_protection_map);
>
> pgprot_t vm_get_page_prot(unsigned long vm_flags)
> {
> - pteval_t prot = pgprot_val(protection_map[vm_flags &
> + pteval_t prot;
> +
> + /*
> + * If this is a GCS then only interpret VM_WRITE.
> + *
> + * TODO: Just make protection_map[] bigger? Nothing seems
> + * ideal here.
> + */
I think extending protection_map and updating adjust_protection_map() is
cleaner and probably faster.
> + if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) {
> + if (vm_flags & VM_WRITE)
> + prot = _PAGE_GCS;
> + else
> + prot = _PAGE_GCS_RO;
> + } else {
> + prot = pgprot_val(protection_map[vm_flags &
> (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]);
> + }
>
> if (vm_flags & VM_ARM64_BTI)
> prot |= PTE_GP;
>
> --
> 2.30.2
>
>
--
Sincerely yours,
Mike.
