On Fri, Nov 24, 2023 at 04:35:02PM +0000, Joey Gouly wrote: > Set the EL0/userspace indirection encodings to be the overlay enabled > variants of the permissions. > > Signed-off-by: Joey Gouly <joey.gouly@xxxxxxx> > Cc: Catalin Marinas <catalin.marinas@xxxxxxx> > Cc: Will Deacon <will@xxxxxxxxxx> > --- > arch/arm64/include/asm/pgtable-prot.h | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h > index e9624f6326dd..3007208e04aa 100644 > --- a/arch/arm64/include/asm/pgtable-prot.h > +++ b/arch/arm64/include/asm/pgtable-prot.h > @@ -137,10 +137,10 @@ extern bool arm64_use_ng_mappings; > > #define PIE_E0 ( \ > PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_X_O) | \ > - PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX) | \ > - PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX) | \ > - PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY), PIE_R) | \ > - PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW)) > + PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY_EXEC), PIE_RX_O) | \ > + PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED_EXEC), PIE_RWX_O) | \ > + PIRx_ELx_PERM(pte_pi_index(_PAGE_READONLY), PIE_R_O) | \ > + PIRx_ELx_PERM(pte_pi_index(_PAGE_SHARED), PIE_RW_O)) > > #define PIE_E1 ( \ > PIRx_ELx_PERM(pte_pi_index(_PAGE_EXECONLY), PIE_NONE_O) | \ Don't we need to do this for PIE_E1? Or we consider the futex (LDXR/STXR) accesses not checked by POE? That's fine by me if we go this route but we should document it. The alternative is to enable overlay variants in PIE_E1 but we need to reserve a POE key for the kernel to use. -- Catalin
