• C
    arm64: Introduce execute-only page access permissions · bc07c2c6
    Catalin Marinas 提交于
    The ARMv8 architecture allows execute-only user permissions by clearing
    the PTE_UXN and PTE_USER bits. The kernel, however, can still access
    such page, so execute-only page permission does not protect against
    read(2)/write(2) etc. accesses. Systems requiring such protection must
    implement/enable features like SECCOMP.
    
    This patch changes the arm64 __P100 and __S100 protection_map[] macros
    to the new __PAGE_EXECONLY attributes. A side effect is that
    pte_valid_user() no longer triggers for __PAGE_EXECONLY since PTE_USER
    isn't set. To work around this, the check is done on the PTE_NG bit via
    the pte_valid_ng() macro. VM_READ is also checked now for page faults.
    Signed-off-by: NCatalin Marinas <catalin.marinas@arm.com>
    bc07c2c6
fault.c 14.9 KB