On Tue, Aug 20, 2024 at 04:28:21PM +0100, Mark Brown wrote:

On Tue, Aug 20, 2024 at 03:59:21PM +0100, Catalin Marinas wrote:

quoted

On Mon, Aug 19, 2024 at 05:33:24PM +0100, Mark Brown wrote:

quoted

On Mon, Aug 19, 2024 at 10:10:36AM +0100, Catalin Marinas wrote:

quoted

Is there any arch restriction with setting BTI and GCS? It doesn't make
sense but curious if it matters. We block the exec permission anyway
(unless the BTI pages moved to PIE as well, I don't remember).

quoted

quoted

As you say BTI should be meaningless for a non-executable page like GCS,
I'm not aware of any way in which it matters.  BTI is separate to PIE.

quoted

My thoughts were whether we can get rid of this hunk entirely by
handling it in the core code. We'd allow BTI if one wants such useless
combination but clear VM_MAYEXEC in the core code (and ignore VM_SHARED
since you can't set it anyway).

I have to admit that the BTI because I was shoving _EXEC in there rather
than because it specifically needed to be blocked.  So change the check
for VM_SHARED to a VM_WARN_ON(), and leave the _EXEC check for now
pending the above core change?

Yes, sounds good.

-- 
Catalin