Re: [PATCH v2 29/37] powerpc/nohash: Replace pte_user() by pte_read()

[PATCH v2 00/37] Implement execute-only protection on powerpc · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 01/37] powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 02/37] powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 11/37] powerpc/nohash: Replace #ifdef CONFIG_44x by IS_ENABLED(CONFIG_44x) in pgtable.h · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 05/37] powerpc: Deduplicate prototypes of ptep_set_access_flags() and phys_mem_access_prot() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 12/37] powerpc/nohash: Refactor pte_update() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 17/37] powerpc/nohash: Deduplicate ptep_set_wrprotect() and ptep_get_and_clear() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 14/37] powerpc/nohash: Deduplicate _PAGE_CHG_MASK · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 15/37] powerpc/nohash: Deduplicate pte helpers · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 16/37] powerpc/nohash: Refactor ptep_test_and_clear_young() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 18/37] powerpc/nohash: Refactor pte_clear() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 13/37] powerpc/nohash: Refactor checking of no-change in pte_update() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 08/37] powerpc/nohash: Remove {pte/pmd}_protnone() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 09/37] powerpc/nohash: Refactor declaration of {map/unmap}_kernel_page() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 03/37] powerpc/40x: Remove stale PTE_ATOMIC_UPDATES macro · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 07/37] powerpc: Untangle fixmap.h and pgtable.h and mmu.h · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 21/37] powerpc: Implement and use pgprot_nx() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 20/37] powerpc/e500: Simplify pte_mkexec() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 10/37] powerpc/nohash: Move 8xx version of pte_update() into pte-8xx.h · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 06/37] powerpc: Refactor update_mmu_cache_range() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 19/37] powerpc/nohash: Refactor __ptep_set_access_flags() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 04/37] powerpc: Remove pte_ERROR() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 34/37] powerpc/32s: Introduce _PAGE_READ and remove _PAGE_USER · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 24/37] powerpc: Rely on address instead of pte_user() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 22/37] powerpc: Fail ioremap() instead of silently ignoring flags when PAGE_USER is set · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 29/37] powerpc/nohash: Replace pte_user() by pte_read() · Christophe Leroy <hidden> · 2023-09-25
Re: [PATCH v2 29/37] powerpc/nohash: Replace pte_user() by pte_read() · Aneesh Kumar K.V <hidden> · 2023-10-31
Re: [PATCH v2 29/37] powerpc/nohash: Replace pte_user() by pte_read() · Christophe Leroy <hidden> · 2023-11-06
Re: [PATCH v2 29/37] powerpc/nohash: Replace pte_user() by pte_read() · Aneesh Kumar K.V <hidden> · 2023-11-07
Re: [PATCH v2 29/37] powerpc/nohash: Replace pte_user() by pte_read() · Christophe Leroy <hidden> · 2023-11-09
Re: [PATCH v2 29/37] powerpc/nohash: Replace pte_user() by pte_read() · Aneesh Kumar K.V <hidden> · 2023-11-13
Re: [PATCH v2 29/37] powerpc/nohash: Replace pte_user() by pte_read() · Christophe Leroy <hidden> · 2023-11-23
[PATCH v2 35/37] powerpc/ptdump: Display _PAGE_READ and _PAGE_WRITE · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 36/37] powerpc: Finally remove _PAGE_USER · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 26/37] powerpc/8xx: Use generic permission masks · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 32/37] powerpc/40x: Introduce _PAGE_READ and remove _PAGE_USER · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 23/37] powerpc: Remove pte_mkuser() and pte_mkpriviledged() · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 31/37] powerpc/44x: Introduce _PAGE_READ and remove _PAGE_USER · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 28/37] powerpc/nohash: Add _PAGE_WRITE to supplement _PAGE_RW · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 30/37] powerpc/e500: Introduce _PAGE_READ and remove _PAGE_USER · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 33/37] powerpc/32s: Add _PAGE_WRITE to supplement _PAGE_RW · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 25/37] powerpc: Refactor permission masks used for __P/__S table and kernel memory flags · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 27/37] powerpc/64s: Use generic permission masks · Christophe Leroy <hidden> · 2023-09-25
[PATCH v2 37/37] powerpc: Support execute-only on all powerpc · Christophe Leroy <hidden> · 2023-09-25
Re: [PATCH v2 37/37] powerpc: Support execute-only on all powerpc · Aneesh Kumar K.V <hidden> · 2023-11-02
Re: [PATCH v2 37/37] powerpc: Support execute-only on all powerpc · Christophe Leroy <hidden> · 2023-11-06
Re: [PATCH v2 37/37] powerpc: Support execute-only on all powerpc · Aneesh Kumar K V <hidden> · 2023-11-07
Re: [PATCH v2 37/37] powerpc: Support execute-only on all powerpc · Christophe Leroy <hidden> · 2023-11-09
Re: (subset) [PATCH v2 00/37] Implement execute-only protection on powerpc · Michael Ellerman <mpe@ellerman.id.au> · 2023-10-15
Re: (subset) [PATCH v2 00/37] Implement execute-only protection on powerpc · Michael Ellerman <mpe@ellerman.id.au> · 2023-10-27

From: Aneesh Kumar K.V <hidden>
Date: 2023-11-13 10:24:03
Also in: lkml

Christophe Leroy [off-list ref] writes:

Le 07/11/2023 à 14:34, Aneesh Kumar K.V a écrit :

quoted

Christophe Leroy [off-list ref] writes:

quoted

Le 31/10/2023 à 11:15, Aneesh Kumar K.V a écrit :

quoted

Christophe Leroy [off-list ref] writes:

....

quoted


We are adding the pte flags check not the map addr check there. Something like this?

Well, ok, but then why do we want to do that check for ioremap() and not 
for everything else ? vmap() for instance will not perform any such 
check. All it does is to clear the EXEC bit.

As far as I can see, no other architecture does such a check, so why is 
it needed on powerpc at all ?

Regardless, comments below.

Looking at ioremap_prot() I am not clear whether we can really use the
flag value argument as is. For ex: x86 does 

pgprot2cachemode(__pgprot(prot_val))

I see that we use ioremap_prot() for generic_access_phys() and with
/dev/mem and __access_remote_vm() we can get called with a user pte
mapping prot flags? 

If such an prot value can be observed then the original change to clear
EXEC and mark it privileged is required?

	/* we don't want to let _PAGE_USER and _PAGE_EXEC leak out */
	pte = pte_exprotect(pte);
	pte = pte_mkprivileged(pte);


We already handle exec in pgprot_nx() and we need add back
pte_mkprivileged()? 


-aneesh

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help