On Mon, Aug 07, 2023 at 11:00:16PM +0100, Mark Brown wrote:
diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c index 8f5b7ce857ed..8f40198cd44e 100644 --- a/arch/arm64/mm/mmap.c +++ b/arch/arm64/mm/mmap.c @@ -79,8 +79,18 @@ arch_initcall(adjust_protection_map); pgprot_t vm_get_page_prot(unsigned long vm_flags) {
- pteval_t prot = pgprot_val(protection_map[vm_flags &
- pteval_t prot;
- /* If this is a GCS then only interpret VM_WRITE. */
- if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) {
if (vm_flags & VM_WRITE)prot = _PAGE_GCS;elseprot = _PAGE_GCS_RO;- } else {
prot = pgprot_val(protection_map[vm_flags & (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]);- }
if (vm_flags & VM_ARM64_BTI) prot |= PTE_GP;
Some combinations here don't make sense like GCS + exec or BTI. I think the code above (correctly) ignores exec but it still sets PTE_GP if BTI (the architecture may allow this but you can't execute from the GCS page anyway).
I haven't checked the x86 patches to see when VM_SHADOW_STACK is set but if there's no additional check at a higher level, we should add something to arch_validate_flags(), assuming it's called on those paths.