tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

arm64: gcs: Honour mprotect(PROT_NONE) on shadow stack mappings

vm_get_page_prot() short-circuits the protection_map[] lookup for a
VM_SHADOW_STACK mapping since it uses a different PIE index from the
typical read/write/exec permissions. However, the side effect is that it
also ignores mprotect(PROT_NONE) by creating an accessible PTE.

Special-case the !(vm_flags & VM_ACCESS_FLAGS) flags to use the
protection_map[VM_NONE] permissions instead. No GCS attributes are
required for an inaccessible PTE.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Fixes: 6497b66ba694 ("arm64/mm: Map pages for guarded control stack")
Cc: stable@vger.kernel.org
Cc: Mark Brown <broonie@kernel.org>
Cc: Will Deacon <will@kernel.org>
Cc: David Hildenbrand <david@kernel.org>
Reviewed-by: David Hildenbrand (Arm) <david@kernel.org>
Signed-off-by: Will Deacon <will@kernel.org>

authored by

Catalin Marinas and committed by
Will Deacon 47a8aad1 8a85b313

+5 -1
+5 -1
arch/arm64/mm/mmap.c
··· 91 91 92 92 /* Short circuit GCS to avoid bloating the table. */ 93 93 if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) { 94 - prot = gcs_page_prot; 94 + /* Honour mprotect(PROT_NONE) on shadow stack mappings */ 95 + if (vm_flags & VM_ACCESS_FLAGS) 96 + prot = gcs_page_prot; 97 + else 98 + prot = pgprot_val(protection_map[VM_NONE]); 95 99 } else { 96 100 prot = pgprot_val(protection_map[vm_flags & 97 101 (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]);