arm64: Support execute-only permissions with Enhanced PAN Enhanced Privileged Access Never (EPAN) allows Privileged Access Never to be used with Execute-only mappings. Absence of such support was a reason for 24cecc377463 ("arm64: Revert support for execute-only user mappings"). Thus now it can be revisited and re-enabled. Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com> Acked-by: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20210312173811.58284-2-vladimir.murzin@arm.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

commit: 18107f8a2df6bf1c6cac8d0713f757f866d5af51 [log] [tgz]
author: Vladimir Murzin <vladimir.murzin@arm.com> Fri Mar 12 17:38:10 2021 +0000
committer: Catalin Marinas <catalin.marinas@arm.com> Fri Mar 26 09:37:23 2021 +0000
tree: 0411230b8d6c259233a6aadcd0c0aaf261b86c2a
parent: 1e28eed17697bcf343c6743f0028cc3b5dd88bf0 [diff] [blame]
diff --git a/mm/mmap.c b/mm/mmap.c
index 3f28759..1d96a21 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c

@@ -93,6 +93,12 @@ static void unmap_region(struct mm_struct *mm,
  * MAP_PRIVATE	r: (no) no	r: (yes) yes	r: (no) yes	r: (no) yes
  *		w: (no) no	w: (no) no	w: (copy) copy	w: (no) no
  *		x: (no) no	x: (no) yes	x: (no) yes	x: (yes) yes
+ *
+ * On arm64, PROT_EXEC has the following behaviour for both MAP_SHARED and
+ * MAP_PRIVATE (with Enhanced PAN supported):
+ *								r: (no) no
+ *								w: (no) no
+ *								x: (yes) yes
  */
 pgprot_t protection_map[16] __ro_after_init = {
 	__P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111,
commit	18107f8a2df6bf1c6cac8d0713f757f866d5af51	[log] [tgz]
author	Vladimir Murzin <vladimir.murzin@arm.com>	Fri Mar 12 17:38:10 2021 +0000
committer	Catalin Marinas <catalin.marinas@arm.com>	Fri Mar 26 09:37:23 2021 +0000
tree	0411230b8d6c259233a6aadcd0c0aaf261b86c2a
parent	1e28eed17697bcf343c6743f0028cc3b5dd88bf0 [diff] [blame]