get_user_pages() and EXEC_ONLY mapping.
Catalin Marinas
catalin.marinas at arm.com
Sat Nov 11 04:17:51 AEDT 2023
On Fri, Nov 10, 2023 at 08:19:23PM +0530, Aneesh Kumar K.V wrote:
> Some architectures can now support EXEC_ONLY mappings and I am wondering
> what get_user_pages() on those addresses should return. Earlier
> PROT_EXEC implied PROT_READ and pte_access_permitted() returned true for
> that. But arm64 does have this explicit comment that says
>
> /*
> * p??_access_permitted() is true for valid user mappings (PTE_USER
> * bit set, subject to the write permission check). For execute-only
> * mappings, like PROT_EXEC with EPAN (both PTE_USER and PTE_UXN bits
> * not set) must return false. PROT_NONE mappings do not have the
> * PTE_VALID bit set.
> */
>
> Is that correct? We should be able to get struct page for PROT_EXEC
> mappings?
I don't remember why we ended up with this briefly looking at the code,
pte_access_permitted() is only used on the fast GUP path. On the slow
path, there is a check_vma_flags() call which returns -EFAULT if the vma
is not readable. So the pte_access_permitted() on the fast path matches
the semantics of the slow path.
If one wants the page structure, FOLL_FORCE ignores the read check (on
the slow path), though I think it still fails if VM_MAYREAD is not set.
Unless you have a real use-case where this is not sufficient, I'd leave
the behaviour as is on arm64 (and maybe update other architectures that
support exec-only to do the same).
--
Catalin
More information about the Linuxppc-dev
mailing list