From: Catalin Marinas <catalin.marinas@arm.com>
To: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
Cc: David Hildenbrand <david@redhat.com>,
linux-mm@kvack.org, Jason Gunthorpe <jgg@nvidia.com>,
akpm@linux-foundation.org, linuxppc-dev@lists.ozlabs.org
Subject: Re: get_user_pages() and EXEC_ONLY mapping.
Date: Fri, 10 Nov 2023 17:17:51 +0000 [thread overview]
Message-ID: <ZU5lv6mcl4AsN279@arm.com> (raw)
In-Reply-To: <87bkc1oe8c.fsf@linux.ibm.com>
On Fri, Nov 10, 2023 at 08:19:23PM +0530, Aneesh Kumar K.V wrote:
> Some architectures can now support EXEC_ONLY mappings and I am wondering
> what get_user_pages() on those addresses should return. Earlier
> PROT_EXEC implied PROT_READ and pte_access_permitted() returned true for
> that. But arm64 does have this explicit comment that says
>
> /*
> * p??_access_permitted() is true for valid user mappings (PTE_USER
> * bit set, subject to the write permission check). For execute-only
> * mappings, like PROT_EXEC with EPAN (both PTE_USER and PTE_UXN bits
> * not set) must return false. PROT_NONE mappings do not have the
> * PTE_VALID bit set.
> */
>
> Is that correct? We should be able to get struct page for PROT_EXEC
> mappings?
I don't remember why we ended up with this briefly looking at the code,
pte_access_permitted() is only used on the fast GUP path. On the slow
path, there is a check_vma_flags() call which returns -EFAULT if the vma
is not readable. So the pte_access_permitted() on the fast path matches
the semantics of the slow path.
If one wants the page structure, FOLL_FORCE ignores the read check (on
the slow path), though I think it still fails if VM_MAYREAD is not set.
Unless you have a real use-case where this is not sufficient, I'd leave
the behaviour as is on arm64 (and maybe update other architectures that
support exec-only to do the same).
--
Catalin
WARNING: multiple messages have this Message-ID (diff)
From: Catalin Marinas <catalin.marinas@arm.com>
To: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>,
David Hildenbrand <david@redhat.com>,
akpm@linux-foundation.org,
Christophe Leroy <christophe.leroy@csgroup.eu>,
linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org
Subject: Re: get_user_pages() and EXEC_ONLY mapping.
Date: Fri, 10 Nov 2023 17:17:51 +0000 [thread overview]
Message-ID: <ZU5lv6mcl4AsN279@arm.com> (raw)
In-Reply-To: <87bkc1oe8c.fsf@linux.ibm.com>
On Fri, Nov 10, 2023 at 08:19:23PM +0530, Aneesh Kumar K.V wrote:
> Some architectures can now support EXEC_ONLY mappings and I am wondering
> what get_user_pages() on those addresses should return. Earlier
> PROT_EXEC implied PROT_READ and pte_access_permitted() returned true for
> that. But arm64 does have this explicit comment that says
>
> /*
> * p??_access_permitted() is true for valid user mappings (PTE_USER
> * bit set, subject to the write permission check). For execute-only
> * mappings, like PROT_EXEC with EPAN (both PTE_USER and PTE_UXN bits
> * not set) must return false. PROT_NONE mappings do not have the
> * PTE_VALID bit set.
> */
>
> Is that correct? We should be able to get struct page for PROT_EXEC
> mappings?
I don't remember why we ended up with this briefly looking at the code,
pte_access_permitted() is only used on the fast GUP path. On the slow
path, there is a check_vma_flags() call which returns -EFAULT if the vma
is not readable. So the pte_access_permitted() on the fast path matches
the semantics of the slow path.
If one wants the page structure, FOLL_FORCE ignores the read check (on
the slow path), though I think it still fails if VM_MAYREAD is not set.
Unless you have a real use-case where this is not sufficient, I'd leave
the behaviour as is on arm64 (and maybe update other architectures that
support exec-only to do the same).
--
Catalin
next prev parent reply other threads:[~2023-11-10 17:18 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-10 14:49 get_user_pages() and EXEC_ONLY mapping Aneesh Kumar K.V
2023-11-10 14:53 ` Jason Gunthorpe
2023-11-10 14:53 ` Jason Gunthorpe
2023-11-10 14:57 ` Aneesh Kumar K V
2023-11-10 15:06 ` Jason Gunthorpe
2023-11-10 15:06 ` Jason Gunthorpe
2023-11-10 17:17 ` Catalin Marinas [this message]
2023-11-10 17:17 ` Catalin Marinas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZU5lv6mcl4AsN279@arm.com \
--to=catalin.marinas@arm.com \
--cc=akpm@linux-foundation.org \
--cc=aneesh.kumar@linux.ibm.com \
--cc=david@redhat.com \
--cc=jgg@nvidia.com \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.