From: Catalin Marinas <catalin.marinas@arm.com>
To: "David Hildenbrand (Arm)" <david@kernel.org>
Cc: linux-arm-kernel@lists.infradead.org,
Mark Brown <broonie@kernel.org>, Will Deacon <will@kernel.org>,
Emanuele Rocca <emanuele.rocca@arm.com>,
Mark Rutland <mark.rutland@arm.com>
Subject: Re: [PATCH 1/3] arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled
Date: Fri, 20 Feb 2026 16:45:11 +0000 [thread overview]
Message-ID: <aZiPl4fQUuU00uJl@arm.com> (raw)
In-Reply-To: <42e1608b-5a01-4f9c-992f-a1d3a3e54f99@kernel.org>
On Fri, Feb 20, 2026 at 04:56:26PM +0100, David Hildenbrand wrote:
> On 2/20/26 15:05, Catalin Marinas wrote:
> > When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace the
> > shareability attribute with bits 50-51 of the output address. The
> > _PAGE_GCS{,_RO} definitions include the PTE_SHARED bits as 0b11 and they
> > match the other user _PAGE_* prot macros.
>
> I assume that comes from _PAGE_DEFAULT -> _PROT_DEFAULT
Yes.
> > However, the difference is
> > that all the classic prot values are accessed via protection_map[] and
> > have the PTE_SHARED bits removed when LPA2 is enabled.
> >
> > Ensure that PAGE_GCS{,RO} use the dynamic PTE_MAYBE_SHARED instead of
> > the static PTE_SHARED.
>
> I expected here a quick description of the symptom: "Leaving PTE_SHARED set
> results in kernel panics." etc. :)
Ah, yes, I forgot to give the details of the fault - a lot worse with
THP, unhandled page fault, or bad page warning with small pages. I'll
respin with some better comment.
> > diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
> > index 161e8660eddd..a65f2c50e9ca 100644
> > --- a/arch/arm64/include/asm/pgtable-prot.h
> > +++ b/arch/arm64/include/asm/pgtable-prot.h
> > @@ -164,8 +164,8 @@ static inline bool __pure lpa2_is_enabled(void)
> > #define _PAGE_GCS (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_WRITE | PTE_USER)
> > #define _PAGE_GCS_RO (_PAGE_DEFAULT | PTE_NG | PTE_UXN | PTE_USER)
> > -#define PAGE_GCS __pgprot(_PAGE_GCS)
> > -#define PAGE_GCS_RO __pgprot(_PAGE_GCS_RO)
> > +#define PAGE_GCS __pgprot((_PAGE_GCS & ~PTE_SHARED) | PTE_MAYBE_SHARED)
> > +#define PAGE_GCS_RO __pgprot((_PAGE_GCS_RO & ~PTE_SHARED) | PTE_MAYBE_SHARED)
> > #define PIE_E0 ( \
> > PIRx_ELx_PERM_PREP(pte_pi_index(_PAGE_GCS), PIE_GCS) | \
> > diff --git a/arch/arm64/mm/mmap.c b/arch/arm64/mm/mmap.c
> > index 08ee177432c2..2e404441063b 100644
> > --- a/arch/arm64/mm/mmap.c
> > +++ b/arch/arm64/mm/mmap.c
> > @@ -87,7 +87,7 @@ pgprot_t vm_get_page_prot(vm_flags_t vm_flags)
> > /* Short circuit GCS to avoid bloating the table. */
> > if (system_supports_gcs() && (vm_flags & VM_SHADOW_STACK)) {
> > - prot = _PAGE_GCS_RO;
> > + prot = pgprot_val(PAGE_GCS_RO);
> > } else {
> > prot = pgprot_val(protection_map[vm_flags &
> > (VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]);
>
> The only confusion I have is why we don't update _PAGE_GCS/_PAGE_GCS_RO,
> consequently leaving PTE_SHARED set for the other users of
> _PAGE_GCS/_PAGE_GCS_RO in arch/arm64/include/asm/pgtable-prot.h.
>
> Staring at pte_pi_index() (and the definitions of PTE_PI_IDX_0), I assume it
> doesn't matter.
>
> Just curious why we don't fixup _PAGE_GCS / _PAGE_GCS_RO instead.
_PAGE_GCS needs to be constant as it ends up in asm, so we can't add
the dynamic PTE_MAYBE_SHARED. There are other ways to solve this but it
is somewhat more consistent with the other _PAGE_* definitions which all
have PTE_SHARED.
Well, that's for a quick fix that can be easily backported. We could
overhaul these macros to make them clearer.
--
Catalin
next prev parent reply other threads:[~2026-02-20 16:45 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-20 14:05 [PATCH 0/3] arm64: Assorted GCS fixes Catalin Marinas
2026-02-20 14:05 ` [PATCH 1/3] arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled Catalin Marinas
2026-02-20 15:56 ` David Hildenbrand (Arm)
2026-02-20 16:45 ` Catalin Marinas [this message]
2026-02-20 16:47 ` Catalin Marinas
2026-02-20 14:05 ` [PATCH 2/3] arm64: gcs: Allow PAGE_NONE mappings for NUMA balancing Catalin Marinas
2026-02-20 16:16 ` David Hildenbrand (Arm)
2026-02-20 19:52 ` Catalin Marinas
2026-02-20 14:05 ` [PATCH 3/3] arm64: gcs: Do not map the guarded control stack as THP Catalin Marinas
2026-02-20 14:34 ` Mark Brown
2026-02-20 15:13 ` Catalin Marinas
2026-02-20 16:17 ` Mark Brown
2026-02-20 15:33 ` David Hildenbrand (Arm)
2026-02-20 15:36 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aZiPl4fQUuU00uJl@arm.com \
--to=catalin.marinas@arm.com \
--cc=broonie@kernel.org \
--cc=david@kernel.org \
--cc=emanuele.rocca@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.