diff options
author | Vladimir Murzin <vladimir.murzin@arm.com> | 2021-03-12 18:38:10 +0100 |
---|---|---|
committer | Catalin Marinas <catalin.marinas@arm.com> | 2021-03-26 10:37:23 +0100 |
commit | 18107f8a2df6bf1c6cac8d0713f757f866d5af51 (patch) | |
tree | 0411230b8d6c259233a6aadcd0c0aaf261b86c2a /arch/arm64/Kconfig | |
parent | Linux 5.12-rc3 (diff) | |
download | linux-18107f8a2df6bf1c6cac8d0713f757f866d5af51.tar.xz linux-18107f8a2df6bf1c6cac8d0713f757f866d5af51.zip |
arm64: Support execute-only permissions with Enhanced PAN
Enhanced Privileged Access Never (EPAN) allows Privileged Access Never
to be used with Execute-only mappings.
Absence of such support was a reason for 24cecc377463 ("arm64: Revert
support for execute-only user mappings"). Thus now it can be revisited
and re-enabled.
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20210312173811.58284-2-vladimir.murzin@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Diffstat (limited to 'arch/arm64/Kconfig')
-rw-r--r-- | arch/arm64/Kconfig | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 5656e7aacd69..c4d7bafcea87 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -1058,6 +1058,9 @@ config SYS_SUPPORTS_HUGETLBFS config ARCH_HAS_CACHE_LINE_SIZE def_bool y +config ARCH_HAS_FILTER_PGPROT + def_bool y + config ARCH_ENABLE_SPLIT_PMD_PTLOCK def_bool y if PGTABLE_LEVELS > 2 @@ -1681,6 +1684,20 @@ config ARM64_MTE endmenu +menu "ARMv8.7 architectural features" + +config ARM64_EPAN + bool "Enable support for Enhanced Privileged Access Never (EPAN)" + default y + depends on ARM64_PAN + help + Enhanced Privileged Access Never (EPAN) allows Privileged + Access Never to be used with Execute-only mappings. + + The feature is detected at runtime, and will remain disabled + if the cpu does not implement the feature. +endmenu + config ARM64_SVE bool "ARM Scalable Vector Extension support" default y |