| Message ID | 1401987808-23596-2-git-send-email-a.motakis@virtualopensystems.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Thu, Jun 05, 2014 at 06:03:09PM +0100, Antonios Motakis wrote: > Exposing the XN flag of the SMMU driver as IOMMU_NOEXEC instead of > IOMMU_EXEC makes it enforceable, since for IOMMUs that don't support > the XN flag pages will always be executable. > > Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com> > --- > drivers/iommu/arm-smmu.c | 2 +- > include/linux/iommu.h | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c > index 647c3c7..d5a2200 100644 > --- a/drivers/iommu/arm-smmu.c > +++ b/drivers/iommu/arm-smmu.c > @@ -1294,7 +1294,7 @@ static int arm_smmu_alloc_init_pte(struct arm_smmu_device *smmu, pmd_t *pmd, > } > > /* If no access, create a faulting entry to avoid TLB fills */ > - if (prot & IOMMU_EXEC) > + if (!(prot & IOMMU_NOEXEC)) > pteval &= ~ARM_SMMU_PTE_XN; It's probably simpler to change the logic so that we initialise pteval without XN set, then set it if IOMMU_NOEXEC is set (rather than set it by default, then clear it if NOEXEC is not set). Will
diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c index 647c3c7..d5a2200 100644 --- a/drivers/iommu/arm-smmu.c +++ b/drivers/iommu/arm-smmu.c @@ -1294,7 +1294,7 @@ static int arm_smmu_alloc_init_pte(struct arm_smmu_device *smmu, pmd_t *pmd, } /* If no access, create a faulting entry to avoid TLB fills */ - if (prot & IOMMU_EXEC) + if (!(prot & IOMMU_NOEXEC)) pteval &= ~ARM_SMMU_PTE_XN; else if (!(prot & (IOMMU_READ | IOMMU_WRITE))) pteval &= ~ARM_SMMU_PTE_PAGE; diff --git a/include/linux/iommu.h b/include/linux/iommu.h index b96a5b2..fc464d2 100644 --- a/include/linux/iommu.h +++ b/include/linux/iommu.h @@ -27,7 +27,7 @@ #define IOMMU_READ (1 << 0) #define IOMMU_WRITE (1 << 1) #define IOMMU_CACHE (1 << 2) /* DMA cache coherency */ -#define IOMMU_EXEC (1 << 3) +#define IOMMU_NOEXEC (1 << 3) struct iommu_ops; struct iommu_group;
Exposing the XN flag of the SMMU driver as IOMMU_NOEXEC instead of IOMMU_EXEC makes it enforceable, since for IOMMUs that don't support the XN flag pages will always be executable. Signed-off-by: Antonios Motakis <a.motakis@virtualopensystems.com> --- drivers/iommu/arm-smmu.c | 2 +- include/linux/iommu.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)