diff options
| author | Hsieh-Tseng Shen <woodrow.shen@sifive.com> | 2023-04-25 18:28:28 +0800 |
|---|---|---|
| committer | Palmer Dabbelt <palmer@rivosinc.com> | 2023-06-07 07:13:25 -0700 |
| commit | 6569fc12e442ea973d96db39e542aa19a7bc3a79 (patch) | |
| tree | b5ed8da61d4d5a08fd6aac4abc24575d643ec21a /arch/riscv/mm/init.c | |
| parent | 6966d7988c4fb6af3e395868e9800c07f9e98a30 (diff) | |
riscv: mm: Ensure prot of VM_WRITE and VM_EXEC must be readable
Commit 8aeb7b17f04e ("RISC-V: Make mmap() with PROT_WRITE imply PROT_READ")
allows riscv to use mmap with PROT_WRITE only, and meanwhile mmap with w+x
is also permitted. However, when userspace tries to access this page with
PROT_WRITE|PROT_EXEC, which causes infinite loop at load page fault as
well as it triggers soft lockup. According to riscv privileged spec,
"Writable pages must also be marked readable". The fix to drop the
`PAGE_COPY_READ_EXEC` and then `PAGE_COPY_EXEC` would be just used instead.
This aligns the other arches (i.e arm64) for protection_map.
Fixes: 8aeb7b17f04e ("RISC-V: Make mmap() with PROT_WRITE imply PROT_READ")
Signed-off-by: Hsieh-Tseng Shen <woodrow.shen@sifive.com>
Reviewed-by: Alexandre Ghiti <alexghiti@rivosinc.com>
Link: https://lore.kernel.org/r/20230425102828.1616812-1-woodrow.shen@sifive.com
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Diffstat (limited to 'arch/riscv/mm/init.c')
| -rw-r--r-- | arch/riscv/mm/init.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/arch/riscv/mm/init.c b/arch/riscv/mm/init.c index c6bb966e4123..0fe75c9713f8 100644 --- a/arch/riscv/mm/init.c +++ b/arch/riscv/mm/init.c @@ -293,7 +293,7 @@ static const pgprot_t protection_map[16] = { [VM_EXEC] = PAGE_EXEC, [VM_EXEC | VM_READ] = PAGE_READ_EXEC, [VM_EXEC | VM_WRITE] = PAGE_COPY_EXEC, - [VM_EXEC | VM_WRITE | VM_READ] = PAGE_COPY_READ_EXEC, + [VM_EXEC | VM_WRITE | VM_READ] = PAGE_COPY_EXEC, [VM_SHARED] = PAGE_NONE, [VM_SHARED | VM_READ] = PAGE_READ, [VM_SHARED | VM_WRITE] = PAGE_SHARED, |