Highly privileged components, such as allocators, may require write
access to arbitrary data. To that end, introduce a kpkeys level that
grants write access to all kpkeys.
Signed-off-by: Kevin Brodsky <kevin.brod...@arm.com>
---
arch/arm64/include/asm/kpkeys.h | 4 +++-
include/linux/kpkeys.h | 3 ++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/include/asm/kpkeys.h b/arch/arm64/include/asm/kpkeys.h
index 3f16584d495a..ab2305ca24b7 100644
--- a/arch/arm64/include/asm/kpkeys.h
+++ b/arch/arm64/include/asm/kpkeys.h
@@ -19,7 +19,9 @@ static inline u64 por_set_kpkeys_level(u64 por, int level)
{
por = por_set_pkey_perms(por, KPKEYS_PKEY_DEFAULT, POE_RXW);
por = por_set_pkey_perms(por, KPKEYS_PKEY_PGTABLES,
- level == KPKEYS_LVL_PGTABLES ? POE_RW : POE_R);
+ level == KPKEYS_LVL_PGTABLES ||
+ level == KPKEYS_LVL_UNRESTRICTED
+ ? POE_RW : POE_R);
return por;
}
diff --git a/include/linux/kpkeys.h b/include/linux/kpkeys.h
index 645eaf00096c..9d9feec83ccf 100644
--- a/include/linux/kpkeys.h
+++ b/include/linux/kpkeys.h
@@ -10,9 +10,10 @@ struct folio;
#define KPKEYS_LVL_DEFAULT 0
#define KPKEYS_LVL_PGTABLES 1
+#define KPKEYS_LVL_UNRESTRICTED 2
#define KPKEYS_LVL_MIN KPKEYS_LVL_DEFAULT
-#define KPKEYS_LVL_MAX KPKEYS_LVL_PGTABLES
+#define KPKEYS_LVL_MAX KPKEYS_LVL_UNRESTRICTED
#define __KPKEYS_GUARD(name, set_level, restore_pkey_reg, set_arg, ...)
\
__DEFINE_CLASS_IS_CONDITIONAL(name, false); \
--
2.47.0
