On 09/07/2018 08:01 AM, Thomas Gleixner wrote:
> +static inline pgprot_t static_protections(pgprot_t prot, unsigned long
> address,
> + unsigned long pfn)
> +{
> + pgprotval_t forbidden;
> +
> + /* Operate on the virtual address */
> + forbidden = protect_kernel_text(address);
> + forbidden |= protect_kernel_text_ro(address);
> +
> + /* Check the PFN directly */
> + forbidden |= protect_pci_bios(pfn);
> + forbidden |= protect_rodata(pfn);
>
> - return prot;
> + return __pgprot(pgprot_val(prot) & ~forbidden);
> }
Wow, that's quite an improvement, especially separating the vaddr vs.
paddr checks.
