Why do you need prot and mask? If you would directly order the function to either calculate the access bits based on PF_ flags or to set it to RW regardless of the PF_ phdr flags, it would be IMO cleaner and even slightly more compact.

I think most people, particularly those who don't have at least a passing knowledge of the pmap and direct map, will be mightily confused by passing VM_PROT_RW here. I think they will expect to see VM_PROT_NONE here. Thoughts?

We could define a per-arch DMAP_DEFAULT_PROT which gets used here instead. At least amd64, arm64, riscv map the DMAP as RW; on amd64 this changed in commit 33c72b24dee54cd9f5ccab28478fd5a8b5876944. I'm not sure about powerpc, but we can side-step the issue for now since pmap_change_prot() isn't implemented there.

I can't see a reason for DMAP_DEFAULT_PROT to be anything other than VM_PROT_RW though, so in the long run we'd like to have a single definition, not an MD one.

Setting the permissions to VM_PROT_NONE does not restore the write enable bit on DMAP (at least on x86). Kernel assumes that any free memory is writeable through DMAP, so does not change it protection on allocation and possible access.

Also, I do not think much use of a definition for DMAP_DEFAULT_PROT for the reason that was stated: it is identical for all arches. So IMO a comment would be enough why we change the protection despite the KVA mapping will be destroyed.

Setting the permissions to VM_PROT_NONE does not restore the write enable bit on DMAP (at least on x86). Kernel assumes that any free memory is writeable through DMAP, so does not change it protection on allocation and possible access.

I don't follow. To be clear, I am suggesting having #define DMAP_DEFAULT_PROT VM_PROT_RW, and then here we would write preload_protect_reset(ef, DMAP_DEFAULT_PROT).

Also, I do not think much use of a definition for DMAP_DEFAULT_PROT for the reason that was stated: it is identical for all arches. So IMO a comment would be enough why we change the protection despite the KVA mapping will be destroyed.

@jhibbits mentioned on IRC that it is RWX on powerpc when available, and it cannot trivially be changed to RW. It is not immediately relevant here since preload_protect() is a no-op on everything other than amd64 and arm64. I think I agree that a comment is sufficient though.

The VM_PROT_NONE part of my reply was in response to Alan' suggestion to use VM_PROT_NONE there. At least I do not understand how would it work.

Per style, there should be a blank line after this call, to delineate the block to which the multi-line comment applies.

Should the comment be replicated here?