Thread (14 messages) 14 messages, 6 authors, 2023-03-08

Re: [PATCH v2 1/2] mm: Implement memory-deny-write-execute as a prctl

From: Catalin Marinas <catalin.marinas@arm.com>
Date: 2023-01-23 16:22:25
Also in: linux-mm, lkml

On Mon, Jan 23, 2023 at 05:10:08PM +0100, David Hildenbrand wrote:
On 23.01.23 17:04, Catalin Marinas wrote:
quoted
On Mon, Jan 23, 2023 at 01:53:46PM +0100, David Hildenbrand wrote:
quoted
That at least would be then similar to how we handle mmaped files: if the
file is not executable, we clear VM_MAYEXEC. If the file is not writable, we
clear VM_MAYWRITE.
We still allow VM_MAYWRITE for private mappings, though we do clear
VM_MAYEXEC if not executable.

It would be nice to use VM_MAY* flags for this logic but we can only
emulate MDWE if we change the semantics of 'MAY': only check the 'MAY'
flags for permissions being changed (e.g. allow PROT_EXEC if the vma is
already VM_EXEC even if !VM_MAYEXEC). Another issue is that we end up
with some weird combinations like having VM_EXEC without VM_MAYEXEC
(maybe that's fine).
No, we wouldn't want VM_EXEC if VM_MAYEXEC is not set. I don't immediately
see how that would happen.
You are right, this shouldn't happen. What I had in mind was the current
MDWE model where after an mmap(PROT_EXEC), any mprotect(PROT_EXEC) is
denied. But this series departs slightly from this since we want to
allow PROT_EXEC if already executable.

-- 
Catalin

_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help