From: Ard Biesheuvel <ardb@kernel.org>
To: linux-arm-kernel@lists.infradead.org
Cc: Ard Biesheuvel <ardb@kernel.org>, Marc Zyngier <maz@kernel.org>,
Will Deacon <will@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Kees Cook <keescook@chromium.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Mark Brown <broonie@kernel.org>,
Anshuman Khandual <anshuman.khandual@arm.com>
Subject: [PATCH v6 8/9] mm: add arch hook to validate mmap() prot flags
Date: Fri, 1 Jul 2022 15:04:43 +0200 [thread overview]
Message-ID: <20220701130444.2945106-9-ardb@kernel.org> (raw)
In-Reply-To: <20220701130444.2945106-1-ardb@kernel.org>
Add a hook to permit architectures to perform validation on the prot
flags passed to mmap(), like arch_validate_prot() does for mprotect().
This will be used by arm64 to reject PROT_WRITE+PROT_EXEC mappings on
configurations that run with WXN enabled.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
---
include/linux/mman.h | 15 +++++++++++++++
mm/mmap.c | 3 +++
2 files changed, 18 insertions(+)
diff --git a/include/linux/mman.h b/include/linux/mman.h
index 58b3abd457a3..53ac72310ce0 100644
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
@@ -120,6 +120,21 @@ static inline bool arch_validate_flags(unsigned long flags)
#define arch_validate_flags arch_validate_flags
#endif
+#ifndef arch_validate_mmap_prot
+/*
+ * This is called from mmap(), which ignores unknown prot bits so the default
+ * is to accept anything.
+ *
+ * Returns true if the prot flags are valid
+ */
+static inline bool arch_validate_mmap_prot(unsigned long prot,
+ unsigned long addr)
+{
+ return true;
+}
+#define arch_validate_mmap_prot arch_validate_mmap_prot
+#endif
+
/*
* Optimisation macro. It is equivalent to:
* (x & bit1) ? bit2 : 0
diff --git a/mm/mmap.c b/mm/mmap.c
index 61e6135c54ef..4a585879937d 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -1437,6 +1437,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr,
if (!(file && path_noexec(&file->f_path)))
prot |= PROT_EXEC;
+ if (!arch_validate_mmap_prot(prot, addr))
+ return -EACCES;
+
/* force arch specific MAP_FIXED handling in get_unmapped_area */
if (flags & MAP_FIXED_NOREPLACE)
flags |= MAP_FIXED;
--
2.35.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-07-01 13:09 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-01 13:04 [PATCH v6 0/9] arm64: add support for WXN Ard Biesheuvel
2022-07-01 13:04 ` [PATCH v6 1/9] arm64: kaslr: use an ordinary command line param for nokaslr Ard Biesheuvel
2022-07-01 14:07 ` Mark Brown
2022-07-01 13:04 ` [PATCH v6 2/9] arm64: kaslr: don't pretend KASLR is enabled if offset < MIN_KIMG_ALIGN Ard Biesheuvel
2022-07-01 14:12 ` Mark Brown
2022-07-01 13:04 ` [PATCH v6 3/9] arm64: kaslr: drop special case for ThunderX in kaslr_requires_kpti() Ard Biesheuvel
2022-07-01 13:04 ` [PATCH v6 4/9] arm64: head: allocate more pages for the kernel mapping Ard Biesheuvel
2022-07-01 13:04 ` [PATCH v6 5/9] arm64: head: move early kernel mapping and relocation code to C code Ard Biesheuvel
2022-07-01 13:04 ` [PATCH v6 6/9] arm64: mm: avoid fixmap for early swapper_pg_dir updates Ard Biesheuvel
2022-07-01 13:04 ` [PATCH v6 7/9] arm64: mm: omit redundant remap of kernel image Ard Biesheuvel
2022-07-01 13:04 ` Ard Biesheuvel [this message]
2022-07-01 13:04 ` [PATCH v6 9/9] arm64: mm: add support for WXN memory translation attribute Ard Biesheuvel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220701130444.2945106-9-ardb@kernel.org \
--to=ardb@kernel.org \
--cc=anshuman.khandual@arm.com \
--cc=broonie@kernel.org \
--cc=catalin.marinas@arm.com \
--cc=keescook@chromium.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=mark.rutland@arm.com \
--cc=maz@kernel.org \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.