From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mm-commits-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 235D4C46467
	for <mm-commits@archiver.kernel.org>; Thu, 15 Dec 2022 21:47:45 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S229730AbiLOVrn (ORCPT <rfc822;mm-commits@archiver.kernel.org>);
        Thu, 15 Dec 2022 16:47:43 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44802 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229841AbiLOVrf (ORCPT
        <rfc822;mm-commits@vger.kernel.org>); Thu, 15 Dec 2022 16:47:35 -0500
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC2A645ECF
        for <mm-commits@vger.kernel.org>; Thu, 15 Dec 2022 13:47:34 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 7890261F5B
        for <mm-commits@vger.kernel.org>; Thu, 15 Dec 2022 21:47:34 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id D3EBFC433D2;
        Thu, 15 Dec 2022 21:47:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
        s=korg; t=1671140853;
        bh=2964JWYKE1u1NfA5eVKc/Mf6mRjxuvTftBkkQm0XMNo=;
        h=Date:To:From:Subject:From;
        b=pOMUP5ix35oea/y7OwgZLGDWSFrwjofqWnH2oyXW6FIzr4TodRfUvPIf56izYkvWz
         uWrBMGVp11//wUC1+hfRrn596RnYSBLoxKhQVz408D+ObPC31CYg2goXuy8zkW3e5J
         4vWdNThhsB8Y6mWQfnl6oV1H4dPnM3h00Ex1n7GU=
Date:   Thu, 15 Dec 2022 13:47:33 -0800
To:     mm-commits@vger.kernel.org, skhan@linuxfoundation.org,
        lkp@intel.com, keescook@chromium.org, jorgelo@chromium.org,
        jannh@google.com, hughd@google.com, dverkamp@chromium.org,
        dmitry.torokhov@gmail.com, dh.herrmann@gmail.com,
        jeffxu@google.com, akpm@linux-foundation.org
From:   Andrew Morton <akpm@linux-foundation.org>
Subject: + mm-memfd-add-write-seals-when-apply-seal_exec-to-executable-memfd.patch added to mm-unstable branch
Message-Id: <20221215214733.D3EBFC433D2@smtp.kernel.org>
Precedence: bulk
Reply-To: linux-kernel@vger.kernel.org
List-ID: <mm-commits.vger.kernel.org>
X-Mailing-List: mm-commits@vger.kernel.org


The patch titled
     Subject: mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd
has been added to the -mm mm-unstable branch.  Its filename is
     mm-memfd-add-write-seals-when-apply-seal_exec-to-executable-memfd.patch

This patch will shortly appear at
     https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-memfd-add-write-seals-when-apply-seal_exec-to-executable-memfd.patch

This patch will later appear in the mm-unstable branch at
    git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days

------------------------------------------------------
From: Jeff Xu <jeffxu@google.com>
Subject: mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd
Date: Thu, 15 Dec 2022 00:12:04 +0000

In order to avoid WX mappings, add F_SEAL_WRITE when apply F_SEAL_EXEC to
an executable memfd, so W^X from start.

This implys application need to fill the content of the memfd first, after
F_SEAL_EXEC is applied, application can no longer modify the content of
the memfd.

Typically, application seals the memfd right after writing to it.
For example:
1. memfd_create(MFD_EXEC).
2. write() code to the memfd.
3. fcntl(F_ADD_SEALS, F_SEAL_EXEC) to convert the memfd to W^X.
4. call exec() on the memfd.

Link: https://lkml.kernel.org/r/20221215001205.51969-5-jeffxu@google.com
Signed-off-by: Jeff Xu <jeffxu@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Daniel Verkamp <dverkamp@chromium.org>
Cc: David Herrmann <dh.herrmann@gmail.com>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jann Horn <jannh@google.com>
Cc: Jorge Lucangeli Obes <jorgelo@chromium.org>
Cc: kernel test robot <lkp@intel.com>
Cc: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 mm/memfd.c |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/mm/memfd.c~mm-memfd-add-write-seals-when-apply-seal_exec-to-executable-memfd
+++ a/mm/memfd.c
@@ -222,6 +222,12 @@ static int memfd_add_seals(struct file *
 		}
 	}
 
+	/*
+	 * SEAL_EXEC implys SEAL_WRITE, making W^X from the start.
+	 */
+	if (seals & F_SEAL_EXEC && inode->i_mode & 0111)
+		seals |= F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_FUTURE_WRITE;
+
 	*file_seals |= seals;
 	error = 0;
 
_

Patches currently in -mm which might be from jeffxu@google.com are

mm-memfd-add-mfd_noexec_seal-and-mfd_exec.patch
mm-memfd-add-write-seals-when-apply-seal_exec-to-executable-memfd.patch
selftests-memfd-add-tests-for-mfd_noexec_seal-mfd_exec.patch