Re: [PATCH v2] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alejandro Colomar <alx@kernel.org>
To: Florent Revest <revest@chromium.org>
Cc: linux-man@vger.kernel.org, joey.gouly@arm.com,
	akpm@linux-foundation.org, keescook@chromium.org,
	catalin.marinas@arm.com
Subject: Re: [PATCH v2] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE
Date: Sun, 15 Oct 2023 00:32:52 +0200	[thread overview]
Message-ID: <ZSsXFTkMkQn-c2hM@debian> (raw)
In-Reply-To: <20231011114744.2563619-1-revest@chromium.org>

[-- Attachment #1: Type: text/plain, Size: 2674 bytes --]

Hi Florent,

On Wed, Oct 11, 2023 at 01:47:44PM +0200, Florent Revest wrote:
> Memory-Deny-Write-Execute is a W^X process control originally introduced
> by Joey Gouly. I'm the author of the PR_MDWE_NO_INHERIT flag.
> 
> Signed-off-by: Florent Revest <revest@chromium.org>
> ---

Patch applied.
<https://www.alejandro-colomar.es/src/alx/linux/man-pages/man-pages.git/commit/?h=contrib&id=457ca4a9ae3eae9835a5c011851c4eb88b49d322>

Thanks,
Alex

> 
> Diff since v1:
> - Use semantic newlines
> - Document that PR_MDWE_NO_INHERIT requires PR_MDWE_REFUSE_EXEC_GAIN
> - Use "bit mask" instead of "bitmask" according to the style guide
> - Removed an empty comment line
> 
>  man2/prctl.2 | 30 ++++++++++++++++++++++++++++++
>  1 file changed, 30 insertions(+)
> 
> diff --git a/man2/prctl.2 b/man2/prctl.2
> index d845b0905..83060edd9 100644
> --- a/man2/prctl.2
> +++ b/man2/prctl.2
> @@ -2041,6 +2041,36 @@ the copy will be truncated.
>  Return (as the function result)
>  the full length of the auxiliary vector.
>  \fIarg4\fP and \fIarg5\fP must be 0.
> +.TP
> +.BR PR_SET_MDWE " (since Linux 6.3)"
> +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61
> +Set the calling process' Memory-Deny-Write-Execute protection mask.
> +Once protection bits are set,
> +they can not be changed.
> +.IR arg2

This should've been .I.  I've amended the patch:

diff --git a/man2/prctl.2 b/man2/prctl.2
index 83060edd9..de53acfb0 100644
--- a/man2/prctl.2
+++ b/man2/prctl.2
@@ -2047,7 +2047,7 @@ .SH DESCRIPTION
 Set the calling process' Memory-Deny-Write-Execute protection mask.
 Once protection bits are set,
 they can not be changed.
-.IR arg2
+.I arg2
 must be a bit mask of:
 .RS
 .TP

> +must be a bit mask of:
> +.RS
> +.TP
> +.B PR_MDWE_REFUSE_EXEC_GAIN
> +New memory mapping protections can't be writable and executable.
> +Non-executable mappings can't become executable.
> +.TP
> +.B PR_MDWE_NO_INHERIT " (since Linux 6.6)"
> +.\" commit 2a87e5520554034e8c423479740f95bea4a086a0
> +Do not propagate MDWE protection to child processes on
> +.BR fork (2).
> +Setting this bit requires setting
> +.B PR_MDWE_REFUSE_EXEC_GAIN
> +too.
> +.RE
> +.TP
> +.BR PR_GET_MDWE " (since Linux 6.3)"
> +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61
> +Return (as the function result) the Memory-Deny-Write-Execute protection mask
> +of the calling process.
> +(See
> +.B PR_SET_MDWE
> +for information on the protection mask bits.)
>  .SH RETURN VALUE
>  On success,
>  .BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
> -- 
> 2.42.0.655.g421f12c284-goog
> 

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

     prev parent reply	other threads:[~2023-10-14 22:32 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-10-11 11:47 [PATCH v2] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE Florent Revest
2023-10-11 15:13 ` Catalin Marinas
2023-10-14 22:31   ` Alejandro Colomar
2023-10-14 22:32 ` Alejandro Colomar [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:83060edd dfblob:de53acfb )
 OR (
bs:"Re: [PATCH v2] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZSsXFTkMkQn-c2hM@debian \
    --to=alx@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=catalin.marinas@arm.com \
    --cc=joey.gouly@arm.com \
    --cc=keescook@chromium.org \
    --cc=linux-man@vger.kernel.org \
    --cc=revest@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.