[PATCH] prctl.2: Document PR_SET_MDWE and PR_GET

public inbox for linux-man@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE
@ 2023-10-03 15:50 Florent Revest
  2023-10-08 21:39 ` Alejandro Colomar
  2023-10-09 16:34 ` Catalin Marinas
  0 siblings, 2 replies; 5+ messages in thread
From: Florent Revest @ 2023-10-03 15:50 UTC (permalink / raw)
  To: alx; +Cc: linux-man, joey.gouly, akpm, keescook, catalin.marinas,
	Florent Revest

Memory-Deny-Write-Execute is a W^X process control originally introduced
by Joey Gouly. I'm the author of the PR_MDWE_NO_INHERIT flag.

Signed-off-by: Florent Revest <revest@chromium.org>
---
 man2/prctl.2 | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/man2/prctl.2 b/man2/prctl.2
index d845b0905..67e6e2ff0 100644
--- a/man2/prctl.2
+++ b/man2/prctl.2
@@ -2041,6 +2041,33 @@ the copy will be truncated.
 Return (as the function result)
 the full length of the auxiliary vector.
 \fIarg4\fP and \fIarg5\fP must be 0.
+.TP
+.BR PR_SET_MDWE " (since Linux 6.3)"
+.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61
+Set the process' Memory-Deny-Write-Execute protection mask.
+.IR arg2
+must be a bitmask of:
+.RS
+.\"
+.TP
+.B PR_MDWE_REFUSE_EXEC_GAIN
+New memory mapping protections can't be writable and executable. Non-executable
+mappings can't become executable.
+.TP
+.B PR_MDWE_NO_INHERIT " (since Linux 6.6)"
+.\" commit 2a87e5520554034e8c423479740f95bea4a086a0
+Do not propagate MDWE protection to child processes on
+.BR fork (2).
+.TP
+Once protection bits are set, they can not be changed.
+.RE
+.TP
+.BR PR_GET_MDWE " (since Linux 6.3)"
+.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61
+Return (as the function result) the Memory-Deny-Write-Execute protection mask.
+(See
+.B PR_SET_MDWE
+for information on the protection mask bits.)
 .SH RETURN VALUE
 On success,
 .BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
-- 
2.42.0.582.g8ccd20d70d-goog


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE
  2023-10-03 15:50 [PATCH] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE Florent Revest
@ 2023-10-08 21:39 ` Alejandro Colomar
  2023-10-11 11:15   ` Florent Revest
  2023-10-09 16:34 ` Catalin Marinas
  1 sibling, 1 reply; 5+ messages in thread
From: Alejandro Colomar @ 2023-10-08 21:39 UTC (permalink / raw)
  To: Florent Revest; +Cc: linux-man, joey.gouly, akpm, keescook, catalin.marinas

[-- Attachment #1: Type: text/plain, Size: 2399 bytes --]

Hi Florent,

On Tue, Oct 03, 2023 at 05:50:10PM +0200, Florent Revest wrote:
> Memory-Deny-Write-Execute is a W^X process control originally introduced
> by Joey Gouly. I'm the author of the PR_MDWE_NO_INHERIT flag.
> 
> Signed-off-by: Florent Revest <revest@chromium.org>
> ---
>  man2/prctl.2 | 27 +++++++++++++++++++++++++++
>  1 file changed, 27 insertions(+)
> 
> diff --git a/man2/prctl.2 b/man2/prctl.2
> index d845b0905..67e6e2ff0 100644
> --- a/man2/prctl.2
> +++ b/man2/prctl.2
> @@ -2041,6 +2041,33 @@ the copy will be truncated.
>  Return (as the function result)
>  the full length of the auxiliary vector.
>  \fIarg4\fP and \fIarg5\fP must be 0.
> +.TP
> +.BR PR_SET_MDWE " (since Linux 6.3)"
> +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61
> +Set the process' Memory-Deny-Write-Execute protection mask.
> +.IR arg2
> +must be a bitmask of:
> +.RS
> +.\"
> +.TP
> +.B PR_MDWE_REFUSE_EXEC_GAIN
> +New memory mapping protections can't be writable and executable. Non-executable

Please use semantic newlines.

$ MANWIDTH=72 man man-pages | sed -n '/Use semantic newlines/,/^$/p'
   Use semantic newlines
       In the source of a manual page, new sentences should be started
       on  new  lines,  long  sentences  should be split into lines at
       clause breaks (commas, semicolons, colons, and so on), and long
       clauses should be split at phrase boundaries.  This convention,
       sometimes known as "semantic newlines", makes it easier to  see
       the  effect of patches, which often operate at the level of in‐
       dividual sentences, clauses, or phrases.

Thanks,
Alex

> +mappings can't become executable.
> +.TP
> +.B PR_MDWE_NO_INHERIT " (since Linux 6.6)"
> +.\" commit 2a87e5520554034e8c423479740f95bea4a086a0
> +Do not propagate MDWE protection to child processes on
> +.BR fork (2).
> +.TP
> +Once protection bits are set, they can not be changed.
> +.RE
> +.TP
> +.BR PR_GET_MDWE " (since Linux 6.3)"
> +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61
> +Return (as the function result) the Memory-Deny-Write-Execute protection mask.
> +(See
> +.B PR_SET_MDWE
> +for information on the protection mask bits.)
>  .SH RETURN VALUE
>  On success,
>  .BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
> -- 
> 2.42.0.582.g8ccd20d70d-goog
> 

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE
  2023-10-08 21:39 ` Alejandro Colomar
@ 2023-10-11 11:15   ` Florent Revest
  0 siblings, 0 replies; 5+ messages in thread
From: Florent Revest @ 2023-10-11 11:15 UTC (permalink / raw)
  To: Alejandro Colomar; +Cc: linux-man, joey.gouly, akpm, keescook, catalin.marinas

On Sun, Oct 8, 2023 at 11:39 PM Alejandro Colomar <alx@kernel.org> wrote:
>
> Please use semantic newlines.
>
> $ MANWIDTH=72 man man-pages | sed -n '/Use semantic newlines/,/^$/p'
>    Use semantic newlines
>        In the source of a manual page, new sentences should be started
>        on  new  lines,  long  sentences  should be split into lines at
>        clause breaks (commas, semicolons, colons, and so on), and long
>        clauses should be split at phrase boundaries.  This convention,
>        sometimes known as "semantic newlines", makes it easier to  see
>        the  effect of patches, which often operate at the level of in‐
>        dividual sentences, clauses, or phrases.

Oops, looks like I missed the "Style guide" section of CONTRIBUTING,
sorry about that! I will fix it and re-spin :)

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE
  2023-10-03 15:50 [PATCH] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE Florent Revest
  2023-10-08 21:39 ` Alejandro Colomar
@ 2023-10-09 16:34 ` Catalin Marinas
  2023-10-11 11:12   ` Florent Revest
  1 sibling, 1 reply; 5+ messages in thread
From: Catalin Marinas @ 2023-10-09 16:34 UTC (permalink / raw)
  To: Florent Revest; +Cc: alx, linux-man, joey.gouly, akpm, keescook

On Tue, Oct 03, 2023 at 05:50:10PM +0200, Florent Revest wrote:
> Memory-Deny-Write-Execute is a W^X process control originally introduced
> by Joey Gouly. I'm the author of the PR_MDWE_NO_INHERIT flag.
> 
> Signed-off-by: Florent Revest <revest@chromium.org>
> ---
>  man2/prctl.2 | 27 +++++++++++++++++++++++++++
>  1 file changed, 27 insertions(+)
> 
> diff --git a/man2/prctl.2 b/man2/prctl.2
> index d845b0905..67e6e2ff0 100644
> --- a/man2/prctl.2
> +++ b/man2/prctl.2
> @@ -2041,6 +2041,33 @@ the copy will be truncated.
>  Return (as the function result)
>  the full length of the auxiliary vector.
>  \fIarg4\fP and \fIarg5\fP must be 0.
> +.TP
> +.BR PR_SET_MDWE " (since Linux 6.3)"
> +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61
> +Set the process' Memory-Deny-Write-Execute protection mask.
> +.IR arg2
> +must be a bitmask of:
> +.RS
> +.\"
> +.TP
> +.B PR_MDWE_REFUSE_EXEC_GAIN
> +New memory mapping protections can't be writable and executable. Non-executable
> +mappings can't become executable.
> +.TP
> +.B PR_MDWE_NO_INHERIT " (since Linux 6.6)"
> +.\" commit 2a87e5520554034e8c423479740f95bea4a086a0
> +Do not propagate MDWE protection to child processes on

Should this mention that PR_MDWE_NO_INHERIT requires
PR_MDWE_REFUSE_EXEC_GAIN (unless I forgot how this was supposed to
work).

-- 
Catalin

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE
  2023-10-09 16:34 ` Catalin Marinas
@ 2023-10-11 11:12   ` Florent Revest
  0 siblings, 0 replies; 5+ messages in thread
From: Florent Revest @ 2023-10-11 11:12 UTC (permalink / raw)
  To: Catalin Marinas; +Cc: alx, linux-man, joey.gouly, akpm, keescook

On Mon, Oct 9, 2023 at 6:34 PM Catalin Marinas <catalin.marinas@arm.com> wrote:
>
> On Tue, Oct 03, 2023 at 05:50:10PM +0200, Florent Revest wrote:
> > +.B PR_MDWE_REFUSE_EXEC_GAIN
> > +New memory mapping protections can't be writable and executable. Non-executable
> > +mappings can't become executable.
> > +.TP
> > +.B PR_MDWE_NO_INHERIT " (since Linux 6.6)"
> > +.\" commit 2a87e5520554034e8c423479740f95bea4a086a0
> > +Do not propagate MDWE protection to child processes on
>
> Should this mention that PR_MDWE_NO_INHERIT requires
> PR_MDWE_REFUSE_EXEC_GAIN (unless I forgot how this was supposed to
> work).

Yes! :) That's a good point, thank you Catalin

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2023-10-11 11:15 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-03 15:50 [PATCH] prctl.2: Document PR_SET_MDWE and PR_GET_MDWE Florent Revest
2023-10-08 21:39 ` Alejandro Colomar
2023-10-11 11:15   ` Florent Revest
2023-10-09 16:34 ` Catalin Marinas
2023-10-11 11:12   ` Florent Revest

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox