From mboxrd@z Thu Jan 1 00:00:00 1970 From: jarkko.sakkinen@intel.com (Sakkinen, Jarkko) Date: Mon, 10 Sep 2018 18:21:58 +0000 Subject: [RFC 09/12] mm: Restrict memory encryption to anonymous VMA's In-Reply-To: References: Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Fri, 2018-09-07 at 15:37 -0700, Alison Schofield wrote: > Memory encryption is only supported for mappings that are ANONYMOUS. > Test the entire range of VMA's in an encrypt_mprotect() request to > make sure they all meet that requirement before encrypting any. > > The encrypt_mprotect syscall will return -EINVAL and will not encrypt > any VMA's if this check fails. > > Signed-off-by: Alison Schofield > --- > mm/mprotect.c | 22 ++++++++++++++++++++++ > 1 file changed, 22 insertions(+) > > diff --git a/mm/mprotect.c b/mm/mprotect.c > index 6c2e1106525c..3384b755aad1 100644 > --- a/mm/mprotect.c > +++ b/mm/mprotect.c > @@ -311,6 +311,24 @@ unsigned long change_protection(struct vm_area_struct > *vma, unsigned long start, > return pages; > } > > +/* > + * Encrypted mprotect is only supported on anonymous mappings. > + * All VMA's in the requested range must be anonymous. If this > + * test fails on any single VMA, the entire mprotect request fails. > + */ kdoc > +bool mem_supports_encryption(struct vm_area_struct *vma, unsigned long end) > +{ > + struct vm_area_struct *test_vma = vma; > + > + do { > + if (!vma_is_anonymous(test_vma)) > + return false; > + > + test_vma = test_vma->vm_next; > + } while (test_vma && test_vma->vm_start < end); > + return true; > +} > + > int > mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, > unsigned long start, unsigned long end, unsigned long > newflags, > @@ -491,6 +509,10 @@ static int do_mprotect_ext(unsigned long start, size_t > len, > goto out; > } > } > + if (keyid > 0 && !mem_supports_encryption(vma, end)) { > + error = -EINVAL; > + goto out; > + } > if (start > vma->vm_start) > prev = vma; > /Jarkko