From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755432AbcI2QIR (ORCPT ); Thu, 29 Sep 2016 12:08:17 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48006 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751710AbcI2QIK (ORCPT ); Thu, 29 Sep 2016 12:08:10 -0400 Date: Thu, 29 Sep 2016 18:07:02 +0200 From: Oleg Nesterov To: Kees Cook Cc: Michael Ellerman , Al Viro , "linuxppc-dev@lists.ozlabs.org" , Andrew Morton , Denys Vlasenko , Jason Gunthorpe , Benjamin Herrenschmidt , Paul Mackerras , "Aneesh Kumar K.V" , Florian Weimer , Linux-MM , LKML Subject: Re: [PATCH v5] powerpc: Do not make the entire heap executable Message-ID: <20160929160702.GA30031@redhat.com> References: <20160822185105.29600-1-dvlasenk@redhat.com> <87d1jo7qbw.fsf@concordia.ellerman.id.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.18 (2008-05-17) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 29 Sep 2016 16:08:09 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 09/28, Kees Cook wrote: > > This is where the flags are actually built from what's coming in > through the newly created exported function vm_brk_flags() below. The > only flag we're acting on is VM_EXEC (passed in from set_brk() above). > I think do_brk_flags() should mask the valid flags, or we'll regret it > in the future. I'd like to see something like: > > /* Until we need other flags, refuse anything except VM_EXEC. */ > if ((flags & (~VM_EXEC)) != 0) > return -EINVAL; > flags |= VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; I tried to suggest this too. In particular it would be simply wrong to accept VM_LOCKED in flags. Oleg.