mm/memfd: add write seals when apply SEAL_EXEC to executable memfd - linux

diff options

author	Jeff Xu <jeffxu@google.com>	2022-12-15 01:12:04 +0100
committer	Andrew Morton <akpm@linux-foundation.org>	2023-01-19 02:12:37 +0100
commit	c4f75bc8bd6b3d62665e1f5400c419540edb5601 (patch)
tree	4eadb91f046f0e270ff092286b6c806c4e1b17d0 /mm/userfaultfd.c
parent	mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC (diff)
download	linux-c4f75bc8bd6b3d62665e1f5400c419540edb5601.tar.xz linux-c4f75bc8bd6b3d62665e1f5400c419540edb5601.zip

mm/memfd: add write seals when apply SEAL_EXEC to executable memfd

In order to avoid WX mappings, add F_SEAL_WRITE when apply F_SEAL_EXEC to an executable memfd, so W^X from start. This implys application need to fill the content of the memfd first, after F_SEAL_EXEC is applied, application can no longer modify the content of the memfd. Typically, application seals the memfd right after writing to it. For example: 1. memfd_create(MFD_EXEC). 2. write() code to the memfd. 3. fcntl(F_ADD_SEALS, F_SEAL_EXEC) to convert the memfd to W^X. 4. call exec() on the memfd. Link: https://lkml.kernel.org/r/20221215001205.51969-5-jeffxu@google.com Signed-off-by: Jeff Xu <jeffxu@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Daniel Verkamp <dverkamp@chromium.org> Cc: David Herrmann <dh.herrmann@gmail.com> Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jann Horn <jannh@google.com> Cc: Jorge Lucangeli Obes <jorgelo@chromium.org> Cc: kernel test robot <lkp@intel.com> Cc: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Diffstat (limited to 'mm/userfaultfd.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: