mm/memfd: add write seals when apply SEAL_EXEC to executable memfd - starfive-tech/linux.git - StarFive Tech Linux Kernel for VisionFive (JH7110) boards (mirror)

diff options

author	Jeff Xu <jeffxu@google.com>	2022-12-15 03:12:04 +0300
committer	Andrew Morton <akpm@linux-foundation.org>	2023-01-19 04:12:37 +0300
commit	c4f75bc8bd6b3d62665e1f5400c419540edb5601 (patch)
tree	4eadb91f046f0e270ff092286b6c806c4e1b17d0 /tools/testing/selftests/memfd/memfd_test.c
parent	105ff5339f498af74e60d7662c8f1c4d21f1342d (diff)
download	linux-c4f75bc8bd6b3d62665e1f5400c419540edb5601.tar.xz

mm/memfd: add write seals when apply SEAL_EXEC to executable memfd

In order to avoid WX mappings, add F_SEAL_WRITE when apply F_SEAL_EXEC to an executable memfd, so W^X from start. This implys application need to fill the content of the memfd first, after F_SEAL_EXEC is applied, application can no longer modify the content of the memfd. Typically, application seals the memfd right after writing to it. For example: 1. memfd_create(MFD_EXEC). 2. write() code to the memfd. 3. fcntl(F_ADD_SEALS, F_SEAL_EXEC) to convert the memfd to W^X. 4. call exec() on the memfd. Link: https://lkml.kernel.org/r/20221215001205.51969-5-jeffxu@google.com Signed-off-by: Jeff Xu <jeffxu@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Cc: Daniel Verkamp <dverkamp@chromium.org> Cc: David Herrmann <dh.herrmann@gmail.com> Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jann Horn <jannh@google.com> Cc: Jorge Lucangeli Obes <jorgelo@chromium.org> Cc: kernel test robot <lkp@intel.com> Cc: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

Diffstat (limited to 'tools/testing/selftests/memfd/memfd_test.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: