lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20231016143828.647848-7-jeffxu@chromium.org>
Date: Mon, 16 Oct 2023 14:38:25 +0000
From: jeffxu@...omium.org
To: akpm@...ux-foundation.org,
	keescook@...omium.org,
	sroettger@...gle.com
Cc: jeffxu@...gle.com,
	jorgelo@...omium.org,
	groeck@...omium.org,
	linux-kernel@...r.kernel.org,
	linux-kselftest@...r.kernel.org,
	linux-mm@...ck.org,
	jannh@...gle.com,
	surenb@...gle.com,
	alex.sierra@....com,
	apopple@...dia.com,
	aneesh.kumar@...ux.ibm.com,
	axelrasmussen@...gle.com,
	ben@...adent.org.uk,
	catalin.marinas@....com,
	david@...hat.com,
	dwmw@...zon.co.uk,
	ying.huang@...el.com,
	hughd@...gle.com,
	joey.gouly@....com,
	corbet@....net,
	wangkefeng.wang@...wei.com,
	Liam.Howlett@...cle.com,
	torvalds@...ux-foundation.org,
	lstoakes@...il.com,
	willy@...radead.org,
	mawupeng1@...wei.com,
	linmiaohe@...wei.com,
	namit@...are.com,
	peterx@...hat.com,
	peterz@...radead.org,
	ryan.roberts@....com,
	shr@...kernel.io,
	vbabka@...e.cz,
	xiujianfeng@...wei.com,
	yu.ma@...el.com,
	zhangpeng362@...wei.com,
	dave.hansen@...el.com,
	luto@...nel.org,
	linux-hardening@...r.kernel.org
Subject: [RFC PATCH v1 6/8] mseal mremap

From: Jeff Xu <jeffxu@...gle.com>

check seal for mremap(2)

Signed-off-by: Jeff Xu <jeffxu@...gle.com>
---
 mm/mremap.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/mm/mremap.c b/mm/mremap.c
index e43f9ceaa29d..2288f9d0b126 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -836,7 +836,15 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len,
 	if ((mm->map_count + 2) >= sysctl_max_map_count - 3)
 		return -ENOMEM;
 
+	if (!can_modify_mm(mm, addr, addr + old_len, MM_ACTION_MREMAP,
+			   ON_BEHALF_OF_USERSPACE))
+		return -EACCES;
+
 	if (flags & MREMAP_FIXED) {
+		if (!can_modify_mm(mm, new_addr, new_addr + new_len,
+				   MM_ACTION_MREMAP, ON_BEHALF_OF_USERSPACE))
+			return -EACCES;
+
 		ret = do_munmap(mm, new_addr, new_len, uf_unmap_early);
 		if (ret)
 			goto out;
@@ -995,6 +1003,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len,
 		goto out;
 	}
 
+	if (!can_modify_mm(mm, addr, addr + old_len, MM_ACTION_MREMAP,
+			   ON_BEHALF_OF_USERSPACE)) {
+		ret = -EACCES;
+		goto out;
+	}
+
 	/*
 	 * Always allow a shrinking remap: that just unmaps
 	 * the unnecessary pages..
-- 
2.42.0.609.gbb76f46606-goog


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ