| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Jul 2020 10:11:27 -0700
From: Anthony Yznaga <anthony.yznaga@...cle.com>
To: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
linux-mm@...ck.org, linux-arch@...r.kernel.org
Cc: mhocko@...nel.org, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, x86@...nel.org, hpa@...or.com,
viro@...iv.linux.org.uk, akpm@...ux-foundation.org, arnd@...db.de,
ebiederm@...ssion.com, keescook@...omium.org, gerg@...ux-m68k.org,
ktkhai@...tuozzo.com, christian.brauner@...ntu.com,
peterz@...radead.org, esyr@...hat.com, jgg@...pe.ca,
christian@...lner.me, areber@...hat.com, cyphar@...har.com,
steven.sistare@...cle.com
Subject: [RFC PATCH 5/5] mm: introduce MADV_DOEXEC
madvise MADV_DOEXEC preserves a memory range across exec. Initially
only supported for non-executable, non-stack, anonymous memory.
MADV_DONTEXEC reverts the effect of a previous MADV_DOXEXEC call and
undoes the preservation of the range. After a successful exec call,
the behavior of all ranges reverts to MADV_DONTEXEC.
Signed-off-by: Steve Sistare <steven.sistare@...cle.com>
Signed-off-by: Anthony Yznaga <anthony.yznaga@...cle.com>
---
include/uapi/asm-generic/mman-common.h | 3 +++
mm/madvise.c | 25 +++++++++++++++++++++++++
2 files changed, 28 insertions(+)
diff --git a/include/uapi/asm-generic/mman-common.h b/include/uapi/asm-generic/mman-common.h
index f94f65d429be..7c5f616b28f7 100644
--- a/include/uapi/asm-generic/mman-common.h
+++ b/include/uapi/asm-generic/mman-common.h
@@ -72,6 +72,9 @@
#define MADV_COLD 20 /* deactivate these pages */
#define MADV_PAGEOUT 21 /* reclaim these pages */
+#define MADV_DOEXEC 22 /* do inherit across exec */
+#define MADV_DONTEXEC 23 /* don't inherit across exec */
+
/* compatibility flags */
#define MAP_FILE 0
diff --git a/mm/madvise.c b/mm/madvise.c
index dd1d43cf026d..b447fa748649 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -103,6 +103,26 @@ static long madvise_behavior(struct vm_area_struct *vma,
case MADV_KEEPONFORK:
new_flags &= ~VM_WIPEONFORK;
break;
+ case MADV_DOEXEC:
+ /*
+ * MADV_DOEXEC is only supported on private, non-executable,
+ * non-stack anonymous memory and if the VM_EXEC_KEEP flag
+ * is available.
+ */
+ if (!VM_EXEC_KEEP || vma->vm_file || vma->vm_flags & (VM_EXEC|VM_SHARED|VM_STACK)) {
+ error = -EINVAL;
+ goto out;
+ }
+ new_flags |= (new_flags & ~VM_MAYEXEC) | VM_EXEC_KEEP;
+ break;
+ case MADV_DONTEXEC:
+ if (!VM_EXEC_KEEP) {
+ error = -EINVAL;
+ goto out;
+ }
+ if (new_flags & VM_EXEC_KEEP)
+ new_flags |= (new_flags & ~VM_EXEC_KEEP) | VM_MAYEXEC;
+ break;
case MADV_DONTDUMP:
new_flags |= VM_DONTDUMP;
break;
@@ -983,6 +1003,8 @@ static int madvise_inject_error(int behavior,
case MADV_SOFT_OFFLINE:
case MADV_HWPOISON:
#endif
+ case MADV_DOEXEC:
+ case MADV_DONTEXEC:
return true;
default:
@@ -1037,6 +1059,9 @@ static int madvise_inject_error(int behavior,
* MADV_DONTDUMP - the application wants to prevent pages in the given range
* from being included in its core dump.
* MADV_DODUMP - cancel MADV_DONTDUMP: no longer exclude from core dump.
+ * MADV_DOEXEC - On exec, preserve and duplicate this area in the new process
+ * if the new process allows it.
+ * MADV_DONTEXEC - Undo the effect of MADV_DOEXEC.
*
* return values:
* zero - success
--
1.8.3.1
Powered by blists - more mailing lists