lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <bd50a6f0-670e-6bd3-13f1-c7a96e56a9bb@oracle.com>
Date:   Tue, 28 Jul 2020 10:06:05 -0400
From:   Steven Sistare <steven.sistare@...cle.com>
To:     Kirill Tkhai <ktkhai@...tuozzo.com>,
        Anthony Yznaga <anthony.yznaga@...cle.com>,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        linux-mm@...ck.org, linux-arch@...r.kernel.org
Cc:     mhocko@...nel.org, tglx@...utronix.de, mingo@...hat.com,
        bp@...en8.de, x86@...nel.org, hpa@...or.com,
        viro@...iv.linux.org.uk, akpm@...ux-foundation.org, arnd@...db.de,
        ebiederm@...ssion.com, keescook@...omium.org, gerg@...ux-m68k.org,
        christian.brauner@...ntu.com, peterz@...radead.org,
        esyr@...hat.com, jgg@...pe.ca, christian@...lner.me,
        areber@...hat.com, cyphar@...har.com
Subject: Re: [RFC PATCH 5/5] mm: introduce MADV_DOEXEC

On 7/28/2020 9:22 AM, Kirill Tkhai wrote:
> On 27.07.2020 20:11, Anthony Yznaga wrote:
>> madvise MADV_DOEXEC preserves a memory range across exec.  Initially
>> only supported for non-executable, non-stack, anonymous memory.
>> MADV_DONTEXEC reverts the effect of a previous MADV_DOXEXEC call and
>> undoes the preservation of the range.  After a successful exec call,
>> the behavior of all ranges reverts to MADV_DONTEXEC.
>>
>> Signed-off-by: Steve Sistare <steven.sistare@...cle.com>
>> Signed-off-by: Anthony Yznaga <anthony.yznaga@...cle.com>
>> ---
>>  include/uapi/asm-generic/mman-common.h |  3 +++
>>  mm/madvise.c                           | 25 +++++++++++++++++++++++++
>>  2 files changed, 28 insertions(+)
>>
>> diff --git a/include/uapi/asm-generic/mman-common.h b/include/uapi/asm-generic/mman-common.h
>> index f94f65d429be..7c5f616b28f7 100644
>> --- a/include/uapi/asm-generic/mman-common.h
>> +++ b/include/uapi/asm-generic/mman-common.h
>> @@ -72,6 +72,9 @@
>>  #define MADV_COLD	20		/* deactivate these pages */
>>  #define MADV_PAGEOUT	21		/* reclaim these pages */
>>  
>> +#define MADV_DOEXEC	22		/* do inherit across exec */
>> +#define MADV_DONTEXEC	23		/* don't inherit across exec */
>> +
>>  /* compatibility flags */
>>  #define MAP_FILE	0
>>  
>> diff --git a/mm/madvise.c b/mm/madvise.c
>> index dd1d43cf026d..b447fa748649 100644
>> --- a/mm/madvise.c
>> +++ b/mm/madvise.c
>> @@ -103,6 +103,26 @@ static long madvise_behavior(struct vm_area_struct *vma,
>>  	case MADV_KEEPONFORK:
>>  		new_flags &= ~VM_WIPEONFORK;
>>  		break;
>> +	case MADV_DOEXEC:
> 
> For me MADV_KEEPONEXEC sounds better as it's symmetric to MADV_KEEPONFORK.

We chose MADV_DOEXEC and MADV_DONTEXEC to match the precedent set by:

#define MADV_DONTFORK   10              /* don't inherit across fork */


#define MADV_DOFORK     11              /* do inherit across fork */


I do like "keep" as a concise description of the operation.  KEEPONFORK is not a perfect 
analog because its opposite is wipe ...

#define MADV_WIPEONFORK 18              /* Zero memory on fork, child only */
#define MADV_KEEPONFORK 19              /* Undo MADV_WIPEONFORK */

... but if folks are ok with that then IMO these are all good choices:

MADV_KEEPONEXEC
MADV_DROPONEXEC

MADV_KEEPEXEC    (shorter)
MADV_DROPEXEC 

MADV_KEEP_EXEC   (more legible, but no existing MADV names use 2nd underscores)
MADV_DROP_EXEC

Whatever folks like best.

- Steve

>> +		/*
>> +		 * MADV_DOEXEC is only supported on private, non-executable,
>> +		 * non-stack anonymous memory and if the VM_EXEC_KEEP flag
>> +		 * is available.
>> +		 */
>> +		if (!VM_EXEC_KEEP || vma->vm_file || vma->vm_flags & (VM_EXEC|VM_SHARED|VM_STACK)) {
>> +			error = -EINVAL;
>> +			goto out;
>> +		}
>> +		new_flags |= (new_flags & ~VM_MAYEXEC) | VM_EXEC_KEEP;
>> +		break;
>> +	case MADV_DONTEXEC:
>> +		if (!VM_EXEC_KEEP) {
>> +			error = -EINVAL;
>> +			goto out;
>> +		}
>> +		if (new_flags & VM_EXEC_KEEP)
>> +			new_flags |= (new_flags & ~VM_EXEC_KEEP) | VM_MAYEXEC;
>> +		break;
>>  	case MADV_DONTDUMP:
>>  		new_flags |= VM_DONTDUMP;
>>  		break;
>> @@ -983,6 +1003,8 @@ static int madvise_inject_error(int behavior,
>>  	case MADV_SOFT_OFFLINE:
>>  	case MADV_HWPOISON:
>>  #endif
>> +	case MADV_DOEXEC:
>> +	case MADV_DONTEXEC:
>>  		return true;
>>  
>>  	default:
>> @@ -1037,6 +1059,9 @@ static int madvise_inject_error(int behavior,
>>   *  MADV_DONTDUMP - the application wants to prevent pages in the given range
>>   *		from being included in its core dump.
>>   *  MADV_DODUMP - cancel MADV_DONTDUMP: no longer exclude from core dump.
>> + *  MADV_DOEXEC - On exec, preserve and duplicate this area in the new process
>> + *		  if the new process allows it.
>> + *  MADV_DONTEXEC - Undo the effect of MADV_DOEXEC.
>>   *
>>   * return values:
>>   *  zero    - success
>>
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ