lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220413134946.2732468-2-catalin.marinas@arm.com>
Date:   Wed, 13 Apr 2022 14:49:43 +0100
From:   Catalin Marinas <catalin.marinas@....com>
To:     Andrew Morton <akpm@...ux-foundation.org>,
        Christoph Hellwig <hch@...radead.org>,
        Lennart Poettering <lennart@...ttering.net>,
        Zbigniew Jędrzejewski-Szmek <zbyszek@...waw.pl>
Cc:     Will Deacon <will@...nel.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Eric Biederman <ebiederm@...ssion.com>,
        Kees Cook <keescook@...omium.org>,
        Szabolcs Nagy <szabolcs.nagy@....com>,
        Mark Brown <broonie@...nel.org>,
        Jeremy Linton <jeremy.linton@....com>,
        Topi Miettinen <toiwoton@...il.com>, linux-mm@...ck.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-abi-devel@...ts.sourceforge.net
Subject: [PATCH RFC 1/4] mm: Track previously writeable vma permission

In order to support a memory-deny-write-execute policy for mprotect()
and prevent a previously writeable mapping from being made executable,
track the past VM_WRITE permission via a new VM_WAS_WRITE flag that is
not cleared on permission change.

VM_WAS_WRITE is a high VMA flag and since not all architectures may want
this feature, only define it if CONFIG_ARCH_ENABLE_DENY_WRITE_EXEC is
selected, otherwise it is VM_NONE (zero).

Note that the new VM_WAS_WRITE flag would prevent merging of an always
read-only vma with a previously writeable vma that was made read-only. I
don't consider this a common case and even if we somehow allow such
merging, it would be confusing for the user if a read-only vma inherits
a VM_WAS_WRITE flag or the VM_WAS_WRITE flag is dropped.

Signed-off-by: Catalin Marinas <catalin.marinas@....com>
Cc: Andrew Morton <akpm@...ux-foundation.org>
---
 include/linux/mm.h   | 6 ++++++
 include/linux/mman.h | 8 +++++++-
 mm/Kconfig           | 4 ++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/include/linux/mm.h b/include/linux/mm.h
index e34edb775334..bec37abc0773 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -317,6 +317,12 @@ extern unsigned int kobjsize(const void *objp);
 #define VM_HIGH_ARCH_4	BIT(VM_HIGH_ARCH_BIT_4)
 #endif /* CONFIG_ARCH_USES_HIGH_VMA_FLAGS */
 
+#ifdef CONFIG_ARCH_ENABLE_DENY_WRITE_EXEC
+#define VM_WAS_WRITE		BIT(37)	/* only with ARCH_USES_HIGH_VMA_FLAGS */
+#else
+#define VM_WAS_WRITE		VM_NONE
+#endif
+
 #ifdef CONFIG_ARCH_HAS_PKEYS
 # define VM_PKEY_SHIFT	VM_HIGH_ARCH_BIT_0
 # define VM_PKEY_BIT0	VM_HIGH_ARCH_0	/* A protection key is a 4-bit value */
diff --git a/include/linux/mman.h b/include/linux/mman.h
index b66e91b8176c..2d841ddae2aa 100644
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
@@ -141,10 +141,16 @@ static inline bool arch_validate_flags(unsigned long flags)
 static inline unsigned long
 calc_vm_prot_bits(unsigned long prot, unsigned long pkey)
 {
-	return _calc_vm_trans(prot, PROT_READ,  VM_READ ) |
+	unsigned long vm_flags =
+	       _calc_vm_trans(prot, PROT_READ,  VM_READ ) |
 	       _calc_vm_trans(prot, PROT_WRITE, VM_WRITE) |
 	       _calc_vm_trans(prot, PROT_EXEC,  VM_EXEC) |
 	       arch_calc_vm_prot_bits(prot, pkey);
+
+	if (vm_flags & VM_WRITE)
+		vm_flags |= VM_WAS_WRITE;
+
+	return vm_flags;
 }
 
 /*
diff --git a/mm/Kconfig b/mm/Kconfig
index 034d87953600..f140109f2a1e 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -822,6 +822,10 @@ config ARCH_USES_HIGH_VMA_FLAGS
 config ARCH_HAS_PKEYS
 	bool
 
+config ARCH_ENABLE_DENY_WRITE_EXEC
+	bool
+	depends on ARCH_USES_HIGH_VMA_FLAGS
+
 config PERCPU_STATS
 	bool "Collect percpu memory statistics"
 	help

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ