lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <cover.1732804776.git.lorenzo.stoakes@oracle.com>
Date: Thu, 28 Nov 2024 15:06:16 +0000
From: Lorenzo Stoakes <lorenzo.stoakes@...cle.com>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: "Liam R . Howlett" <Liam.Howlett@...cle.com>,
        Vlastimil Babka <vbabka@...e.cz>, Jann Horn <jannh@...gle.com>,
        Shuah Khan <shuah@...nel.org>, Julian Orth <ju.orth@...il.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH 0/2] mm: reinstate ability to map write-sealed memfd mappings read-only

In commit 158978945f31 ("mm: perform the mapping_map_writable() check after
call_mmap()") (and preceding changes in the same series) it became possible
to mmap() F_SEAL_WRITE sealed memfd mappings read-only.

Commit 5de195060b2e ("mm: resolve faulty mmap_region() error path
behaviour") unintentionally undid this logic by moving the
mapping_map_writable() check before the shmem_mmap() hook is invoked,
thereby regressing this change.

This series reworks how we both permit write-sealed mappings being mapped
read-only and disallow mprotect() from undoing the write-seal, fixing this
regression.

We also add a regression test to ensure that we do not accidentally regress
this in future.

Thanks to Julian Orth for reporting this regression.

Note that this will require stable backports to 6.6.y and 6.12.y, I will
send these manually when this lands upstream.

Lorenzo Stoakes (2):
  mm: reinstate ability to map write-sealed memfd mappings read-only
  selftests/memfd: add test for mapping write-sealed memfd read-only

 include/linux/memfd.h                      | 14 ++++++
 include/linux/mm.h                         | 58 +++++++++++++++-------
 mm/memfd.c                                 |  2 +-
 mm/mmap.c                                  |  4 ++
 tools/testing/selftests/memfd/memfd_test.c | 43 ++++++++++++++++
 5 files changed, 102 insertions(+), 19 deletions(-)

--
2.47.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ