diff options
author | Ard Biesheuvel <ardb@kernel.org> | 2024-02-14 15:29:28 +0300 |
---|---|---|
committer | Catalin Marinas <catalin.marinas@arm.com> | 2024-02-16 15:42:43 +0300 |
commit | cb1a393c40eee2f1692c995ea0cc6e45bfccde4d (patch) | |
tree | cdb22e3f9f77883f442ad3f1e279c5040309751f | |
parent | 5d101654226d64ac0a6928019fbf476b46e9d14b (diff) | |
download | linux-cb1a393c40eee2f1692c995ea0cc6e45bfccde4d.tar.xz |
mm: add arch hook to validate mmap() prot flags
Add a hook to permit architectures to perform validation on the prot
flags passed to mmap(), like arch_validate_prot() does for mprotect().
This will be used by arm64 to reject PROT_WRITE+PROT_EXEC mappings on
configurations that run with WXN enabled.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20240214122845.2033971-87-ardb+git@google.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
-rw-r--r-- | include/linux/mman.h | 15 | ||||
-rw-r--r-- | mm/mmap.c | 3 |
2 files changed, 18 insertions, 0 deletions
diff --git a/include/linux/mman.h b/include/linux/mman.h index dc7048824be8..ec5e7f606e43 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -124,6 +124,21 @@ static inline bool arch_validate_flags(unsigned long flags) #define arch_validate_flags arch_validate_flags #endif +#ifndef arch_validate_mmap_prot +/* + * This is called from mmap(), which ignores unknown prot bits so the default + * is to accept anything. + * + * Returns true if the prot flags are valid + */ +static inline bool arch_validate_mmap_prot(unsigned long prot, + unsigned long addr) +{ + return true; +} +#define arch_validate_mmap_prot arch_validate_mmap_prot +#endif + /* * Optimisation macro. It is equivalent to: * (x & bit1) ? bit2 : 0 diff --git a/mm/mmap.c b/mm/mmap.c index d89770eaab6b..977a8c3fd9f5 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1229,6 +1229,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr, if (!(file && path_noexec(&file->f_path))) prot |= PROT_EXEC; + if (!arch_validate_mmap_prot(prot, addr)) + return -EACCES; + /* force arch specific MAP_FIXED handling in get_unmapped_area */ if (flags & MAP_FIXED_NOREPLACE) flags |= MAP_FIXED; |