[PATCH RFC 1/4] mm: Track previously writeable vma permission

From: Catalin Marinas
Date: Wed Apr 13 2022 - 09:50:46 EST

Next message: Catalin Marinas: "[PATCH RFC 2/4] mm, personality: Implement memory-deny-write-execute as a personality flag"
Previous message: Catalin Marinas: "[PATCH RFC 0/4] mm, arm64: In-kernel support for memory-deny-write-execute (MDWE)"
In reply to: Catalin Marinas: "[PATCH RFC 0/4] mm, arm64: In-kernel support for memory-deny-write-execute (MDWE)"
Next in thread: Catalin Marinas: "[PATCH RFC 2/4] mm, personality: Implement memory-deny-write-execute as a personality flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In order to support a memory-deny-write-execute policy for mprotect()
and prevent a previously writeable mapping from being made executable,
track the past VM_WRITE permission via a new VM_WAS_WRITE flag that is
not cleared on permission change.

VM_WAS_WRITE is a high VMA flag and since not all architectures may want
this feature, only define it if CONFIG_ARCH_ENABLE_DENY_WRITE_EXEC is
selected, otherwise it is VM_NONE (zero).

Note that the new VM_WAS_WRITE flag would prevent merging of an always
read-only vma with a previously writeable vma that was made read-only. I
don't consider this a common case and even if we somehow allow such
merging, it would be confusing for the user if a read-only vma inherits
a VM_WAS_WRITE flag or the VM_WAS_WRITE flag is dropped.

Signed-off-by: Catalin Marinas <catalin.marinas@xxxxxxx>
Cc: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
include/linux/mm.h | 6 ++++++
include/linux/mman.h | 8 +++++++-
mm/Kconfig | 4 ++++
3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/include/linux/mm.h b/include/linux/mm.h
index e34edb775334..bec37abc0773 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -317,6 +317,12 @@ extern unsigned int kobjsize(const void *objp);
#define VM_HIGH_ARCH_4 BIT(VM_HIGH_ARCH_BIT_4)
#endif /* CONFIG_ARCH_USES_HIGH_VMA_FLAGS */

+#ifdef CONFIG_ARCH_ENABLE_DENY_WRITE_EXEC
+#define VM_WAS_WRITE BIT(37) /* only with ARCH_USES_HIGH_VMA_FLAGS */
+#else
+#define VM_WAS_WRITE VM_NONE
+#endif
+
#ifdef CONFIG_ARCH_HAS_PKEYS
# define VM_PKEY_SHIFT VM_HIGH_ARCH_BIT_0
# define VM_PKEY_BIT0 VM_HIGH_ARCH_0 /* A protection key is a 4-bit value */
diff --git a/include/linux/mman.h b/include/linux/mman.h
index b66e91b8176c..2d841ddae2aa 100644
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
@@ -141,10 +141,16 @@ static inline bool arch_validate_flags(unsigned long flags)
static inline unsigned long
calc_vm_prot_bits(unsigned long prot, unsigned long pkey)
{
- return _calc_vm_trans(prot, PROT_READ, VM_READ ) |
+ unsigned long vm_flags =
+ _calc_vm_trans(prot, PROT_READ, VM_READ ) |
_calc_vm_trans(prot, PROT_WRITE, VM_WRITE) |
_calc_vm_trans(prot, PROT_EXEC, VM_EXEC) |
arch_calc_vm_prot_bits(prot, pkey);
+
+ if (vm_flags & VM_WRITE)
+ vm_flags |= VM_WAS_WRITE;
+
+ return vm_flags;
}

/*
diff --git a/mm/Kconfig b/mm/Kconfig
index 034d87953600..f140109f2a1e 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
@@ -822,6 +822,10 @@ config ARCH_USES_HIGH_VMA_FLAGS
config ARCH_HAS_PKEYS
bool

+config ARCH_ENABLE_DENY_WRITE_EXEC
+ bool
+ depends on ARCH_USES_HIGH_VMA_FLAGS
+
config PERCPU_STATS
bool "Collect percpu memory statistics"
help

Next message: Catalin Marinas: "[PATCH RFC 2/4] mm, personality: Implement memory-deny-write-execute as a personality flag"
Previous message: Catalin Marinas: "[PATCH RFC 0/4] mm, arm64: In-kernel support for memory-deny-write-execute (MDWE)"
In reply to: Catalin Marinas: "[PATCH RFC 0/4] mm, arm64: In-kernel support for memory-deny-write-execute (MDWE)"
Next in thread: Catalin Marinas: "[PATCH RFC 2/4] mm, personality: Implement memory-deny-write-execute as a personality flag"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]