From patchwork Fri Nov 11 17:12:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 13040652 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id F3C98C4332F for ; Fri, 11 Nov 2022 17:37:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-Id:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=xCM4DicxGMg/osuGMPO0oBu6Y5PZPgMLoLN3IMNjTSI=; b=TgPrOQL+cv+Ti9 aOQp/oC3wnxZTf626MaGGp9qZmUUtDeSxILwvGrkMGGmiVpy/YSkb7xI+0jfMcOq7kgm1WYrVNNTy P6/ENhYszSIFH4f3/6xhA4XTt5OllNjnuig+PjlC0s/uEPLrVWL0F7JOLwFUefRqITKTrm9wMlnoY pBljfylySG+gDE8vUDXVofdL8IjJLR9amjXclhRc9FTx+7B5GD6r0czTcXMVc1bOaN+ViuzNbNPiS jx5hM+Y8exxcleckjo9SlH3TS72Cvnz+SH4MnYKVw2Ypr8k8LPOCAG4Smp/lJjQy22NnmHa3l4xZ0 D2hQcmA5/5J0pnX/rYag==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1otXx6-00HKF4-2l; Fri, 11 Nov 2022 17:36:29 +0000 Received: from ams.source.kernel.org ([2604:1380:4601:e00::1]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1otXay-00H8Bg-6g for linux-arm-kernel@lists.infradead.org; Fri, 11 Nov 2022 17:13:38 +0000 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 9BE84B8268D; Fri, 11 Nov 2022 17:13:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 45BB0C433D7; Fri, 11 Nov 2022 17:13:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1668186812; bh=iteubLXOq/uhgUjHZqJzLGd7RrPuAONw2ofLvqdLHvw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=m7t5EaJ2Ti03kd+xKf/2dN6qoj2ysy4LOcL0+vpXDHX4eJsrtT0XJ1esz5+du5VMg VgV17dCu1rO3s1udSB2mN7VDM6vyn5PamoVOqCpmedqliQv7yJF8iioqz1OKfDP5ZC Up8nfOU+kf3IInWG0GUsjnYsI0JNDRmNzic7pOmOL1y3TMERGEYqnGV9HDl38Xnt0y bcPVH8JuLftTcRsJDkJYMWVTfJBgFz1u8IV+W+anLVpulxgXFfqZGJdGxlyvlxK9al Fvc9I48bHW6rjxg46Wzd2zS6VhcsnPD7R7FvSgnJIut8dC6d/56PnFE4PQZiQ35W9L AWS5R7FuwRu7A== From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org Cc: Ard Biesheuvel , Marc Zyngier , Will Deacon , Mark Rutland , Kees Cook , Catalin Marinas , Mark Brown , Anshuman Khandual Subject: [PATCH v7 32/33] mm: add arch hook to validate mmap() prot flags Date: Fri, 11 Nov 2022 18:12:00 +0100 Message-Id: <20221111171201.2088501-33-ardb@kernel.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20221111171201.2088501-1-ardb@kernel.org> References: <20221111171201.2088501-1-ardb@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=1745; i=ardb@kernel.org; h=from:subject; bh=iteubLXOq/uhgUjHZqJzLGd7RrPuAONw2ofLvqdLHvw=; b=owEB7QES/pANAwAKAcNPIjmS2Y8kAcsmYgBjboJeL2wALVDSOkDm1Hadkog2GbaPBv1NUcyu4fbo m+2EFhWJAbMEAAEKAB0WIQT72WJ8QGnJQhU3VynDTyI5ktmPJAUCY26CXgAKCRDDTyI5ktmPJKopDA CHYLmyjH1GHqFKRnQcJYEWGdlqI0nYFuNUv61dy1E1bRGjycQPS3U7tcHr3BHcTJFo+BgGOp663LkZ AKkMR4WJOIYs9x2xYNXzr47YKVvPNP4wos1edyAPQwQLpXmAGwzDee+lKLqaGXbwo3vxcyxKnPr1Lz ssmmohxMhrsY6KIEKY1KhZvYiIRrZ+69v8a/N9OHApjgNJfMeM5FXg3G2mlJv8C1ds1C/PdwPLetKE BKvloyNl6yvdHLDV5ComzqTAy+yJYa9X91lC11SXtwfKW4V58gjCSSanggpmwHgQGLSysaXK8DaPTp jrIqdo87xnPYt3tqd7o/5eY0ayHlvL9JewRzVyteKLTrPBO1W9gZZQXsaxF2ONPbhhDDd2qAY26n2l JMLq/Bo6blK1Hp6QUc+TktsKCcuumciK3CtdmuJtP8iEAmcaUzcCzg9wKkFTgNkhAEYE3szcHpa2Bu SaaE69oLhxOaAUFR2JVY69RlDOMPBDyvCZS1dNI8S1Ehw= X-Developer-Key: i=ardb@kernel.org; a=openpgp; fpr=F43D03328115A198C90016883D200E9CA6329909 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20221111_091336_583376_A435B923 X-CRM114-Status: GOOD ( 14.56 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Add a hook to permit architectures to perform validation on the prot flags passed to mmap(), like arch_validate_prot() does for mprotect(). This will be used by arm64 to reject PROT_WRITE+PROT_EXEC mappings on configurations that run with WXN enabled. Reviewed-by: Kees Cook Signed-off-by: Ard Biesheuvel --- include/linux/mman.h | 15 +++++++++++++++ mm/mmap.c | 3 +++ 2 files changed, 18 insertions(+) diff --git a/include/linux/mman.h b/include/linux/mman.h index 58b3abd457a38df4..53ac72310ce0935d 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -120,6 +120,21 @@ static inline bool arch_validate_flags(unsigned long flags) #define arch_validate_flags arch_validate_flags #endif +#ifndef arch_validate_mmap_prot +/* + * This is called from mmap(), which ignores unknown prot bits so the default + * is to accept anything. + * + * Returns true if the prot flags are valid + */ +static inline bool arch_validate_mmap_prot(unsigned long prot, + unsigned long addr) +{ + return true; +} +#define arch_validate_mmap_prot arch_validate_mmap_prot +#endif + /* * Optimisation macro. It is equivalent to: * (x & bit1) ? bit2 : 0 diff --git a/mm/mmap.c b/mm/mmap.c index 2def55555e05f103..cb82740b7527680b 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1262,6 +1262,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr, if (!(file && path_noexec(&file->f_path))) prot |= PROT_EXEC; + if (!arch_validate_mmap_prot(prot, addr)) + return -EACCES; + /* force arch specific MAP_FIXED handling in get_unmapped_area */ if (flags & MAP_FIXED_NOREPLACE) flags |= MAP_FIXED;