diff mbox series

[v1,3/6] PKEY: Apply PKEY_ENFORCE_API to mprotect

Message ID 20230519011915.846407-4-jeffxu@chromium.org (mailing list archive)
State New
Headers show
Series Memory Mapping (VMA) protection using PKU - set 1 | expand

Commit Message

Jeff Xu May 19, 2023, 1:19 a.m. UTC 
From: Jeff Xu <jeffxu@google.com>

This patch enables PKEY_ENFORCE_API for the mprotect and
mprotect_pkey syscalls.

Signed-off-by: Jeff Xu<jeffxu@google.com>
---
 mm/mprotect.c | 11 +++++++++++
 1 file changed, 11 insertions(+)
diff mbox series

Patch

diff --git a/mm/mprotect.c b/mm/mprotect.c
index 8a68fdca8487..1db30b8baac3 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -794,6 +794,17 @@  static int do_mprotect_pkey(unsigned long start, size_t len,
 		}
 	}
 
+	/*
+	 * arch_check_pkey_enforce_api checks if current thread
+	 * has the PKEY permission to modify the memory mapping.
+	 * Note: this should only apply to the cases that do_mprotect_pkey
+	 * is called from syscall entry. Ref. to munmap for other cases.
+	 */
+	if (arch_check_pkey_enforce_api(current->mm, start, end) < 0) {
+		error = -EACCES;
+		goto out;
+	}
+
 	prev = vma_prev(&vmi);
 	if (start > vma->vm_start)
 		prev = vma;