From patchwork Fri Jun 30 03:17:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13297530 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5CF24EB64D9 for ; Fri, 30 Jun 2023 03:17:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 42BD68D0002; Thu, 29 Jun 2023 23:17:29 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3DBE38D0001; Thu, 29 Jun 2023 23:17:29 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2A44C8D0002; Thu, 29 Jun 2023 23:17:29 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 1A89A8D0001 for ; Thu, 29 Jun 2023 23:17:29 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id B252FB0652 for ; Fri, 30 Jun 2023 03:17:28 +0000 (UTC) X-FDA: 80957953776.03.55C1C86 Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com [209.85.210.46]) by imf20.hostedemail.com (Postfix) with ESMTP id EED1D1C0004 for ; Fri, 30 Jun 2023 03:17:26 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=KPAc3EBd; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf20.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.46 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688095047; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=/4tMW9nYu8CG1Kx5U0JNQJGDDgvExBfXDekuGxOI5L0=; b=k8jvglzDWjHRqAqLGWaCN7ya9a2mGUf+yJULWBMljaN08QQ6opyZMtGZEGPp9BEZDA2QM5 v3PVQPs6596b/9dxgROX0fKy5zerkcTTu/wiZwhdvjxNwemzwo3vVWZOhO1mxuIUGPdCRk 6v35o2dTMEFfcNVWzYfr/baNUomTYME= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=KPAc3EBd; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf20.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.46 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688095047; a=rsa-sha256; cv=none; b=48u54P6T4l2X6nUz0gSqix6shVQMvg8EOiGGQdPzMJfrKBgBC2CffrNO8HCEbMuBu+Hcx4 RhfqY4daJeHKZF9goJ0iQYqKmlteVi3/zVvGqa0ed43QFlHEIibhei4oDr4e2FvGsqKZ0c 1catxuLvyqTHOTY3uZxJ4TmI0UlWt3I= Received: by mail-ot1-f46.google.com with SMTP id 46e09a7af769-6b7279544edso1206799a34.0 for ; Thu, 29 Jun 2023 20:17:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688095046; x=1690687046; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=/4tMW9nYu8CG1Kx5U0JNQJGDDgvExBfXDekuGxOI5L0=; b=KPAc3EBdnLrZTuhZ0JBA91GkCQdZi1yBfADyAF7KOgyzmnpDl4S+IGni/BtmgUcrH3 sbgYHnHSeF3KErNlwH76FXcDGpT0YJHsPG42/z5A2rpu6t71HdZ1FdW+/DfA4ASgCAHE ryqzVSoM0Cg4D98+NoLyA6oKWkl5NF8mEgGUI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688095046; x=1690687046; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=/4tMW9nYu8CG1Kx5U0JNQJGDDgvExBfXDekuGxOI5L0=; b=eeQ/R/M6Um3MTv7TNiYwrjKNw1mvjpWybfFZB9xNy8fHHJBmbyOmtNMAKoS4Yc8Nhz N97qVGlSB86sjxCBHkWX9SMBsStcvbldhwxjy1Mx8pgDA0LxKzgVEeBJkvxDcli1wXmg gaQczj5YwnOM04/w54K+gGatESZDtCRzm2qE1xoewKJk2fvWl3Etpfj6sK7IjK+FeW3I Th4icQi0xzBYGRpBLO6oXIDXoY/6VndicSI5JS9sFlNvna0SINeNr9kOpYk/2Pd/MTMt HanVLgPGWPtsiHyqXhTdk1U+ObTOV1OsOsdDndK5AlVT6GMoT9s+f2Btb1HUuroSi5A8 wI1A== X-Gm-Message-State: ABy/qLZ20pS6yRflkQ232bDyD5Nt0BoV1Rj93XV3k1iRjBldsIaBDBMF f9X5p66qaGfC5hXG8y5MCtOJ+g== X-Google-Smtp-Source: APBJJlEJphhEXB8Hvzt4GfIdNcqhB5iF/w0ojswIeIzAdwLdkQe+337jwOl6sU6apnlxbfP2RALgMA== X-Received: by 2002:a05:6359:bb0:b0:134:cb1d:6737 with SMTP id gf48-20020a0563590bb000b00134cb1d6737mr1429484rwb.7.1688095045912; Thu, 29 Jun 2023 20:17:25 -0700 (PDT) Received: from localhost (183.43.230.35.bc.googleusercontent.com. [35.230.43.183]) by smtp.gmail.com with UTF8SMTPSA id jh2-20020a170903328200b001b3fb1119fdsm3668851plb.297.2023.06.29.20.17.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 29 Jun 2023 20:17:25 -0700 (PDT) From: jeffxu@chromium.org To: skhan@linuxfoundation.org, keescook@chromium.org Cc: akpm@linux-foundation.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, asmadeus@codewreck.org, hughd@google.com, jeffxu@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v1 0/2] mm/memfd: fix sysctl MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED Date: Fri, 30 Jun 2023 03:17:18 +0000 Message-ID: <20230630031721.623955-1-jeffxu@google.com> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog MIME-Version: 1.0 X-Rspam-User: X-Stat-Signature: famgzkj8qmzscjnk5rxenpd1cuq9xmug X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: EED1D1C0004 X-HE-Tag: 1688095046-609568 X-HE-Meta: U2FsdGVkX19ZNUCx2ELN3YEPbsrd22fsAAtQhoX+w05trTVkTTynGc2cPai0HKHzp9+rOppSVlGwU26O+MNCwNtu8HsCbHkd7SBGZXY+wyE1EMqTjRbKGuVY69DDUuB6U8lk38NRJdp1BZh/0/mKbNGO9DMlgq6jHaDf1hOZrDg2ahOGNfZMRP/nBZg289wAv/mVeBONxb9iee5WhSxZNTNVPjfqKxgt7VqexzM1pZaBD+Kw98U2obov6VIioIt12VpNUg8VibkslQivS60U12cMbUv3r86SbkRMDbG7XAQOE1lUrZOv3TuPWItgblG4b3g2d+UyDYZZCPodNCe08PzgCeV2W0dRit7art8zacJgA9R84odrYI5uAXv3ydO2w+zeMfNt8predesL7z3Uz5qFTYXWfsbfXmFapgMrGzW/oW64Yl18VpwumWY/fHtjqc7TiaPaz9MNhTNskEAW1vVJqm5pRk8awjVJF8KKVVcOZcmR8NHIvvhMZUyZOt75TiZPIj6iEYruJreS0UyjiLMipoOExWaniw6KADjJ6dzcUBX5pMILUTth3FD5C+1rJ52/36k2xnAk5pCMvWkrj9ghopN/O/ppwIvPEoFjtFsDDIWHMOsPMSyYsTPR8z4NEHRThExTIh4fgIvhXHPaAxBylZo7SxErqtiL7JJwMfY5zK0tYOysL/ynwV8ubt4vS9V2lI4GbatNdHznNXTp8oFOMDukCP7uATFBYYkVoYumfyDnTY+SQGNNJ+vRE5YfkbnokGEmRI7h1Bhc5MWhHGBG69cssKHPQcSLg9jSPISqyx4CT4izUCzkZJHgYarNdzmCe2u4TmtQTej0CzYsBjHkyrYGKj2m8tJmuanuq74pYb1inbiE5rAFxihQJTKj9hNHcsB5OrLmLElhAWBTJkPL4YJY68CKt7XLnI5UoyiUJM3dtDa2x3VDL+b9gPjyw6Vo7kb+a6UROIX01qo xwIeuuAj Bz1MnpbZlCq6Q1FqBWltkt+8WlYLScYUbbMiA/pqTJ6tHfu0lS8UB7iuDB5LmZpgYSfGRFkV/NvNM97oMbw5wmtOHNRaPmFLhxAEheE6LQOy2eACesMLjZlxA80XVyExAJssRoAXABLXeVr0bJgXaZfcDdm+pmt3aLsRgo4vYBCEpx3iZNv2tzhGBh3tZVpaymLrmsROSLuHo8B+VfpIUXQRGPRmqpvzKWJPGo8YaMMYIxo3FuEYuM+DRzxhAZC5cPbhpYLnYQ2buqmmXe15UioHc7pAJqxOmnaDsFgnoEsoaPych+NrSacTC50NNwk/g0yQf7g6HcEnkyTYhFg/Vg8Ly3zL4B1nSxTQSZfUyfq4U2ay14i5cNmWRvwCHFjVDwcSZ22cB60okYWrEv6uA9tRk+NShxEm2dPX47i3dBPH5r/HDGnNnfQ2a1hsyJkgiXbzbUDvgyGoM+qjigl6L9dpfcU2G9xd6gxrPuU9fIUFqAOsp0J02k5u9mgY6KFvyKdaewZfWnQjMCWujdsmqd9mqkWhaO/etkqkwj374eyhTH10OyvDntt2LfHt7Mz+YnWn1UXDplA4E5WGjU4h60b8IQw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu When sysctl vm.memfd_noexec is 2 (MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED), memfd_create(.., MFD_EXEC) should fail. This complies with how MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED is defined - "memfd_create() without MFD_NOEXEC_SEAL will be rejected" Thanks to Dominique Martinet who reported the bug. see [1] for context. [1] https://lore.kernel.org/linux-mm/CABi2SkXUX_QqTQ10Yx9bBUGpN1wByOi_=gZU6WEy5a8MaQY3Jw@mail.gmail.com/T/ Jeff Xu (2): mm/memfd: sysctl: fix MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED selftests/memfd: sysctl: fix MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED mm/memfd.c | 48 +++++++++++----------- tools/testing/selftests/memfd/memfd_test.c | 5 +++ 2 files changed, 30 insertions(+), 23 deletions(-)