Re: [PATCH v22 11/24] mm: Introduce vm_ops->may

linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed

* Re: [PATCH v22 11/24] mm: Introduce vm_ops->may_mprotect()
       [not found] ` <20190903142655.21943-12-jarkko.sakkinen@linux.intel.com>
@ 2019-10-08 17:41   ` Borislav Petkov
  0 siblings, 0 replies; only message in thread
From: Borislav Petkov @ 2019-10-08 17:41 UTC (permalink / raw)
  To: Jarkko Sakkinen, linux-mm
  Cc: linux-kernel, x86, linux-sgx, akpm, dave.hansen,
	sean.j.christopherson, nhorman, npmccallum, serge.ayoun,
	shay.katz-zamir, haitao.huang, andriy.shevchenko, tglx,
	kai.svahn, josh, luto, kai.huang, rientjes, cedric.xing

+ linux-mm.

On Tue, Sep 03, 2019 at 05:26:42PM +0300, Jarkko Sakkinen wrote:
> From: Sean Christopherson <sean.j.christopherson@intel.com>
> 
> Add vm_ops()->may_mprotect() to check additional constrains set by a

constraints

Leaving in the rest for MM folks:

> subsystem for a mprotect() call.
> 
> Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
> ---
>  include/linux/mm.h |  2 ++
>  mm/mprotect.c      | 13 ++++++++++---
>  2 files changed, 12 insertions(+), 3 deletions(-)
> 
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index 0334ca97c584..405cea65057a 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -469,6 +469,8 @@ struct vm_operations_struct {
>  	void (*close)(struct vm_area_struct * area);
>  	int (*split)(struct vm_area_struct * area, unsigned long addr);
>  	int (*mremap)(struct vm_area_struct * area);
> +	int (*may_mprotect)(struct vm_area_struct *vma, unsigned long start,
> +			    unsigned long end, unsigned long prot);
>  	vm_fault_t (*fault)(struct vm_fault *vmf);
>  	vm_fault_t (*huge_fault)(struct vm_fault *vmf,
>  			enum page_entry_size pe_size);
> diff --git a/mm/mprotect.c b/mm/mprotect.c
> index bf38dfbbb4b4..18732543b295 100644
> --- a/mm/mprotect.c
> +++ b/mm/mprotect.c
> @@ -547,13 +547,20 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
>  			goto out;
>  		}
>  
> +		tmp = vma->vm_end;
> +		if (tmp > end)
> +			tmp = end;
> +
> +		if (vma->vm_ops && vma->vm_ops->may_mprotect) {
> +			error = vma->vm_ops->may_mprotect(vma, nstart, tmp, prot);
> +			if (error)
> +				goto out;
> +		}
> +
>  		error = security_file_mprotect(vma, reqprot, prot);
>  		if (error)
>  			goto out;
>  
> -		tmp = vma->vm_end;
> -		if (tmp > end)
> -			tmp = end;
>  		error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
>  		if (error)
>  			goto out;
> -- 
> 2.20.1
> 

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2019-10-08 17:41 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <20190903142655.21943-1-jarkko.sakkinen@linux.intel.com>
     [not found] ` <20190903142655.21943-12-jarkko.sakkinen@linux.intel.com>
2019-10-08 17:41   ` [PATCH v22 11/24] mm: Introduce vm_ops->may_mprotect() Borislav Petkov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox