mm/memfd: add write seals when apply SEAL_EXEC to executable memfd - blaster4385/linux-IllusionX - Linux kernel with personal config changes for arch linux

diff options

author	Jeff Xu <[email protected]>	2022-12-15 00:12:04 +0000
committer	Andrew Morton <[email protected]>	2023-01-18 17:12:37 -0800
commit	c4f75bc8bd6b3d62665e1f5400c419540edb5601 (patch)
tree	4eadb91f046f0e270ff092286b6c806c4e1b17d0 /tools/perf/scripts/python/task-analyzer.py
parent	105ff5339f498af74e60d7662c8f1c4d21f1342d (diff)

mm/memfd: add write seals when apply SEAL_EXEC to executable memfd

In order to avoid WX mappings, add F_SEAL_WRITE when apply F_SEAL_EXEC to an executable memfd, so W^X from start. This implys application need to fill the content of the memfd first, after F_SEAL_EXEC is applied, application can no longer modify the content of the memfd. Typically, application seals the memfd right after writing to it. For example: 1. memfd_create(MFD_EXEC). 2. write() code to the memfd. 3. fcntl(F_ADD_SEALS, F_SEAL_EXEC) to convert the memfd to W^X. 4. call exec() on the memfd. Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Jeff Xu <[email protected]> Reviewed-by: Kees Cook <[email protected]> Cc: Daniel Verkamp <[email protected]> Cc: David Herrmann <[email protected]> Cc: Dmitry Torokhov <[email protected]> Cc: Hugh Dickins <[email protected]> Cc: Jann Horn <[email protected]> Cc: Jorge Lucangeli Obes <[email protected]> Cc: kernel test robot <[email protected]> Cc: Shuah Khan <[email protected]> Signed-off-by: Andrew Morton <[email protected]>

Diffstat (limited to 'tools/perf/scripts/python/task-analyzer.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: