Message ID | 20221207154939.2532830-5-jeffxu@google.com (mailing list archive) |
---|---|
State | Accepted |
Commit | c4f75bc8bd6b3d62665e1f5400c419540edb5601 |
Headers | show |
Series | mm/memfd: introduce MFD_NOEXEC_SEAL and MFD_EXEC | expand |
On Wed, Dec 07, 2022 at 03:49:37PM +0000, jeffxu@chromium.org wrote: > From: Jeff Xu <jeffxu@google.com> > > In order to avoid WX mappings, add F_SEAL_WRITE when apply > F_SEAL_EXEC to an executable memfd, so W^X from start. > > This implys application need to fill the content of the memfd first, > after F_SEAL_EXEC is applied, application can no longer modify the > content of the memfd. > > Typically, application seals the memfd right after writing to it. > For example: > 1. memfd_create(MFD_EXEC). > 2. write() code to the memfd. > 3. fcntl(F_ADD_SEALS, F_SEAL_EXEC) to convert the memfd to W^X. > 4. call exec() on the memfd. > > Signed-off-by: Jeff Xu <jeffxu@google.com> Reviewed-by: Kees Cook <keescook@chromium.org>
diff --git a/mm/memfd.c b/mm/memfd.c index ec70675a7069..92f0a5765f7c 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -222,6 +222,12 @@ static int memfd_add_seals(struct file *file, unsigned int seals) } } + /* + * SEAL_EXEC implys SEAL_WRITE, making W^X from the start. + */ + if (seals & F_SEAL_EXEC && inode->i_mode & 0111) + seals |= F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_FUTURE_WRITE; + *file_seals |= seals; error = 0;