From patchwork Wed Jul 5 06:33:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13301700 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F3925C001B3 for ; Wed, 5 Jul 2023 06:33:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B322A6B0072; Wed, 5 Jul 2023 02:33:23 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AE18C6B0074; Wed, 5 Jul 2023 02:33:23 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 9A9348D0001; Wed, 5 Jul 2023 02:33:23 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 8C4CD6B0072 for ; Wed, 5 Jul 2023 02:33:23 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 54822140398 for ; Wed, 5 Jul 2023 06:33:23 +0000 (UTC) X-FDA: 80976591486.21.134C3BB Received: from mail-pg1-f173.google.com (mail-pg1-f173.google.com [209.85.215.173]) by imf23.hostedemail.com (Postfix) with ESMTP id 83C03140002 for ; Wed, 5 Jul 2023 06:33:20 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=HCLhgdyC; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf23.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.215.173 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688538800; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=LDvL7ekfNs3bVJSGPqpDAjABE5c0UvJWFUFVDP7OcnI=; b=fvdjvKtOwb2vOt6ztTCywyn5Twge12Rd8EoOZ97vpilnBKnrVJo3CR0PQAjDRIOMOg1OHt Q//fuw3X2mdNYZAxfuBVq82/bv/V4fImrgHCXbMuNgYJqXRRpQ1jz4w6ZdDsJJXqpSlFi5 5sV4skUg7qv8vbJ7Heksdle5JvFzG2g= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=HCLhgdyC; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf23.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.215.173 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688538800; a=rsa-sha256; cv=none; b=BPX4xWc8QnScCWJyiXTp5FL0Ronn91Y2j8wl31yJqYNjxMVn6PIsYevQdwc/0Q8+et8FWH 4mltinSYkZAwiBjxjup21aNEcSp1lystTMaXb8k2oq+PJD2V3Z+WFtfpKjWdfyxD/qEVRp WL4+2QbdH0qECOItkZI9qMw7xEYcxRs= Received: by mail-pg1-f173.google.com with SMTP id 41be03b00d2f7-517ab9a4a13so4421511a12.1 for ; Tue, 04 Jul 2023 23:33:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688538799; x=1691130799; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=LDvL7ekfNs3bVJSGPqpDAjABE5c0UvJWFUFVDP7OcnI=; b=HCLhgdyCq90YfTQMjaZdIjt+ewIGHr1WoJsIV+nau37DwSwAOxCl2fjO89N/8iyvzE H7nphOWHQcnoXDeIAAzONINmvw/9M+OF7ptZ2nYwtk03J6Xr1VIAXJFgzI89yGveGEEn GqQXrdDg26hwQ58jRQ8CVFGH4yq7UNJvF82E0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688538799; x=1691130799; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LDvL7ekfNs3bVJSGPqpDAjABE5c0UvJWFUFVDP7OcnI=; b=fTL8VEDuTLFBNk7Kcm3NPXYwaH7vadyva9qnSBu9DQprvQG4tN0AhmRyb+9PuFIci5 3alny9au9nI2a6cw71009UZR3wbOhxFBRPHPqrFkLn1IJUGMaHYeAvDPw3YmI/UTVhpw umvamgOop3uCLg6NK0ZC9U+Gpn95qVwC58pRVBZcBKzQMzzknhs8m3qMBCAClcVCZPWF RXrtfde8+Is0ngZ7VKmq7fZ3Xv7ntyy8O5SpuWm3a+ZsbEbR4tPkxWd+tumickfjhup9 iNSnNlkSYgBXfMDiIwv1Vxg9g3jV0ReEDKWSEjVWgn+/K5w4tcFjv8zYIRtEMSi8cIvy JoAg== X-Gm-Message-State: ABy/qLbUSAO17LLizr0JzhpHDAXr/hB1a7wjqguIvbdvE6J59GqdFpby G3CC01wppiipV27RRPxBS5P8gg== X-Google-Smtp-Source: APBJJlFpuOviESDRC+8Eczf993gvvtLCwtBHrHyO+U2M+unQGYqacus88aSVN0CInn963UVCfuJ9qA== X-Received: by 2002:a05:6a20:8408:b0:12f:6500:8504 with SMTP id c8-20020a056a20840800b0012f65008504mr3750180pzd.46.1688538799000; Tue, 04 Jul 2023 23:33:19 -0700 (PDT) Received: from localhost (183.43.230.35.bc.googleusercontent.com. [35.230.43.183]) by smtp.gmail.com with UTF8SMTPSA id u23-20020aa78497000000b0067aa2a70179sm13271590pfn.46.2023.07.04.23.33.18 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 04 Jul 2023 23:33:18 -0700 (PDT) From: jeffxu@chromium.org To: skhan@linuxfoundation.org, keescook@chromium.org Cc: akpm@linux-foundation.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, asmadeus@codewreck.org, hughd@google.com, jeffxu@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, linux-security-module@vger.kernel.org Subject: [PATCH v2 0/2] mm/memfd: fix sysctl MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED Date: Wed, 5 Jul 2023 06:33:13 +0000 Message-ID: <20230705063315.3680666-1-jeffxu@google.com> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog MIME-Version: 1.0 X-Rspamd-Queue-Id: 83C03140002 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: qcfj5tagkmamzqh59kenx8fp5ccj4ka3 X-HE-Tag: 1688538800-425131 X-HE-Meta: U2FsdGVkX1+XAyVNdpKsYDfBlhDnNX6lLZiSIupmuIDFp3oUEtxhn+kfjx8wKbh3c5nuAs5GaweMjH1OImNIGFMSP4sDQTF3nj5C6YBlu8iGaoAhYp3QjcApczjHNrVeq5MANAbAEMQqooEFWx1xxGsl4OQ9FmS9pkJBwNEnWgKxRRdrALlLchkK2S1a70OW55KH9E0azlwjh9xIwglAtnoqp8jUMk20e+F/eo64DFMyzsrB39FRSnRaP0VbfpsnRO15JSgu2G70T9HOT5CjQryQsh1isza9IyXjWIVOqdEjk7zNsEKuqMUSN3OSCN5ZyAoDFNJJCvgS+L3MQUa5Wwg7twPa45ZWgDKEuBMdyzTZvCYLA0fD/HnsoZovWPcQxbG4jNkgaFb6Mr3y/lL942XaRBRb5zI2lnF9jvoc0kq0HfjmDFUybwfkRjMpqhFclcfEGyJ19yI42RXsstlS5ThXapjYAvkovAjp3IPy9HbsCejIcVpf+tA354XXlMdlbSvyTqkTftmwWkweuHISIJW1ejy/ISPPlr4Aws6TiYdTT47HazpLJe8wIboX1C+iEGrXEP1tJUlGA75Ap0MJuTn+S32BCxtCYt7f+BQupt1m7yvZCjkJ0rUUdSYfq8Lq56N88T0/AVukwYzY2hg6/qzsB1V2xXehQ9wl+KztrlthzB5peS44EPlxpcdGekDDIcIKl00GOxa8Ccbtxj0z54XMfPDhg/cnS/Qq7XQAICCf6OUgaTmp83KTaZ2KsHRXjuU9xG+vXh0W4QBT26waZeYtm7Ty7pOvKKK/tivARNv+2v/IM1VY8hqIPiWgnCGPtSnZ1KddpDdG4hPecjqcWngcLlV2fqHsvnhW5uXX2FoNZPfufLsKg5MpM3ubsIOcqII2R0l+D45052aw4BoiUG/rGgD8RRsj/k7+25/vOcfD841MxzgR0BPpAXrcudYz7z29ABM93jxEwTD15y0 J0pqgn82 C8NvNDpmVkznB7ADRRevEeXwvgDs2bJ4tdhLeF6U5tS4K8wK3juciDjwF4emNr3GzGqPOBhmS3ZKygQrbfDnKCnIZhDUSQWKJ7Mfgkflxx0Gm3d7rAUfeWLZg16YqL2MPchwu40+nweo2cqbBBa8tIvLcCuK0nPBhYFEYM6kDsKgKk1yAzgQMADdNuXDoKo5NiH5GYuDjAR9BZ3g/p9v3nAJEaMcuUanbzI2vq3urlT3idx/7AwUYUCZYjDMmbbLeXOcwLSuUdABvFJeceR7ye7rOVbFWo55bthQEDgQ1QWNWXEAvdp8ncGWS0UU/i8PUF1s7KWK1eqOXTijtCbmpv8qVTxYX3tDXTb4u+Ggl4HgVGX/g8/iNhCiVIQMV4L7aSRaEKxvbXbsK73pMM+lwIau0VJPpSZDXuwGXa+8p9vrf6oLHDAy0+JEp7b/Lqis8P8ntnqBawnfd5Hmsos9eCapAVMGwFRREISPv6q816qfqaDVlJ0ehY0poAllfSc3i3rQPGdzIRxmhiVMWt3ER3HK/iq3T4ThxTgcQ0y0eJg5qqSjdy6xtRd+JKWlOCWyAI7vOOI+SKuAyRykVK/C6iYwMDw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu When sysctl vm.memfd_noexec is 2 (MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED), memfd_create(.., MFD_EXEC) should fail. This complies with how MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED is defined - "memfd_create() without MFD_NOEXEC_SEAL will be rejected" Thanks to Dominique Martinet who reported the bug. see [1] for context. [1] https://lore.kernel.org/linux-mm/CABi2SkXUX_QqTQ10Yx9bBUGpN1wByOi_=gZU6WEy5a8MaQY3Jw@mail.gmail.com/T/ History: V2: fix build error when CONFIG_SYSCTL is not defined. V1: initial version https://lore.kernel.org/linux-mm/20230630031721.623955-3-jeffxu@google.com/T/ Jeff Xu (2): mm/memfd: sysctl: fix MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED selftests/memfd: sysctl: fix MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED mm/memfd.c | 57 +++++++++++++--------- tools/testing/selftests/memfd/memfd_test.c | 5 ++ 2 files changed, 38 insertions(+), 24 deletions(-)