diff mbox series

[RFC,v3,05/11] mseal: add MM_SEAL_PROT_PKEY

Message ID 20231212231706.2680890-6-jeffxu@chromium.org (mailing list archive)
State New
Headers show
Series Introduce mseal() | expand

Commit Message

Jeff Xu Dec. 12, 2023, 11:16 p.m. UTC 
From: Jeff Xu <jeffxu@chromium.org>

Seal PROT and PKEY of the address range, in other words, mprotect()
and pkey_mprotect() will be denied if the memory is sealed with
MM_SEAL_PROT_PKEY.

Signed-off-by: Jeff Xu <jeffxu@chromium.org>
---
 mm/mprotect.c | 10 ++++++++++
 1 file changed, 10 insertions(+)
diff mbox series

Patch

diff --git a/mm/mprotect.c b/mm/mprotect.c
index b94fbb45d5c7..1527188b1e92 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -32,6 +32,7 @@ 
 #include <linux/sched/sysctl.h>
 #include <linux/userfaultfd_k.h>
 #include <linux/memory-tiers.h>
+#include <uapi/linux/mman.h>
 #include <asm/cacheflush.h>
 #include <asm/mmu_context.h>
 #include <asm/tlbflush.h>
@@ -753,6 +754,15 @@  static int do_mprotect_pkey(unsigned long start, size_t len,
 		}
 	}
 
+	/*
+	 * checking if PROT and PKEY is sealed.
+	 * can_modify_mm assumes we have acquired the lock on MM.
+	 */
+	if (!can_modify_mm(current->mm, start, end, MM_SEAL_PROT_PKEY)) {
+		error = -EACCES;
+		goto out;
+	}
+
 	prev = vma_prev(&vmi);
 	if (start > vma->vm_start)
 		prev = vma;