[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200406142045.32522-5-levonshe@gmail.com>
Date: Mon, 6 Apr 2020 17:20:44 +0300
From: Lev Olshvang <levonshe@...il.com>
To: arnd@...db.de
Cc: kernel-hardening@...ts.openwall.com,
Lev Olshvang <levonshe@...il.com>
Subject: [RFC PATCH 4/5] X86:Prevent write to read-only pages :text, PLT/GOT tables from another process
Signed-off-by: Lev Olshvang <levonshe@...il.com>
---
arch/x86/include/asm/mmu_context.h | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index 4e55370e48e8..708135112d95 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -216,12 +216,19 @@ static inline void arch_unmap(struct mm_struct *mm, unsigned long start,
static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,
bool write, bool execute, bool foreign)
{
- /* pkeys never affect instruction fetches */
+#ifdef CONFIG_PROTECT_READONLY_USER_MEMORY
+ /* Forbid write to PROT_READ pages of foreign process */
+ if (write && foreign && (!(vma->vm_flags & VM_WRITE)))
+ return false;
+#endif
+ /* Don't check PKRU since pkeys never affect instruction fetches */
if (execute)
return true;
+
/* allow access if the VMA is not one from this process */
if (foreign || vma_is_foreign(vma))
return true;
+
return __pkru_allows_pkey(vma_pkey(vma), write);
}
--
2.17.1
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
