* [GIT PULL] Remove in-tree usage of MAP_DENYWRITE
@ 2021-09-04 15:46 David Hildenbrand
2021-09-04 19:00 ` pr-tracker-bot
0 siblings, 1 reply; 2+ messages in thread
From: David Hildenbrand @ 2021-09-04 15:46 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, linux-mm, Andrew Morton, linux-fsdevel,
Eric W . Biederman, David Hildenbrand
Hi Linus,
as discussed ...
The following changes since commit 7d2a07b769330c34b4deabeed939325c77a7ec2f:
Linux 5.14 (2021-08-29 15:04:50 -0700)
are available in the Git repository at:
https://github.com/davidhildenbrand/linux.git tags/denywrite-for-5.15
for you to fetch changes up to 592ca09be8333bd226f50100328a905bfc377133:
fs: update documentation of get_write_access() and friends (2021-09-03 18:42:02 +0200)
----------------------------------------------------------------
Remove in-tree usage of MAP_DENYWRITE
Remove all in-tree usage of MAP_DENYWRITE from the kernel and remove
VM_DENYWRITE.
There are some (minor) user-visible changes:
1. We no longer deny write access to shared libaries loaded via legacy
uselib(); this behavior matches modern user space e.g., via dlopen().
2. We no longer deny write access to the elf interpreter after exec
completed, treating it just like shared libraries (which it often is).
3. We always deny write access to the file linked via /proc/pid/exe:
sys_prctl(PR_SET_MM_MAP/EXE_FILE) will fail if write access to the file
cannot be denied, and write access to the file will remain denied
until the link is effectivel gone (exec, termination,
sys_prctl(PR_SET_MM_MAP/EXE_FILE)) -- just as if exec'ing the file.
Cross-compiled for a bunch of architectures (alpha, microblaze, i386,
s390x, ...) and verified via ltp that especially the relevant tests
(i.e., creat07 and execve04) continue working as expected.
Signed-off-by: David Hildenbrand <david@redhat.com>
----------------------------------------------------------------
David Hildenbrand (7):
binfmt: don't use MAP_DENYWRITE when loading shared libraries via uselib()
kernel/fork: factor out replacing the current MM exe_file
kernel/fork: always deny write access to current MM exe_file
binfmt: remove in-tree usage of MAP_DENYWRITE
mm: remove VM_DENYWRITE
mm: ignore MAP_DENYWRITE in ksys_mmap_pgoff()
fs: update documentation of get_write_access() and friends
arch/x86/ia32/ia32_aout.c | 8 ++--
fs/binfmt_aout.c | 7 ++--
fs/binfmt_elf.c | 6 +--
fs/binfmt_elf_fdpic.c | 2 +-
fs/exec.c | 4 +-
fs/proc/task_mmu.c | 1 -
include/linux/fs.h | 19 +++++----
include/linux/mm.h | 4 +-
include/linux/mman.h | 4 +-
include/trace/events/mmflags.h | 1 -
kernel/events/core.c | 2 -
kernel/fork.c | 95 +++++++++++++++++++++++++++++++++++++-----
kernel/sys.c | 33 +--------------
lib/test_printf.c | 5 +--
mm/mmap.c | 29 ++-----------
mm/nommu.c | 2 -
16 files changed, 119 insertions(+), 103 deletions(-)
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [GIT PULL] Remove in-tree usage of MAP_DENYWRITE
2021-09-04 15:46 [GIT PULL] Remove in-tree usage of MAP_DENYWRITE David Hildenbrand
@ 2021-09-04 19:00 ` pr-tracker-bot
0 siblings, 0 replies; 2+ messages in thread
From: pr-tracker-bot @ 2021-09-04 19:00 UTC (permalink / raw)
To: David Hildenbrand
Cc: Linus Torvalds, linux-kernel, linux-mm, Andrew Morton,
linux-fsdevel, Eric W . Biederman, David Hildenbrand
The pull request you sent on Sat, 4 Sep 2021 17:46:17 +0200:
> https://github.com/davidhildenbrand/linux.git tags/denywrite-for-5.15
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/49624efa65ac9889f4e7c7b2452b2e6ce42ba37d
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-09-04 19:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-04 15:46 [GIT PULL] Remove in-tree usage of MAP_DENYWRITE David Hildenbrand
2021-09-04 19:00 ` pr-tracker-bot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).