Re: [PATCH 27/34] x86, pkeys: make mprotect_key() mask off additional vm_flags

[Thomas Gleixner]

On Thu, 3 Dec 2015, Dave Hansen wrote:
> 
> From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> 
> Today, mprotect() takes 4 bits of data: PROT_READ/WRITE/EXEC/NONE.
> Three of those bits: READ/WRITE/EXEC get translated directly in to
> vma->vm_flags by calc_vm_prot_bits().  If a bit is unset in
> mprotect()'s 'prot' argument then it must be cleared in vma->vm_flags
> during the mprotect() call.
> 
> We do the by first calculating the VMA flags we want set, then
> clearing the ones we do not want to inherit from the original VMA:
> 
> 	vm_flags = calc_vm_prot_bits(prot, key);
> 	...
> 	newflags = vm_flags;
> 	newflags |= (vma->vm_flags & ~(VM_READ | VM_WRITE | VM_EXEC));
> 
> However, we *also* want to mask off the original VMA's vm_flags in
> which we store the protection key.
> 
> To do that, this patch adds a new macro:
> 
> 	ARCH_VM_FLAGS_AFFECTED_BY_MPROTECT

-ENOSUCHMACRO
 
> which allows the architecture to specify additional bits that it would
> like cleared.  We use that to ensure that the VM_PKEY_BIT* bits get
> cleared.

Other than that: Reviewed-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/