[PATCH 4.17 045/220] powerpc/pkeys: Detach execute_only key on !PROT_EXEC

From: Greg Kroah-Hartman
Date: Sun Jul 01 2018 - 13:20:45 EST

4.17-stable review patch. If anyone has any objections, please let me know.


From: Ram Pai <linuxram@xxxxxxxxxx>

commit eabdb8ca8690eedd461e61ea7780595fbbae8132 upstream.

Disassociate the exec_key from a VMA if the VMA permission is not
PROT_EXEC anymore. Otherwise the exec_only key continues to be
associated with the vma, causing unexpected behavior.

The problem was reported on x86 by Shakeel Butt, which is also
applicable on powerpc.

Fixes: 5586cf61e108 ("powerpc: introduce execute-only pkey")
Cc: stable@xxxxxxxxxxxxxxx # v4.16+
Reported-by: Shakeel Butt <shakeelb@xxxxxxxxxx>
Signed-off-by: Ram Pai <linuxram@xxxxxxxxxx>
Reviewed-by: Thiago Jung Bauermann <bauerman@xxxxxxxxxxxxx>
Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

arch/powerpc/mm/pkeys.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

--- a/arch/powerpc/mm/pkeys.c
+++ b/arch/powerpc/mm/pkeys.c
@@ -383,9 +383,9 @@ int __arch_override_mprotect_pkey(struct
* If the currently associated pkey is execute-only, but the requested
- * protection requires read or write, move it back to the default pkey.
+ * protection is not execute-only, move it back to the default pkey.
- if (vma_is_pkey_exec_only(vma) && (prot & (PROT_READ | PROT_WRITE)))
+ if (vma_is_pkey_exec_only(vma) && (prot != PROT_EXEC))
return 0;