Re: [PATCH v27 30/31] mm: Update arch_validate_flags() to test vma anonymous

From: Yu, Yu-cheng
Date: Tue May 25 2021 - 11:05:16 EST

On 5/25/2021 4:00 AM, Catalin Marinas wrote:
On Fri, May 21, 2021 at 03:12:10PM -0700, Yu-cheng Yu wrote:
When newer VM flags are being created, such as VM_MTE, it becomes necessary
for mmap/mprotect to verify if certain flags are being applied to an
anonymous VMA.

To solve this, one approach is adding a VM flag to track that MAP_ANONYMOUS
is specified [1], and then using the flag in arch_validate_flags().

Another approach is passing the VMA to arch_validate_flags(), and check

To prepare the introduction of PROT_SHADOW_STACK, which creates a shadow
stack mapping and can be applied only to an anonymous VMA, update
arch_validate_flags() to pass in the VMA.

[1] commit 9f3419315f3c ("arm64: mte: Add PROT_MTE support to mmap() and mprotect()"),

Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
Reviewed-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
Cc: Catalin Marinas <catalin.marinas@xxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Vincenzo Frascino <vincenzo.frascino@xxxxxxx>
Cc: Will Deacon <will@xxxxxxxxxx>

For arm64:

Acked-by: Catalin Marinas <catalin.marinas@xxxxxxx>