Re: [PATCH 3/6] PKEY: Apply PKEY_ENFORCE_API to mprotect

From: Jeff Xu
Date: Tue May 16 2023 - 18:24:27 EST

Next message: Jeff Xu: "Re: [PATCH 5/6] KEY: Apply PKEY_ENFORCE_API to munmap"
Previous message: Fabio Estevam: "Re: [PATCH v2 2/2] drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec"
In reply to: Kees Cook: "Re: [PATCH 3/6] PKEY: Apply PKEY_ENFORCE_API to mprotect"
Next in thread: Dave Hansen: "Re: [PATCH 3/6] PKEY: Apply PKEY_ENFORCE_API to mprotect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 16, 2023 at 1:07 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> On Mon, May 15, 2023 at 01:05:49PM +0000, jeffxu@xxxxxxxxxxxx wrote:
> > From: Jeff Xu <jeffxu@xxxxxxxxxx>
> >
> > This patch enables PKEY_ENFORCE_API for the mprotect and
> > mprotect_pkey syscalls.
>
> All callers are from userspace -- this change looks like a no-op?
>
Yes. All callers are from user space now.
I am thinking about the future when someone adds a caller in kernel
code and may miss the check.
This is also consistent with munmap and other syscalls I plan to change.
There are comments on do_mprotect_pkey() to describe how this flag is used.

> -Kees
>
> --
> Kees Cook

Next message: Jeff Xu: "Re: [PATCH 5/6] KEY: Apply PKEY_ENFORCE_API to munmap"
Previous message: Fabio Estevam: "Re: [PATCH v2 2/2] drm/bridge: ti-sn65dsi83: Fix enable/disable flow to meet spec"
In reply to: Kees Cook: "Re: [PATCH 3/6] PKEY: Apply PKEY_ENFORCE_API to mprotect"
Next in thread: Dave Hansen: "Re: [PATCH 3/6] PKEY: Apply PKEY_ENFORCE_API to mprotect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]