Commit 49624efa authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'denywrite-for-5.15' of git://github.com/davidhildenbrand/linux 

Pull MAP_DENYWRITE removal from David Hildenbrand:
 "Remove all in-tree usage of MAP_DENYWRITE from the kernel and remove
  VM_DENYWRITE.

  There are some (minor) user-visible changes:

   - We no longer deny write access to shared libaries loaded via legacy
     uselib(); this behavior matches modern user space e.g. dlopen().

   - We no longer deny write access to the elf interpreter after exec
     completed, treating it just like shared libraries (which it often
     is).

   - We always deny write access to the file linked via /proc/pid/exe:
     sys_prctl(PR_SET_MM_MAP/EXE_FILE) will fail if write access to the
     file cannot be denied, and write access to the file will remain
     denied until the link is effectivel gone (exec, termination,
     sys_prctl(PR_SET_MM_MAP/EXE_FILE)) -- just as if exec'ing the file.

  Cross-compiled for a bunch of architectures (alpha, microblaze, i386,
  s390x, ...) and verified via ltp that especially the relevant tests
  (i.e., creat07 and execve04) continue working as expected"

* tag 'denywrite-for-5.15' of git://github.com/davidhildenbrand/linux:
  fs: update documentation of get_write_access() and friends
  mm: ignore MAP_DENYWRITE in ksys_mmap_pgoff()
  mm: remove VM_DENYWRITE
  binfmt: remove in-tree usage of MAP_DENYWRITE
  kernel/fork: always deny write access to current MM exe_file
  kernel/fork: factor out replacing the current MM exe_file
  binfmt: don't use MAP_DENYWRITE when loading shared libraries via uselib()
parents f7464060 592ca09b

arch/x86/ia32/ia32_aout.c

+3 −5
Original line number Diff line number Diff line
@@ -202,8 +202,7 @@ static int load_aout_binary(struct linux_binprm *bprm) 


		error = vm_mmap(bprm->file, N_TXTADDR(ex), ex.a_text,

				PROT_READ | PROT_EXEC,

				MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE |

				MAP_32BIT,

				MAP_FIXED | MAP_PRIVATE | MAP_32BIT,

				fd_offset);



		if (error != N_TXTADDR(ex))
@@ -211,8 +210,7 @@ static int load_aout_binary(struct linux_binprm *bprm) 


		error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data,

				PROT_READ | PROT_WRITE | PROT_EXEC,

				MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE |

				MAP_32BIT,

				MAP_FIXED | MAP_PRIVATE | MAP_32BIT,

				fd_offset + ex.a_text);

		if (error != N_DATADDR(ex))

			return error;
@@ -293,7 +291,7 @@ static int load_aout_library(struct file *file) 
	/* Now use mmap to map the library into memory. */

	error = vm_mmap(file, start_addr, ex.a_text + ex.a_data,

			PROT_READ | PROT_WRITE | PROT_EXEC,

			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_32BIT,

			MAP_FIXED | MAP_PRIVATE | MAP_32BIT,

			N_TXTOFF(ex));

	retval = error;

	if (error != start_addr)

fs/binfmt_aout.c

+3 −4
Original line number Diff line number Diff line
@@ -221,8 +221,7 @@ static int load_aout_binary(struct linux_binprm * bprm) 
		}



		error = vm_mmap(bprm->file, N_TXTADDR(ex), ex.a_text,

			PROT_READ | PROT_EXEC,

			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,

			PROT_READ | PROT_EXEC, MAP_FIXED | MAP_PRIVATE,

			fd_offset);



		if (error != N_TXTADDR(ex))
@@ -230,7 +229,7 @@ static int load_aout_binary(struct linux_binprm * bprm) 


		error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data,

				PROT_READ | PROT_WRITE | PROT_EXEC,

				MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,

				MAP_FIXED | MAP_PRIVATE,

				fd_offset + ex.a_text);

		if (error != N_DATADDR(ex))

			return error;
@@ -309,7 +308,7 @@ static int load_aout_library(struct file *file) 
	/* Now use mmap to map the library into memory. */

	error = vm_mmap(file, start_addr, ex.a_text + ex.a_data,

			PROT_READ | PROT_WRITE | PROT_EXEC,

			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,

			MAP_FIXED | MAP_PRIVATE;

			N_TXTOFF(ex));

	retval = error;

	if (error != start_addr)

fs/binfmt_elf.c

+3 −3
Original line number Diff line number Diff line
@@ -622,7 +622,7 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, 
	eppnt = interp_elf_phdata;

	for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {

		if (eppnt->p_type == PT_LOAD) {

			int elf_type = MAP_PRIVATE | MAP_DENYWRITE;

			int elf_type = MAP_PRIVATE;

			int elf_prot = make_prot(eppnt->p_flags, arch_state,

						 true, true);

			unsigned long vaddr = 0;
@@ -1070,7 +1070,7 @@ static int load_elf_binary(struct linux_binprm *bprm) 
		elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,

				     !!interpreter, false);



		elf_flags = MAP_PRIVATE | MAP_DENYWRITE;

		elf_flags = MAP_PRIVATE;



		vaddr = elf_ppnt->p_vaddr;

		/*
@@ -1384,7 +1384,7 @@ static int load_elf_library(struct file *file) 
			(eppnt->p_filesz +

			 ELF_PAGEOFFSET(eppnt->p_vaddr)),

			PROT_READ | PROT_WRITE | PROT_EXEC,

			MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,

			MAP_FIXED_NOREPLACE | MAP_PRIVATE,

			(eppnt->p_offset -

			 ELF_PAGEOFFSET(eppnt->p_vaddr)));

	if (error != ELF_PAGESTART(eppnt->p_vaddr))

fs/binfmt_elf_fdpic.c

+1 −1
Original line number Diff line number Diff line
@@ -1041,7 +1041,7 @@ static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *params, 
		if (phdr->p_flags & PF_W) prot |= PROT_WRITE;

		if (phdr->p_flags & PF_X) prot |= PROT_EXEC;



		flags = MAP_PRIVATE | MAP_DENYWRITE;

		flags = MAP_PRIVATE;

		maddr = 0;



		switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) {

fs/exec.c

+3 −1
Original line number Diff line number Diff line
@@ -1272,7 +1272,9 @@ int begin_new_exec(struct linux_binprm * bprm) 
	 * not visibile until then. This also enables the update

	 * to be lockless.

	 */

	set_mm_exe_file(bprm->mm, bprm->file);

	retval = set_mm_exe_file(bprm->mm, bprm->file);

	if (retval)

		goto out;



	/* If the binary is not readable then enforce mm->dumpable=0 */

	would_dump(bprm, bprm->file);