Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1425494rwb; Thu, 1 Dec 2022 17:38:28 -0800 (PST) X-Google-Smtp-Source: AA0mqf5cnipDvE92XGshrzVpWZnNOHIVP8igfFMDYqcpyQ5U9S/56bVQ4wim1ZpweGboaAhLKRm4 X-Received: by 2002:a17:90b:4f45:b0:218:7146:6b3e with SMTP id pj5-20020a17090b4f4500b0021871466b3emr74620048pjb.149.1669945108147; Thu, 01 Dec 2022 17:38:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669945108; cv=none; d=google.com; s=arc-20160816; b=ogIrNcakIqH9XRmpjn4JOAr0QMqBdoF1zTc8woqIkDOZUZ6YJTWyLmB2dqRYKlhW81 Laqw6F1hhgmDei/BOpJPo4h/E17t5PiNWdkK9uaeNg3r34TtXm+d7APxBC+zHv/+oTpf bo+hKRlC0ksTiHoHI4AI79fvNtQBjIhaEgeAeZY05dwLASFXgL6ZZSnFPQCa1+8dmp4Q q63vTohc1wZV1VLCCghAFI31LvQy1vpbSJu9QaO6WS+twXnsfCiZnUecUBccUJUbo9iK bDzsK8ft9ON2rMgxdcUPQINF7bGgFbm6FXmEQVYmMdFEO4A6iD0v5srmJ7xJMDmB+Zix OJLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=MP31bsPSm9f+hAa3TK6LgXNEEfW0wwdldtJ51E5YYMM=; b=Dt12dGcNYUs4jv9UliC9eVrnjMbghMFqlYb5XYd1DQ339wc5xenIsD8OPAEaqteTpg QHmf55Q1FvCWtqVtKwwE6cVVFHUlU31aIRBgu0rKnLb0AzMc3Sgybt3eu2zEGNkQmk6C v1IwyUu3YcwZozIAasbO65daQySJtVSqH/ixZmf/6Jgwic0hEhi9sezc0yvdB1/IaRvt sh4d1dEyJs8Z8KB8Mipp9+k5kjLZ646mKP1KsBOXWTL9xRcy+udl/dFEXRdu5c4XVlJx RN2nRsPeEx+hEmeISgqFhD0N/LON32Qn2dxNysJsYtvNbJuxmyslv6garyFBDiuvA9k0 VyzQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=h54Ivo7q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 130-20020a621988000000b0057346470e4fsi5648045pfz.344.2022.12.01.17.38.17; Thu, 01 Dec 2022 17:38:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=h54Ivo7q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231824AbiLBBgP (ORCPT + 82 others); Thu, 1 Dec 2022 20:36:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231719AbiLBBf7 (ORCPT ); Thu, 1 Dec 2022 20:35:59 -0500 Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09818D2DA3 for ; Thu, 1 Dec 2022 17:35:58 -0800 (PST) Received: by mail-pg1-x52b.google.com with SMTP id h33so3169984pgm.9 for ; Thu, 01 Dec 2022 17:35:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=MP31bsPSm9f+hAa3TK6LgXNEEfW0wwdldtJ51E5YYMM=; b=h54Ivo7q4Zdaa4YfuGYp4JEDINKQlEWi8Y7JROzg8A6deqnzT+HJ3ASFvDkyQDhVPt 6bmrFOZPo7Ftex4TwpNnkPOGsFVX7JF7cuu99nPIRYwkovEhOOIAQSNjazxInWQoXHzy /tl+ViyHQ9zvXgJhzRK5IHKjw/NbaqwCPfWn4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MP31bsPSm9f+hAa3TK6LgXNEEfW0wwdldtJ51E5YYMM=; b=wbvoHG1l1LCprEOy88c/tXF+l5lA7CzY2UPws24EKb6okCvSw87w+byFEEVdXd3XJE cFME/wsvLhMa2iOwT59FONTtie4+tnNy0S+6U4g1WcbON6L825PsqETOId0T/KneVVaO 1U34d/jAzbpIDRJlU5JFBohxzV0n2RV1JswPIJHPyO9dtwsvXf/n2Du4bcFv+Y0WU89J vO3UHLuvBpJGlVAhBppiFovkWtMRlCipuGiCUuevpeqAaU9D4s8fwQTyX1GXcP3eJBN9 ZJ1fKWcgnM4B5IVRc2ClyKC0gYvGt+bxtpFdKoTJOgqzmOo6HjQE8Tyq8rPi+pyfvqCz l9gQ== X-Gm-Message-State: ANoB5pnrXJ+i6r/+sU/birdw7lEUgP01W7xCcjtl4PTx4lenH4Vef6BZ cVwXRxYNghJD2XU+hCu8zbnq/w== X-Received: by 2002:a63:185a:0:b0:476:e84c:ab63 with SMTP id 26-20020a63185a000000b00476e84cab63mr47437406pgy.496.1669944957535; Thu, 01 Dec 2022 17:35:57 -0800 (PST) Received: from jeffxud.c.googlers.com.com (30.202.168.34.bc.googleusercontent.com. [34.168.202.30]) by smtp.gmail.com with ESMTPSA id s13-20020a65690d000000b00477fb27eaddsm3074241pgq.63.2022.12.01.17.35.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 01 Dec 2022 17:35:57 -0800 (PST) From: jeffxu@chromium.org To: skhan@linuxfoundation.org, keescook@chromium.org Cc: akpm@linux-foundation.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, hughd@google.com, jeffxu@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, mnissler@chromium.org, jannh@google.com, linux-hardening@vger.kernel.org, Jeff Xu Subject: [PATCH v3] mm/memfd: Add write seals when apply SEAL_EXEC to executable memfd Date: Fri, 2 Dec 2022 01:34:04 +0000 Message-Id: <20221202013404.163143-7-jeffxu@google.com> X-Mailer: git-send-email 2.39.0.rc0.267.gcb52ba06e7-goog In-Reply-To: <20221202013404.163143-1-jeffxu@google.com> References: <20221202013404.163143-1-jeffxu@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jeff Xu When apply F_SEAL_EXEC to an executable memfd, add write seals also to prevent modification of memfd. Signed-off-by: Jeff Xu --- mm/memfd.c | 3 +++ tools/testing/selftests/memfd/memfd_test.c | 25 ++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/mm/memfd.c b/mm/memfd.c index 96dcfbfed09e..3a04c0698957 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -222,6 +222,9 @@ static int memfd_add_seals(struct file *file, unsigned int seals) } } + if (seals & F_SEAL_EXEC && inode->i_mode & 0111) + seals |= F_ALL_SEALS; + *file_seals |= seals; error = 0; diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c index 775c9e6c061e..0731e5b3cdce 100644 --- a/tools/testing/selftests/memfd/memfd_test.c +++ b/tools/testing/selftests/memfd/memfd_test.c @@ -32,6 +32,13 @@ #define F_SEAL_EXEC 0x0020 #endif +#define F_ALL_SEALS (F_SEAL_SEAL | \ + F_SEAL_SHRINK | \ + F_SEAL_GROW | \ + F_SEAL_WRITE | \ + F_SEAL_FUTURE_WRITE | \ + F_SEAL_EXEC) + #ifndef MAX_PATH #define MAX_PATH 256 #endif @@ -1006,6 +1013,7 @@ static void test_exec_seal(void) printf("%s SEAL-EXEC\n", memfd_str); + printf("%s Apply SEAL_EXEC\n", memfd_str); fd = mfd_assert_new("kern_memfd_seal_exec", mfd_def_size, MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_EXEC); @@ -1024,7 +1032,24 @@ static void test_exec_seal(void) mfd_fail_chmod(fd, 0700); mfd_fail_chmod(fd, 0100); mfd_assert_chmod(fd, 0666); + mfd_assert_write(fd); + close(fd); + + printf("%s Apply ALL_SEALS\n", memfd_str); + fd = mfd_assert_new("kern_memfd_seal_exec", + mfd_def_size, + MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_EXEC); + mfd_assert_mode(fd, 0777); + mfd_assert_chmod(fd, 0700); + + mfd_assert_has_seals(fd, 0); + mfd_assert_add_seals(fd, F_SEAL_EXEC); + mfd_assert_has_seals(fd, F_ALL_SEALS); + + mfd_fail_chmod(fd, 0711); + mfd_fail_chmod(fd, 0600); + mfd_fail_write(fd); close(fd); } -- 2.39.0.rc0.267.gcb52ba06e7-goog