Signed-off-by: Lev Olshvang <levonshe@xxxxxxxxx>
---
arch/x86/include/asm/mmu_context.h | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
index 4e55370e48e8..708135112d95 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
@@ -216,12 +216,19 @@ static inline void arch_unmap(struct mm_struct *mm, unsigned long start,
static inline bool arch_vma_access_permitted(struct vm_area_struct *vma,
bool write, bool execute, bool foreign)
{
- /* pkeys never affect instruction fetches */
+#ifdef CONFIG_PROTECT_READONLY_USER_MEMORY
+ /* Forbid write to PROT_READ pages of foreign process */
+ if (write && foreign && (!(vma->vm_flags & VM_WRITE)))
+ return false;
+#endif
+ /* Don't check PKRU since pkeys never affect instruction fetches */
if (execute)
return true;
+
/* allow access if the VMA is not one from this process */
if (foreign || vma_is_foreign(vma))
return true;
+
return __pkru_allows_pkey(vma_pkey(vma), write);
}
--
2.17.1
