Hello, There are several ways to write data to write-protected page. For example, a process can write to /proc/self/mem to change read-only or even executable pages: https://offlinemark.com/2021/05/12/an-obscure-quirk-of-proc/ In this case, the kernel code will map the physical page with another access mode and change the data (FOLL_FORCE flag will ignore the access check). The problem is that no security hooks are called in this case. For example, the file_mprotect() LSM hook was designed to intercept process' attempts to remap memory pages. Particularly SELinux and IMA controlling, if a process is trying to make a code page writable. And this method allows to bypass it. Therefore, my question is, should all page modifications that ignores the protection mode call LSM hook prior to temporarily remapping the page? Thanks.
