On Mon, Jan 23, 2023 at 05:10:08PM +0100, David Hildenbrand wrote: > On 23.01.23 17:04, Catalin Marinas wrote: > > On Mon, Jan 23, 2023 at 01:53:46PM +0100, David Hildenbrand wrote: > > > That at least would be then similar to how we handle mmaped files: if the > > > file is not executable, we clear VM_MAYEXEC. If the file is not writable, we > > > clear VM_MAYWRITE. > > > > We still allow VM_MAYWRITE for private mappings, though we do clear > > VM_MAYEXEC if not executable. > > > > It would be nice to use VM_MAY* flags for this logic but we can only > > emulate MDWE if we change the semantics of 'MAY': only check the 'MAY' > > flags for permissions being changed (e.g. allow PROT_EXEC if the vma is > > already VM_EXEC even if !VM_MAYEXEC). Another issue is that we end up > > with some weird combinations like having VM_EXEC without VM_MAYEXEC > > (maybe that's fine). > > No, we wouldn't want VM_EXEC if VM_MAYEXEC is not set. I don't immediately > see how that would happen. You are right, this shouldn't happen. What I had in mind was the current MDWE model where after an mmap(PROT_EXEC), any mprotect(PROT_EXEC) is denied. But this series departs slightly from this since we want to allow PROT_EXEC if already executable. -- Catalin
