From: Jeff Xu <jeffxu@xxxxxxxxxx>
This patch enables PKEY_ENFORCE_API for the mprotect and
mprotect_pkey syscalls.
Signed-off-by: Jeff Xu<jeffxu@xxxxxxxxxx>
---
mm/mprotect.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/mm/mprotect.c b/mm/mprotect.c
index 8a68fdca8487..1db30b8baac3 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -794,6 +794,17 @@ static int do_mprotect_pkey(unsigned long start, size_t len,
}
}
+ /*
+ * arch_check_pkey_enforce_api checks if current thread
+ * has the PKEY permission to modify the memory mapping.
+ * Note: this should only apply to the cases that do_mprotect_pkey
+ * is called from syscall entry. Ref. to munmap for other cases.
+ */
+ if (arch_check_pkey_enforce_api(current->mm, start, end) < 0) {
+ error = -EACCES;
+ goto out;
+ }
+
prev = vma_prev(&vmi);
if (start > vma->vm_start)
prev = vma;
--
2.40.1.606.ga4b1b128d6-goog
