On Tue, Jul 04, 2023 at 05:36:28PM +0200, Florent Revest wrote:
> static inline int prctl_set_mdwe(unsigned long bits, unsigned long arg3,
> unsigned long arg4, unsigned long arg5)
> {
> + unsigned long current_bits;
> +
> if (arg3 || arg4 || arg5)
> return -EINVAL;
>
> - if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN))
> + if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT))
> + return -EINVAL;
> +
> + /* NO_INHERIT only makes sense with REFUSE_EXEC_GAIN */
> + if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN))
> return -EINVAL;
>
> + current_bits = get_current_mdwe();
> + if (current_bits && current_bits != bits)
> + return -EPERM; /* Cannot unset the flags */
> +
> + if (bits & PR_MDWE_NO_INHERIT)
> + set_bit(MMF_HAS_MDWE_NO_INHERIT, ¤t->mm->flags);
> if (bits & PR_MDWE_REFUSE_EXEC_GAIN)
> set_bit(MMF_HAS_MDWE, ¤t->mm->flags);
> - else if (test_bit(MMF_HAS_MDWE, ¤t->mm->flags))
> - return -EPERM; /* Cannot unset the flag */
>
> return 0;
> }
This works for me, it's easier to read. I don't expect a use-case where
the app starts with MDWE no-inherit, forks some new processes and wants
to turn inherit on for further forking.
> @@ -2384,9 +2406,7 @@ static inline int prctl_get_mdwe(unsigned long arg2, unsigned long arg3,
> {
> if (arg2 || arg3 || arg4 || arg5)
> return -EINVAL;
> -
> - return test_bit(MMF_HAS_MDWE, ¤t->mm->flags) ?
> - PR_MDWE_REFUSE_EXEC_GAIN : 0;
> + return (int)get_current_mdwe();
Nitpick: the type conversion should be handled by the compiler as
prctl_get_mdwe() returns an int already.
Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx>
