On Thu, 3 Dec 2015, Dave Hansen wrote: > > From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> > > Today, mprotect() takes 4 bits of data: PROT_READ/WRITE/EXEC/NONE. > Three of those bits: READ/WRITE/EXEC get translated directly in to > vma->vm_flags by calc_vm_prot_bits(). If a bit is unset in > mprotect()'s 'prot' argument then it must be cleared in vma->vm_flags > during the mprotect() call. > > We do the by first calculating the VMA flags we want set, then > clearing the ones we do not want to inherit from the original VMA: > > vm_flags = calc_vm_prot_bits(prot, key); > ... > newflags = vm_flags; > newflags |= (vma->vm_flags & ~(VM_READ | VM_WRITE | VM_EXEC)); > > However, we *also* want to mask off the original VMA's vm_flags in > which we store the protection key. > > To do that, this patch adds a new macro: > > ARCH_VM_FLAGS_AFFECTED_BY_MPROTECT -ENOSUCHMACRO > which allows the architecture to specify additional bits that it would > like cleared. We use that to ensure that the VM_PKEY_BIT* bits get > cleared. Other than that: Reviewed-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx> -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>