• Jeff Xu's avatar
    mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC · 105ff533
    Jeff Xu authored
    The new MFD_NOEXEC_SEAL and MFD_EXEC flags allows application to set
    executable bit at creation time (memfd_create).
    
    When MFD_NOEXEC_SEAL is set, memfd is created without executable bit
    (mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to be
    executable (mode: 0777) after creation.
    
    when MFD_EXEC flag is set, memfd is created with executable bit
    (mode:0777), this is the same as the old behavior of memfd_create.
    
    The new pid namespaced sysctl vm.memfd_noexec has 3 values:
    0: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
            MFD_EXEC was set.
    1: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like
            MFD_NOEXEC_SEAL was set.
    2: memfd_create() without MFD_NOEXEC_SEAL will be rejected.
    
    The sysctl allows finer control of memfd_create for old-software that
    doesn't set the executable bit, for example, a container with
    vm.memfd_noexec=1 means the old-software will create non-executable memfd
    by default.  Also, the value of memfd_noexec is passed to child namespace
    at creation time.  For example, if the init namespace has
    vm.memfd_noexec=2, all its children namespaces will be created with 2.
    
    [akpm@linux-foundation.org: add stub functions to fix build]
    [akpm@linux-foundation.org: remove unneeded register_pid_ns_ctl_table_vm() stub, per Jeff]
    [akpm@linux-foundation.org: s/pr_warn_ratelimited/pr_warn_once/, per review]
    [akpm@linux-foundation.org: fix CONFIG_SYSCTL=n warning]
    Link: https://lkml.kernel.org/r/20221215001205.51969-4-jeffxu@google.comSigned-off-by: default avatarJeff Xu <jeffxu@google.com>
    Co-developed-by: default avatarDaniel Verkamp <dverkamp@chromium.org>
    Signed-off-by: default avatarDaniel Verkamp <dverkamp@chromium.org>
    Reported-by: default avatarkernel test robot <lkp@intel.com>
    Reviewed-by: default avatarKees Cook <keescook@chromium.org>
    Cc: David Herrmann <dh.herrmann@gmail.com>
    Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
    Cc: Hugh Dickins <hughd@google.com>
    Cc: Jann Horn <jannh@google.com>
    Cc: Jorge Lucangeli Obes <jorgelo@chromium.org>
    Cc: Shuah Khan <skhan@linuxfoundation.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    105ff533
pid_namespace.c 11.4 KB