[RFC v2 02/13] mm: Generalize the mprotect implementation to support extensions
Sakkinen, Jarkko
jarkko.sakkinen at intel.com
Thu Dec 6 08:08:35 UTC 2018
On Mon, 2018-12-03 at 23:39 -0800, Alison Schofield wrote:
> Today mprotect is implemented to support legacy mprotect behavior
> plus an extension for memory protection keys. Make it more generic
> so that it can support additional extensions in the future.
>
> This is done is preparation for adding a new system call for memory
> encyption keys. The intent is that the new encrypted mprotect will be
> another extension to legacy mprotect.
>
> Change-Id: Ib09b9d1b605b12d0254d7fb4968dfcc8e3c79dd7
What is this??
> Signed-off-by: Alison Schofield <alison.schofield at intel.com>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov at linux.intel.com>
> ---
> mm/mprotect.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/mm/mprotect.c b/mm/mprotect.c
> index df408956dccc..b57075e278fb 100644
> --- a/mm/mprotect.c
> +++ b/mm/mprotect.c
> @@ -35,6 +35,8 @@
>
> #include "internal.h"
>
> +#define NO_KEY -1
> +
> static unsigned long change_pte_range(struct vm_area_struct *vma, pmd_t *pmd,
> unsigned long addr, unsigned long end, pgprot_t newprot,
> int dirty_accountable, int prot_numa)
> @@ -451,9 +453,9 @@ mprotect_fixup(struct vm_area_struct *vma, struct
> vm_area_struct **pprev,
> }
>
> /*
> - * pkey==-1 when doing a legacy mprotect()
> + * When pkey==NO_KEY we get legacy mprotect behavior here.
> */
> -static int do_mprotect_pkey(unsigned long start, size_t len,
> +static int do_mprotect_ext(unsigned long start, size_t len,
> unsigned long prot, int pkey)
> {
> unsigned long nstart, end, tmp, reqprot;
> @@ -577,7 +579,7 @@ static int do_mprotect_pkey(unsigned long start, size_t
> len,
> SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len,
> unsigned long, prot)
> {
> - return do_mprotect_pkey(start, len, prot, -1);
> + return do_mprotect_ext(start, len, prot, NO_KEY);
> }
>
> #ifdef CONFIG_ARCH_HAS_PKEYS
> @@ -585,7 +587,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t,
> len,
> SYSCALL_DEFINE4(pkey_mprotect, unsigned long, start, size_t, len,
> unsigned long, prot, int, pkey)
> {
> - return do_mprotect_pkey(start, len, prot, pkey);
> + return do_mprotect_ext(start, len, prot, pkey);
> }
>
> SYSCALL_DEFINE2(pkey_alloc, unsigned long, flags, unsigned long, init_val)
Would squash this whatever this is required for. This split makes
review more complex (IMHO).
/Jarkko
More information about the Linux-security-module-archive
mailing list