On 24/11/2022 17:40, Tudor Cretu wrote:
Remove the hardcoded assumption that all shared mappings are untagged. Mapping's store capability permission is given explicitly using VM_WRITE_CAPS, so check against that.
Signed-off-by: Tudor Cretu tudor.cretu@arm.com
arch/arm64/kernel/morello.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/arch/arm64/kernel/morello.c b/arch/arm64/kernel/morello.c index ccbf26e77919..74442d5caf9f 100644 --- a/arch/arm64/kernel/morello.c +++ b/arch/arm64/kernel/morello.c @@ -187,14 +187,13 @@ static int access_remote_cap(struct task_struct *tsk, struct mm_struct *mm, if (write) { /*
* Disallow writing a valid (tagged) capability to an untagged* mapping (currently all shared mappings are untagged, this may* change in the future).
* Disallow writing a valid (tagged) capability to a mapping* without store capability permission.*/
- Reading/writing an untagged capability is always allowed
- (just like regular load and store instructions).
if (user_cap->tag && (vma->vm_flags & VM_SHARED)) {
if (user_cap->tag && (vma->vm_flags & VM_WRITE_CAPS)) {
That's missing a negation :) The easiest way to test this change is with Morello GDB - make sure to enable the cheri.ptrace_forge_cap sysctl, and you should then be able to write capabilities in private mappings. Easiest is probably to have a global capability and write to it using e.g. `set var g_cap=$pcc`, see also [1] on that syntax.
Kevin
[1] https://sourceware.org/gdb/current/onlinedocs/gdb/Assignment.html
ret = -EOPNOTSUPP; goto out_put; }