uaddr_to_user_ptr_safe() (called by elf_uaddr_to_user_ptr()) will soon return capabilities without the special permissions Seal/Unseal/CompartmentID. We should therefore initialise AT_CHERI_{SEAL,CID}_CAP with the corresponding root capabilities that linux/cheri.h now provides.
Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com --- fs/binfmt_elf.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index e7c8f6b73309..1d82465cb9e9 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -46,13 +46,10 @@ #include <linux/cred.h> #include <linux/dax.h> #include <linux/uaccess.h> +#include <linux/cheri.h> #include <asm/param.h> #include <asm/page.h>
-#ifdef CONFIG_CHERI_PURECAP_UABI -#include <cheriintrin.h> -#endif - #ifndef ELF_COMPAT #define ELF_COMPAT 0 #endif @@ -328,9 +325,8 @@ create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec, elf_uaddr_to_user_ptr(interp_load_info->start_elf_rx) : NULL)); NEW_AUX_ENT(AT_CHERI_STACK_CAP, elf_uaddr_to_user_ptr(0)); - NEW_AUX_ENT(AT_CHERI_SEAL_CAP, - cheri_bounds_set_exact(elf_uaddr_to_user_ptr(0), 1 << 15)); - NEW_AUX_ENT(AT_CHERI_CID_CAP, elf_uaddr_to_user_ptr(0)); + NEW_AUX_ENT(AT_CHERI_SEAL_CAP, cheri_user_root_seal_cap); + NEW_AUX_ENT(AT_CHERI_CID_CAP, cheri_user_root_cid_cap);
/* * Since the auxv entries are inserted into the mm struct before the