The existing userspace may not use the maximum protection bits in the protection flags introduced by PCuABI and hence such applications may have inconsistency in the memory protection flag updated via mprotect() syscall with the capability permission bits.
Reduce the impact of such failures by setting the capability to maximum permission if no maximum protection bits are detected.
Signed-off-by: Amit Daniel Kachhap amit.kachhap@arm.com --- lib/cap_addr_mgmt.c | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/lib/cap_addr_mgmt.c b/lib/cap_addr_mgmt.c index f2e290696e73..fef7791f5941 100644 --- a/lib/cap_addr_mgmt.c +++ b/lib/cap_addr_mgmt.c @@ -218,6 +218,12 @@ uintcap_t build_owning_capability(unsigned long start, unsigned long len, int pr unsigned long align_len = cheri_representable_length(round_up(len, PAGE_SIZE)); cheri_perms_t perms = 0;
+ if (!PROT_MAX_EXTRACT(prot)) { + perms = CHERI_PERMS_READ | CHERI_PERMS_WRITE | + CHERI_PERMS_EXEC | CHERI_PERMS_ROOTCAP; + goto skip_calc_perm; + } + if (mapping_may_have_prot_flag(prot, PROT_READ)) { perms |= CHERI_PERM_LOAD; if (has_tag_access) @@ -238,6 +244,7 @@ uintcap_t build_owning_capability(unsigned long start, unsigned long len, int pr perms |= arch_map_to_cap_perm(PROT_MAX_EXTRACT(prot) ? PROT_MAX_EXTRACT(prot) : prot, has_tag_access); perms |= CHERI_PERMS_ROOTCAP; +skip_calc_perm:
return (uintcap_t)cheri_build_user_cap(align_start, align_len, perms); }