Check that the requested permission matches the constraints of input user capability pointer for mprotect syscall.
Signed-off-by: Amit Daniel Kachhap amitdaniel.kachhap@arm.com --- mm/mprotect.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/mm/mprotect.c b/mm/mprotect.c index 1c64a9df53a4..fbfa082cec6c 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -704,8 +704,10 @@ static int do_mprotect_pkey(user_uintptr_t user_ptr, size_t len, if (end <= start) return -ENOMEM;
- if (reserv_is_supported(current->mm) && !check_user_ptr_owning(user_ptr, start, len)) + if (reserv_is_supported(current->mm) && (!check_user_ptr_owning(user_ptr, start, len) || + !user_ptr_may_set_prot(user_ptr, prot))) return -EINVAL; + if (!arch_validate_prot(prot, start)) return -EINVAL;