[linux-morello] [PATCH RFC 19/19] mm/mprotect: Add capability permission constraints for PCuABI

10 Aug 2023

Check that the requested permission matches the constraints of input user
capability address for mprotect syscall.
Signed-off-by: Amit Daniel Kachhap amit.kachhap@arm.com
---
 mm/mprotect.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mm/mprotect.c b/mm/mprotect.c
index 68b190cbc493..eb9ccc9a1e8c 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -759,6 +759,8 @@ static int do_mprotect_pkey(user_uintptr_t user_start, size_t len,
    user_start = cheri_address_set(user_start, start);
    if (!capability_owns_range(user_start, start, len))
    	return -EINVAL;
+	if (!capability_may_set_prot(user_start, prot))
+		return -EINVAL;
 #endif
    if (!arch_validate_prot(prot, start))
    	return -EINVAL;
-- 
2.25.1


    

2024

2023

2022

[linux-morello] [PATCH RFC 19/19] mm/mprotect: Add capability permission constraints for PCuABI