Check that the permission of new user address does not exceed the permission of old user address for mremap syscall.
Signed-off-by: Amit Daniel Kachhap amit.kachhap@arm.com --- mm/mremap.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/mm/mremap.c b/mm/mremap.c index 57a21cf833a2..e90d7698a3dd 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -989,6 +989,9 @@ SYSCALL_DEFINE5(__retptr__(mremap), user_uintptr_t, user_addr, unsigned long, ol if (cheri_tag_get(user_new_addr)) { if (!capability_owns_range(user_new_addr, new_addr, new_len)) return ret; + if ((cheri_perms_get(user_addr) | cheri_perms_get(user_new_addr)) + != cheri_perms_get(user_addr)) + return ret; } else { if (!cheri_is_null_derived(user_new_addr)) return ret;