Check that the permission of new user address does not exceed the permission of old user address for mremap syscall.
Signed-off-by: Amit Daniel Kachhap amitdaniel.kachhap@arm.com --- mm/mremap.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/mm/mremap.c b/mm/mremap.c index 2e2955417730..d36ed780bca8 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -996,6 +996,9 @@ SYSCALL_DEFINE5(__retptr__(mremap), user_uintptr_t, usrptr, unsigned long, old_l if ((flags & MREMAP_FIXED)) { if (!capability_owns_range(new_usrptr, new_addr, new_len)) goto out; + if ((cheri_perms_get(usrptr) | cheri_perms_get(new_usrptr)) + != cheri_perms_get(usrptr)) + goto out; if (!reserv_vmi_valid_capability(&vmi, new_usrptr, true)) { ret = -ERESERVATION; goto out;