Merge branch 'next' into for-linus

Prepare input updates for 6.4 merge window.
author: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2023-05-01 15:20:08 -0700
committer: Dmitry Torokhov <dmitry.torokhov@gmail.com> 2023-05-01 15:20:08 -0700
commit: 9a87ffc99ec8eb8d35eed7c4f816d75f5cc9662e (patch)
tree: d57f3a63479a07b4e0cece029886e76e04feb984 /include/linux/mman.h
parent: 5dc63e56a9cf8df0b59c234a505a1653f1bdf885 (diff)
parent: 53bea86b5712c7491bb3dae12e271666df0a308c (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/include/linux/mman.h b/include/linux/mman.h
index 58b3abd457a3..cee1e4b566d8 100644
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
@@ -156,4 +156,38 @@ calc_vm_flag_bits(unsigned long flags)
 }
 
 unsigned long vm_commit_limit(void);
+
+/*
+ * Denies creating a writable executable mapping or gaining executable permissions.
+ *
+ * This denies the following:
+ *
+ * 	a)	mmap(PROT_WRITE | PROT_EXEC)
+ *
+ *	b)	mmap(PROT_WRITE)
+ *		mprotect(PROT_EXEC)
+ *
+ *	c)	mmap(PROT_WRITE)
+ *		mprotect(PROT_READ)
+ *		mprotect(PROT_EXEC)
+ *
+ * But allows the following:
+ *
+ *	d)	mmap(PROT_READ | PROT_EXEC)
+ *		mmap(PROT_READ | PROT_EXEC | PROT_BTI)
+ */
+static inline bool map_deny_write_exec(struct vm_area_struct *vma,  unsigned long vm_flags)
+{
+	if (!test_bit(MMF_HAS_MDWE, &current->mm->flags))
+		return false;
+
+	if ((vm_flags & VM_EXEC) && (vm_flags & VM_WRITE))
+		return true;
+
+	if (!(vma->vm_flags & VM_EXEC) && (vm_flags & VM_EXEC))
+		return true;
+
+	return false;
+}
+
 #endif /* _LINUX_MMAN_H */
author	Dmitry Torokhov <dmitry.torokhov@gmail.com>	2023-05-01 15:20:08 -0700
committer	Dmitry Torokhov <dmitry.torokhov@gmail.com>	2023-05-01 15:20:08 -0700
commit	9a87ffc99ec8eb8d35eed7c4f816d75f5cc9662e (patch)
tree	d57f3a63479a07b4e0cece029886e76e04feb984 /include/linux/mman.h
parent	5dc63e56a9cf8df0b59c234a505a1653f1bdf885 (diff)
parent	53bea86b5712c7491bb3dae12e271666df0a308c (diff)