• Aleksa Sarai's avatar
    memfd: do not -EACCES old memfd_create() users with vm.memfd_noexec=2 · 202e1422
    Aleksa Sarai authored
    Given the difficulty of auditing all of userspace to figure out whether
    every memfd_create() user has switched to passing MFD_EXEC and
    MFD_NOEXEC_SEAL flags, it seems far less distruptive to make it possible
    for older programs that don't make use of executable memfds to run under
    vm.memfd_noexec=2.  Otherwise, a small dependency change can result in
    spurious errors.  For programs that don't use executable memfds, passing
    MFD_NOEXEC_SEAL is functionally a no-op and thus having the same
    
    In addition, every failure under vm.memfd_noexec=2 needs to print to the
    kernel log so that userspace can figure out where the error came from. 
    The concerns about pr_warn_ratelimited() spam that caused the switch to
    pr_warn_once()[1,2] do not apply to the vm.memfd_noexec=2 case.
    
    This is a user-visible API change, but as it allows programs to do
    something that would be blocked before, and the sysctl itself was broken
    and recently released, it seems unlikely this will cause any issues.
    
    [1]: https://lore.kernel.org/Y5yS8wCnuYGLHMj4@x1n/
    [2]: https://lore.kernel.org/202212161233.85C9783FB@keescook/
    
    Link: https://lkml.kernel.org/r/20230814-memfd-vm-noexec-uapi-fixes-v2-2-7ff9e3e10ba6@cyphar.com
    Fixes: 105ff533 ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC")
    Signed-off-by: default avatarAleksa Sarai <cyphar@cyphar.com>
    Cc: Dominique Martinet <asmadeus@codewreck.org>
    Cc: Christian Brauner <brauner@kernel.org>
    Cc: Daniel Verkamp <dverkamp@chromium.org>
    Cc: Jeff Xu <jeffxu@google.com>
    Cc: Kees Cook <keescook@chromium.org>
    Cc: Shuah Khan <shuah@kernel.org>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    202e1422
memfd_test.c 28.6 KB