Re: [RFC PATCH RESEND v2 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd

On Mon, Jan 06, 2025 at 09:35:09AM -0800, Jeff Xu wrote: > + Kees because this is related to W^X memfd and security. > > On Fri, Jan 3, 2025 at 7:04 AM Jann Horn wrote: > > > > On Fri, Jan 3, 2025 at 12:32 AM Isaac J. Manjarres > > wrote: > > > Android currently uses the ashmem driver [1] for cr

Re: [RFC PATCH RESEND v2 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd

On Fri, Jan 03, 2025 at 04:03:44PM +0100, Jann Horn wrote: > On Fri, Jan 3, 2025 at 12:32 AM Isaac J. Manjarres > wrote: > > Android currently uses the ashmem driver [1] for creating shared memory > > regions between processes. Ashmem buffers can initially be mapped with > > PROT_READ, PROT_WRITE,

Re: [RFC PATCH v1 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd

On Fri, Dec 06, 2024 at 09:14:58PM +, Lorenzo Stoakes wrote: > On Fri, Dec 06, 2024 at 12:48:09PM -0800, Isaac Manjarres wrote: > > On Fri, Dec 06, 2024 at 06:19:49PM +, Lorenzo Stoakes wrote: > > > On Thu, Dec 05, 2024 at 05:09:22PM -0800, Isaac J. Manjarres wrote: >

Re: [RFC PATCH v1 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd

On Fri, Dec 06, 2024 at 09:49:35AM -0800, Kalesh Singh wrote: > On Thu, Dec 5, 2024 at 5:09 PM Isaac J. Manjarres > wrote: > > --- a/mm/mmap.c > > +++ b/mm/mmap.c > > @@ -375,6 +375,17 @@ unsigned long do_mmap(struct file *file, unsigned long > > addr, > > if (!file_mmap_ok(file,

Re: [RFC PATCH v1 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd

On Fri, Dec 06, 2024 at 06:19:49PM +, Lorenzo Stoakes wrote: > On Thu, Dec 05, 2024 at 05:09:22PM -0800, Isaac J. Manjarres wrote: > > diff --git a/mm/mmap.c b/mm/mmap.c > > index b1b2a24ef82e..c7b96b057fda 100644 > > --- a/mm/mmap.c > > +++ b/mm/mmap.c > > @@ -375,6 +375,17 @@ unsigned long do

Re: [RFC PATCH v1 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd

On Thu, Jan 09, 2025 at 03:30:36PM -0800, Jeff Xu wrote: > On Wed, Jan 8, 2025 at 11:06 AM Lorenzo Stoakes > wrote: > > > > On Mon, Jan 06, 2025 at 04:44:33PM -0800, Kees Cook wrote: > > > On Mon, Jan 06, 2025 at 10:26:27AM -0800, Jeff Xu wrote: > > > > + Kees because this is related to W^X memfd

Re: [RFC PATCH v1 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd

On Tue, Jan 14, 2025 at 01:29:44PM -0800, Kees Cook wrote: > On Tue, Jan 14, 2025 at 12:02:28PM -0800, Isaac Manjarres wrote: > > I think the main issue in the threat model that I described is that > > an attacking process can gain control of a more priveleged process. > >