mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,190,441 Commits 103 Branches 4,995 Tags 5.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Go to file
Aleksa Sarai 6c7e870567 memfd: do not -EACCES old memfd_create() users with vm.memfd_noexec=2 
[ Upstream commit 202e14222f ]

Given the difficulty of auditing all of userspace to figure out whether
every memfd_create() user has switched to passing MFD_EXEC and
MFD_NOEXEC_SEAL flags, it seems far less distruptive to make it possible
for older programs that don't make use of executable memfds to run under
vm.memfd_noexec=2.  Otherwise, a small dependency change can result in
spurious errors.  For programs that don't use executable memfds, passing
MFD_NOEXEC_SEAL is functionally a no-op and thus having the same

In addition, every failure under vm.memfd_noexec=2 needs to print to the
kernel log so that userspace can figure out where the error came from.
The concerns about pr_warn_ratelimited() spam that caused the switch to
pr_warn_once()[1,2] do not apply to the vm.memfd_noexec=2 case.

This is a user-visible API change, but as it allows programs to do
something that would be blocked before, and the sysctl itself was broken
and recently released, it seems unlikely this will cause any issues.

[1]: https://lore.kernel.org/Y5yS8wCnuYGLHMj4@x1n/
[2]: https://lore.kernel.org/202212161233.85C9783FB@keescook/

Link: https://lkml.kernel.org/r/20230814-memfd-vm-noexec-uapi-fixes-v2-2-7ff9e3e10ba6@cyphar.com
Fixes: 105ff5339f ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Cc: Dominique Martinet <asmadeus@codewreck.org>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Daniel Verkamp <dverkamp@chromium.org>
Cc: Jeff Xu <jeffxu@google.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Shuah Khan <shuah@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-09-13 09:48:44 +02:00
Documentation regulator: dt-bindings: qcom,rpm: fix pattern for children 2023-09-13 09:48:42 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
arch LoongArch: Ensure FP/SIMD registers in the core dump file is up to date 2023-09-13 09:48:44 +02:00
block block: don't add or resize partition on the disk with GENHD_FL_NO_PART 2023-09-13 09:48:41 +02:00
certs KEYS: Add missing function documentation 2023-04-24 16:15:52 +03:00
crypto crypto: af_alg - Decrement struct key.usage in alg_set_by_key_serial() 2023-09-13 09:48:42 +02:00
drivers serial: sc16is7xx: fix regression with GPIO configuration 2023-09-13 09:48:44 +02:00
fs pstore/ram: Check start of empty przs during init 2023-09-13 09:48:42 +02:00
include memfd: do not -EACCES old memfd_create() users with vm.memfd_noexec=2 2023-09-13 09:48:44 +02:00
init sched/psi: Select KERNFS as needed 2023-09-13 09:47:58 +02:00
io_uring io_uring: Don't set affinity on a dying sqpoll thread 2023-09-13 09:48:40 +02:00
ipc Merge branch 'work.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2023-02-24 19:20:07 -08:00
kernel bpf: Fix issue in verifying allow_ptr_leaks 2023-09-13 09:48:41 +02:00
lib iov_iter: Fix iov_iter_extract_pages() with zero-sized entries 2023-09-13 09:48:42 +02:00
mm memfd: do not -EACCES old memfd_create() users with vm.memfd_noexec=2 2023-09-13 09:48:44 +02:00
net Bluetooth: HCI: Introduce HCI_QUIRK_BROKEN_LE_CODED 2023-09-13 09:48:44 +02:00
rust rust: macros: vtable: fix `HAS_*` redefinition (`gen_const_name`) 2023-08-23 17:32:36 +02:00
samples samples/bpf: fix broken map lookup probe 2023-09-13 09:48:06 +02:00
scripts scripts/gdb: fix 'lx-lsmod' show the wrong size 2023-09-13 09:48:05 +02:00
security smackfs: Prevent underflow in smk_set_cipso() 2023-09-13 09:48:16 +02:00
sound ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs. 2023-09-13 09:48:40 +02:00
tools memfd: do not -EACCES old memfd_create() users with vm.memfd_noexec=2 2023-09-13 09:48:44 +02:00
usr initramfs: Check negative timestamp to prevent broken cpio archive 2023-04-16 17:37:01 +09:00
virt kvm/vfio: ensure kvg instance stays around in kvm_vfio_group_add() 2023-09-13 09:48:21 +02:00
.clang-format cxl for v6.4 2023-04-30 11:51:51 -07:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for *.dtso files 2023-02-26 15:28:23 +09:00
.gitignore linux-kselftest-kunit-6.4-rc1 2023-04-24 12:31:32 -07:00
.mailmap mailmap: add entries for Ben Dooks 2023-06-19 13:19:35 -07:00
.rustfmt.toml rust: add `.rustfmt.toml` 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: sctp: move Neil to CREDITS 2023-05-12 08:51:32 +01:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Networking fixes for 6.4-rc8, including fixes from ipsec, bpf, 2023-06-22 17:59:51 -07:00
Makefile kbuild: rust_is_available: remove -v option 2023-09-13 09:48:03 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.