16 May
2023
16 May
'23
10:23 p.m.
On Tue, May 16, 2023 at 1:07 PM Kees Cook keescook@chromium.org wrote:
On Mon, May 15, 2023 at 01:05:49PM +0000, jeffxu@chromium.org wrote:
From: Jeff Xu jeffxu@google.com
This patch enables PKEY_ENFORCE_API for the mprotect and mprotect_pkey syscalls.
All callers are from userspace -- this change looks like a no-op?
Yes. All callers are from user space now. I am thinking about the future when someone adds a caller in kernel code and may miss the check. This is also consistent with munmap and other syscalls I plan to change. There are comments on do_mprotect_pkey() to describe how this flag is used.
-Kees
-- Kees Cook