Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mmap: explicitly expose capability permissions #2191

Merged
merged 3 commits into from
Sep 13, 2024
Merged

mmap: explicitly expose capability permissions #2191

merged 3 commits into from
Sep 13, 2024

Commits on Sep 4, 2024

  1. kern_mmap: use _PROT_ALL instead of a list 

    Use _PROT_ALL instead of ORing all the flags.
    @brooksdavis
    brooksdavis committed Sep 4, 2024
    Configuration menu
    Copy the full SHA
    f04f787 View commit details
    Browse the repository at this point in the history

  2. vm: make VM_PROT_ADD_CAP a statement expression (NFC) 

    Refactor VM_PROT_ADD_CAP() macro to use a statement expression and if
statements.  Eliminates multiple expansion of the prot argument and
prepares for future changes allowing explicit capablity permission
selection.
    @brooksdavis
    brooksdavis committed Sep 4, 2024
    Configuration menu
    Copy the full SHA
    72196e6 View commit details
    Browse the repository at this point in the history

  3. mmap: explicitly expose capability permissions 

    Introduce two new PROT_ values PROT_CAP and PROT_NO_CAP.  They combine
to allow capability permissions to be implied in unmodified code using
PROT_READ and PROT_WRITE which allowing capability permissions to be set
or unset explicity.

If either of PROT_CAP or PROT_NO_CAP are set, then the value of
the PROT_CAP flag bit defines the page protections and capability
permissions for a given mapping.

In the underlying implementation, PROT_CAP maps to VM_PROT_READ_CAP and
VM_PROT_WRITE_CAP depending on the values of PROT_READ and PROT_WRITE.
PROT_NO_CAP maps to a new VM_PROT_NO_IMPLY_CAP.  VM_PROT_NO_IMPLY_CAP
is used transiently in fo_mmap implementations to avoid accidently
adding capability permission and is also added to vm_entry's
max_protection to allow superset tests to succeed when reducing
capability permissions on a mapping via mmap or mprotect.
    @brooksdavis
    brooksdavis committed Sep 4, 2024
    Configuration menu
    Copy the full SHA
    674ece8 View commit details
    Browse the repository at this point in the history