[PATCH v5] powerpc: Do not make the entire heap executable

[Oleg Nesterov]

On 09/28, Kees Cook wrote:
>
> This is where the flags are actually built from what's coming in
> through the newly created exported function vm_brk_flags() below. The
> only flag we're acting on is VM_EXEC (passed in from set_brk() above).
> I think do_brk_flags() should mask the valid flags, or we'll regret it
> in the future. I'd like to see something like:
>
>     /* Until we need other flags, refuse anything except VM_EXEC. */
>     if ((flags & (~VM_EXEC)) != 0)
>         return -EINVAL;
>     flags |= VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;

I tried to suggest this too. In particular it would be simply wrong
to accept VM_LOCKED in flags.

Oleg.