From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2991FEE4993 for ; Tue, 22 Aug 2023 09:10:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A31DF28000F; Tue, 22 Aug 2023 05:10:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9E1E690000D; Tue, 22 Aug 2023 05:10:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8AA3428000F; Tue, 22 Aug 2023 05:10:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 76C2390000D for ; Tue, 22 Aug 2023 05:10:15 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 4BB3580264 for ; Tue, 22 Aug 2023 09:10:15 +0000 (UTC) X-FDA: 81151169190.04.19240BA Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf30.hostedemail.com (Postfix) with ESMTP id AF0328000C for ; Tue, 22 Aug 2023 09:10:13 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=dt1q16xZ; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of brauner@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=brauner@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1692695413; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pkWCAVItDtAYwesNKJ2IPKMzoORFIlvZHNX8Uzfv3SA=; b=bTjKQozCRNHjazZ7dSxihivsHmg1lHNeSCQwuoZet/gZntI/dvKL+qS3utrft2cRUx+7Mn Pma7fRPkMX4X8u2RZJVHwnJ9DjbqM5XO7gXlBn8CYSHY7clkiru6RX5sbwrtyK5Ws2+l/8 GzqlA2PG+NgsF91GG0G7aLVyyNuZwfg= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=dt1q16xZ; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf30.hostedemail.com: domain of brauner@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=brauner@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1692695413; a=rsa-sha256; cv=none; b=V7MYA1/vsdErybNFpY0pF4Gtp7HHcSEkup3NnoaITBpd60vrfKpfbiNSlEtzelGBllL2YA ZTJD2WZouYYUTlsbCemZFAQPkTM1mLn8wFzfL0Yk6ESkqS7gpv9IDG9CQfgdgZaepxMUl3 5Ll9AjkLAbBuRujUEBsiSLlNHYjfRGs= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DBC4464F87; Tue, 22 Aug 2023 09:10:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 8B12BC433C7; Tue, 22 Aug 2023 09:10:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1692695412; bh=pQisISmZ66AdEx39jJ4009uh0Yx/8HETEG0JPihLCHM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=dt1q16xZ4wVawYqxKyc7pTbYu+xIoHKLpdt4WziTYiykP4mBCSsx9VyKV3nGdWZuB CGlsfHp0LveeO9NIsm2e6txPBhrMJk1AjqMm2owxcsfgIRV8U6Tt291oP3dqGDBQwG gDHLPYuO5I1KGNzPSmFaAQ13Ck4sdojjeTz3R2DLhRG6otJRWx1AbClFee5WLwQArS PEQ+W/rcU+hY/C9pH9HW980wqKbHfsBj2syDGyGfJ4KcbpYfg7B6yf6QcxIUaEjVGF QYWB8QtIcGfFThWJC6mqnrDF7sLKwARR06oIWqrbVYOF+L5uhBGCzY8GFgI7AqFe2D prG6ZSWsJIrdA== Date: Tue, 22 Aug 2023 11:10:06 +0200 From: Christian Brauner To: Aleksa Sarai Cc: Andrew Morton , Shuah Khan , Jeff Xu , Kees Cook , Daniel Verkamp , Dominique Martinet , stable@vger.kernel.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH v2 3/5] memfd: improve userspace warnings for missing exec-related flags Message-ID: <20230822-seenotrettung-bungalow-a4ea576f6f85@brauner> References: <20230814-memfd-vm-noexec-uapi-fixes-v2-0-7ff9e3e10ba6@cyphar.com> <20230814-memfd-vm-noexec-uapi-fixes-v2-3-7ff9e3e10ba6@cyphar.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230814-memfd-vm-noexec-uapi-fixes-v2-3-7ff9e3e10ba6@cyphar.com> X-Rspam-User: X-Stat-Signature: xc9yk1o833sfwjmfhz49ggjhsfsehtrn X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: AF0328000C X-HE-Tag: 1692695413-464275 X-HE-Meta: U2FsdGVkX199JOTmyGVQlDSowZTWJjtAc64UlfvsdLJvzD4x61bbt7ru7EEMrSiurDykrjEVQOyVfYxcHiErBkyn3pVOFlA6NmEBXIdrifpqADPJChZ3Q7VGu+2x57dltdO+6ZfunxaSQ5C7UzDdhMiLc0ymCq+pszAB0J0TXsBl7ZymhPSd6rXTF5E+pSvaKMG6OXBn4h9SSIgKiEA3G7i1EDP5FUTVz4HxSzbCzGyBE8TfyQ00thOr4f73Hk8FZZz77zDVmPIjOueTjo9I0ycFMYwy1PEWsvEHRHU4UdlvvVz3+XI+aNsr1adhfUq2zEgZQ//qvQ2g9xx0CZWizzq4g9ip6UjfhaathTs8Pf/0JCyEYh5j2Dw6OYkZ+/5RTL1DOsa8+BJq5t7iw1g4hHdTA9AZHdhq2XQjfgnI1i811oFwka6fvCVZXtNLRAQ4NjMOQy9WxSvctweVmQtql7PmwAItYCGfZ+De3O3op7zE9OMFyduEiHaP+7eq1SgBEZzzngY/7HOoSg0QFLbs3otV1Nz3c6kQ78NV7Qtd9+kObCyW90ix9dz4v8PlDnMfJkzcBxz0XwKg+ZkXN5DnJ2LhDPPNXJUOPtat8j1sAKH+zPAE4So1nQ9DCrpTPcdK01cy4SexZ4euvxfsNtBcmQ6WXxhhowJ3woK2zA09H+3G2Xn7D4fdqia1tV3zGjqE8aTvEOxOlx4v7W+DwDUpSlSe83xjK4gJjnrSu9dV5f9Y+AnWfBvSuIHL7rEGRGvSba/XLIqY/nNbvwijXDKZR/X56V0DMb85cfOCDTGDgqiRDRqn1HptHSAm28n8jhPY2TKpxadQjPUwf/V9q6Q3UpqOvrK4Edk9Da1I44w+xtfzBT/6jsYKXQp5z/Jvfcvs0YwbbL8Lm0VRyi4htLtJuwOfNLtFFn0pkf027qmxbgmjT4HJ69DgfrCTVIyzwWDLySsCfOdqlDus5Ex2M72 gjyTvH+e PEvfsBXREPybU8WsK7sF//s+HdYebzsXHV3FphtocKQlIiPs8qDChq7usijuzCs7iDbofl+No/5u0SB/wy2ESBBuQXNCpzc2oObfIioKBeT0DEkSAs/3Rlm3zMdDtg+rTTRcLqSAlo+RlnafwvSPLz8jQ64Cb5KFu7m0NAKO7FWc+72SitaczaMPzLpjaxG8369bYbwurIPSkdq28e7z3FlV2VehV+ftqUqAM0lGI1yoCn6jUgX0GTGuiDKUjPwf6Sn1NYhM+JUFuOfVF7LncrvsMJiRrAVykl+IQUBi71Flc2kGo7+DCfT3JU/UKAdsCE6aK9vYjyM/jjmjakPcqLpD/Xvf75YzAzTx0ZxGrV3KwDy3fXC77m6CzOCQxlZnB3LRR9SKYfmLAc2HHROE198qXfUaK+YCh8Fy9Nr843HxN/fr2gpbvfD4VsgrAwkqVR0R2VxwQvMdbBX1vnLT6bmps/fkdLJ4vaw2uUe9uc4lfcFE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Aug 14, 2023 at 06:40:59PM +1000, Aleksa Sarai wrote: > In order to incentivise userspace to switch to passing MFD_EXEC and > MFD_NOEXEC_SEAL, we need to provide a warning on each attempt to call > memfd_create() without the new flags. pr_warn_once() is not useful > because on most systems the one warning is burned up during the boot > process (on my system, systemd does this within the first second of > boot) and thus userspace will in practice never see the warnings to push > them to switch to the new flags. > > The original patchset[1] used pr_warn_ratelimited(), however there were > concerns about the degree of spam in the kernel log[2,3]. The resulting > inability to detect every case was flagged as an issue at the time[4]. > > While we could come up with an alternative rate-limiting scheme such as > only outputting the message if vm.memfd_noexec has been modified, or > only outputting the message once for a given task, these alternatives > have downsides that don't make sense given how low-stakes a single > kernel warning message is. Switching to pr_info_ratelimited() instead > should be fine -- it's possible some monitoring tool will be unhappy > with a stream of warning-level messages but there's already plenty of > info-level message spam in dmesg. > > [1]: https://lore.kernel.org/20221215001205.51969-4-jeffxu@google.com/ > [2]: https://lore.kernel.org/202212161233.85C9783FB@keescook/ > [3]: https://lore.kernel.org/Y5yS8wCnuYGLHMj4@x1n/ > [4]: https://lore.kernel.org/f185bb42-b29c-977e-312e-3349eea15383@linuxfoundation.org/ > > Cc: stable@vger.kernel.org # v6.3+ > Fixes: 105ff5339f49 ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC") > Signed-off-by: Aleksa Sarai > --- Reviewed-by: Christian Brauner