From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E1C94C83F2C for ; Mon, 4 Sep 2023 07:09:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 869ED8E001E; Mon, 4 Sep 2023 03:09:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 818A98E001C; Mon, 4 Sep 2023 03:09:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6E11D8E001E; Mon, 4 Sep 2023 03:09:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 5D41B8E001C for ; Mon, 4 Sep 2023 03:09:31 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 089FA4058B for ; Mon, 4 Sep 2023 07:09:31 +0000 (UTC) X-FDA: 81198039342.15.03A03FE Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151]) by imf20.hostedemail.com (Postfix) with ESMTP id 129A91C001A for ; Mon, 4 Sep 2023 07:09:27 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=cyphar.com header.s=MBO0001 header.b=LDCQEZVL; spf=pass (imf20.hostedemail.com: domain of cyphar@cyphar.com designates 80.241.56.151 as permitted sender) smtp.mailfrom=cyphar@cyphar.com; dmarc=pass (policy=reject) header.from=cyphar.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1693811368; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cq7qOZE8xlGiGZJPTa8yzpYZ1oFjZWMPNorQyVEd/Xg=; b=RxgJ4mUhZFEuBWJ0igZzz61DajIZGIJ2rbii5dQRamEd9u/mXgS/U9e9evVY/+VosOiaNJ /x7e+6c3fz5iGYi5ERT+lbyrBT9SBSR/ggIsXzJCvpFrOe0GKUY0fzQibvsF8O6N7I7cXD xmcVJA5CgN2P0SxgC11UlN0hzE12sxE= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=cyphar.com header.s=MBO0001 header.b=LDCQEZVL; spf=pass (imf20.hostedemail.com: domain of cyphar@cyphar.com designates 80.241.56.151 as permitted sender) smtp.mailfrom=cyphar@cyphar.com; dmarc=pass (policy=reject) header.from=cyphar.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1693811368; a=rsa-sha256; cv=none; b=Nu6v3dhT59gfOxvSdRsrzWBnuHSXQhj7YjpKTjBusDYoC3TU041z7QHDAAaby+uw2W1WWa KgxRdEPkWb7bTBfzdg2nCNk6SM1Ou5hlmwd/yxOaIR0gv9mfrxwEU8vQQQ3GsgsXYgpIX+ e/t5kDC/VDeM2lNc95CmkRkK3kGZEZk= Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4RfKWQ2KsXz9sT0; Mon, 4 Sep 2023 09:09:22 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1693811362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=cq7qOZE8xlGiGZJPTa8yzpYZ1oFjZWMPNorQyVEd/Xg=; b=LDCQEZVL0xpuZmPp1oz1O/PrYOZ21hPWBxqRc4Q6Au/AfG71IKLuV1NhN635Elh/nQTX7j zjLu379c2FzrJtB2pxXNxRqBWW9LVFKSHx4zPU9MnrZGVWwxTkinJ/Kkmny3h+JOVmOmlZ 11iYEFzePn1nolFhGHj76p853EtiII8ssmRyg0UtozDlf1qScHpkYqfuxiUXKYitkKyga+ TZ73c4jLGPrdgFtMFlbQzJVGd1Iid7kHBh9wY8gg4R6oT1G1urbcf9D9SL5zw7pWFC+D0b +HyFq7Y5NdknCZrbt1yM0qHEQH4oQmxIfBOt/V2NiDICipNOhLVfcGrZCWAxZg== Date: Mon, 4 Sep 2023 17:09:09 +1000 From: Aleksa Sarai To: Andrew Morton Cc: Damian Tometzki , Shuah Khan , Jeff Xu , Kees Cook , Daniel Verkamp , Christian Brauner , Dominique Martinet , stable@vger.kernel.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH v2 3/5] memfd: improve userspace warnings for missing exec-related flags Message-ID: <20230904.070506-tidy.dividend.mousy.flasks-BFYX3RqFch3q@cyphar.com> References: <20230814-memfd-vm-noexec-uapi-fixes-v2-0-7ff9e3e10ba6@cyphar.com> <20230814-memfd-vm-noexec-uapi-fixes-v2-3-7ff9e3e10ba6@cyphar.com> <20230902155850.ca1d32c16862cbe54ebd36ef@linux-foundation.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="nnx76nxb2yfdk3in" Content-Disposition: inline In-Reply-To: <20230902155850.ca1d32c16862cbe54ebd36ef@linux-foundation.org> X-Rspamd-Queue-Id: 129A91C001A X-Rspam-User: X-Stat-Signature: jx8yiow3oi3s6af1ywmhpj558ahfs1ts X-Rspamd-Server: rspam01 X-HE-Tag: 1693811367-368055 X-HE-Meta: U2FsdGVkX1+hT5j10JB47hxYkJA+/mlsqnc9t3f+BFzi4fQ9/Na64BYAciKv3kxgQ8NJWMQVGUGUlE7BHUsbEb9XbPo0qd9QcgQla5bM06+RxFhbyi/xGjL5372O4TDxQ2zBB80gZs9wcqgau7QxaxKiUJyAbC1VQw1sYIoszL5ltZ8/6LuYO6A0G23WUkm1DFj95Tp/5pj6RIh0Xoq+dPs3vekIDN5dqqlpUrNnS9LA9oVhGOyfqMg5Ma037lDyE8uyuLfW2zAOlTPH2hdRtfN8yaoRMc/NlMTpon0jXtz8StHlCapbFU9t+nZO63mse89sut4nHjY/+cbHydZCwZSeGqUfrRM6YVAm9+gLRDS+EANu4KNum8atTt+IxRFXJ3fWKJDb5/qkulo4sHiJ84n0nBhuaOH6YHZRs5ti0bHamcqZkRkzgghlWitoUKZrEXDqzJIDJSOxVkCPzV0rnWRJhSpgJxAajdHqnXGSEV/2QqLrJgahviM5iVt3pvj0KUmGr+RnQrQqR80fOexbTogfI0lG3Po7T9SPAE2KqmkHBaiSYeG2/pAMZzb4KSNktd1qWvCVzP1CHmUX3Tr9KDYg9wdPDHIWQjM1QPEFtM2EKhyfvjCUutcOTKBtz0+CkSQw+t8GGwQpDbBHpilkVwqB181/0xL2DwsVhj7QHhtwVjNHF1BflEb369QcHUrkklmG3bX89vlHe4ad9Iav2UFs3cEFd7789vMKXOp793DKFuCosha53EBiXcvp1fs9q1H3mszWbhBicF3WaHcjWGWPXzuZ/drwVW0rheVXnyC4ItoMHqycVW0/8EJ7EntHMVkQIV5yl/2T+wHFfQVTZicfHouq8edK/oo0gEV7pH/TEY04M2IVHPo2Vl/u+/eLGRgMbNNiNMGXXpAT0HLLP/KPEisZgw9JlRUFebGon9YknGZcd2BoJ5C8V7EfNSItJDfDFf5/5g6eoOEvn3U nCnfsb+f 6vNlpoaIjFYaY9txlFwXfvdYcjhgvEtLFLa8+vCM1j9CdN5Tpz1HV5+cqt/SNUVA/7+X8jlUw9Y0XPlfHjHqPBUhSUITmbwpfVhXFf1au6gKJAmLWPItUyUYzOH5uHXcHqvdXatUokHaFjB+5UNHCdM5qSVxZdRIsp8HUBzJayRZ1uKnl3oaF7rOqGM4ucmnFjYQ4lSS92sC+MKzsyq41GzouiKpeFT+4zf5LQ9Z5AQ9XOankX8NkSs2v8BqpXkd4hZGMQ2JVB4BEfAWNl6Kv5ldctaHLD7nid620haUrN9SoJcVrgZkn1E4hPYr2tZrFveGRWAoV2rUnbrqcbT6xgWIQ/vwDfXFEoI1z4cCEEMVrH111kJNxjuE8HIZ1iEsJRB4IroBptvTd51RZYSi+D3DQQMLu+K7kChg16lb++xL5qtirPsAiYDu3y4Gw4UMXxO0M X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: --nnx76nxb2yfdk3in Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2023-09-02, Andrew Morton wrote: > On Fri, 1 Sep 2023 07:13:45 +0200 Damian Tometzki wrote: >=20 > > > if (!(flags & (MFD_EXEC | MFD_NOEXEC_SEAL))) { > > > - pr_warn_once( > > > + pr_info_ratelimited( > > > "%s[%d]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEA= L set\n", > > > current->comm, task_pid_nr(current)); > > > } > > >=20 > > > --=20 > > > 2.41.0 > > > > > Hello Sarai, > >=20 > > i got a lot of messages in dmesg with this. DMESG is unuseable with > > this.=20 > > [ 1390.349462] __do_sys_memfd_create: 5 callbacks suppressed > > [ 1390.349468] pipewire-pulse[2930]: memfd_create() called without MFD_= EXEC or MFD_NOEXEC_SEAL set > > [ 1390.350106] pipewire[2712]: memfd_create() called without MFD_EXEC o= r MFD_NOEXEC_SEAL set >=20 > OK, thanks, I'll revert this. Spamming everyone even harder isn't a > good way to get developers to fix their stuff. Sorry, I'm on vacation. I will send a follow-up patch to remove this logging entirely -- if we can't do rate-limited logging then logging a single message effectively at boot time makes no sense. I had hoped that this wouldn't be too much (given there is a fair amount of INFO-level spam in the kernel log) but I guess the default ratelimit (5Hz) is too liberal. Perhaps we can re-consider adding some logging in the future, when more programs have migrated. The only other "reasonable" way to reduce the logging would be to add something to task_struct so we only log once per task, but obviously that's massively overkill. (FWIW, I don't think the logging was ever necessary. There's nothing wrong with running an older program that doesn't pass the flags.) --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --nnx76nxb2yfdk3in Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQS2TklVsp+j1GPyqQYol/rSt+lEbwUCZPWCkAAKCRAol/rSt+lE b5gWAP4/tAjH570jwrKkdsMIvm/7W9rAOvo1QLnJCd9r8MsX7QD9GDs3+9jWfNMB lIppOxMkHE1/QyB4f/KzZwzay2OayQQ= =/tpV -----END PGP SIGNATURE----- --nnx76nxb2yfdk3in--