From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C7262EB8FB8 for ; Wed, 6 Sep 2023 06:59:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4DEFB280001; Wed, 6 Sep 2023 02:59:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 467F08E0014; Wed, 6 Sep 2023 02:59:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 308F3280001; Wed, 6 Sep 2023 02:59:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 1CA0A8E0014 for ; Wed, 6 Sep 2023 02:59:03 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id DA6861CA94B for ; Wed, 6 Sep 2023 06:59:02 +0000 (UTC) X-FDA: 81205270524.06.70D72B6 Received: from mout-p-102.mailbox.org (mout-p-102.mailbox.org [80.241.56.152]) by imf01.hostedemail.com (Postfix) with ESMTP id E3C8E40009 for ; Wed, 6 Sep 2023 06:59:00 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=cyphar.com header.s=MBO0001 header.b=Cm+cT88E; dmarc=pass (policy=reject) header.from=cyphar.com; spf=pass (imf01.hostedemail.com: domain of cyphar@cyphar.com designates 80.241.56.152 as permitted sender) smtp.mailfrom=cyphar@cyphar.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1693983541; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=1lz6+CXqF6RhCxLhQ2DodKkhJHTcqk+cQ3N3hpcv2oo=; b=DMFxgFvw9mP6mOo45oKzVtciuQR4IhXkVlMF2W1ZLBqODuDqqLuZt7cgB9TNAUonFsjCC5 +xFwh1WMXiFgeV7eAMeXWh4MB5kGoZ5HVwS/uezbrZYL0aTqazkb/+Jv9XtSk0sP7/ZYtg TfHXRJ3S4xvYeBG3+E1o8TiYwlm9JHc= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=cyphar.com header.s=MBO0001 header.b=Cm+cT88E; dmarc=pass (policy=reject) header.from=cyphar.com; spf=pass (imf01.hostedemail.com: domain of cyphar@cyphar.com designates 80.241.56.152 as permitted sender) smtp.mailfrom=cyphar@cyphar.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1693983541; a=rsa-sha256; cv=none; b=sPXboN9pyMzsjH3TZ6U1M0sPxAAs89ZVfEtzOBWOw9kmUyPhjmdXAsMzZIgbK+JR18HT2n UoW5v/WfwlZ8+WoHKTax4kxRLqaA25O6m1NCEuAW8Dm4wEBPGJOaSwWwdCthPqnP8MJ+Sh fW0DyyNqWrWRXRhvVxlHhdW+cRc4aXM= Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-102.mailbox.org (Postfix) with ESMTPS id 4RgYBR0RCrz9smb; Wed, 6 Sep 2023 08:58:55 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cyphar.com; s=MBO0001; t=1693983535; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=1lz6+CXqF6RhCxLhQ2DodKkhJHTcqk+cQ3N3hpcv2oo=; b=Cm+cT88EG4Z0nesXjvY9TFASC8fOhh9mxtsTvMTKU2yFkffEV23PtCZ1QyXg5FiUncHGQo Pc+jyU3IIBuNNTaDw2NGRqTOA1g4ph+Ub4fd0f4cZrHP91OopAjIBDzpGTv/s4ieWI6ibZ dwkOGfB1QssKaxrOnys3WIp+8gWp0zw7ibfscf618N/CpUX2RAkgjUR/UpBtGvdYtNSwP1 IQiNri2PxRDjSHhUajgZL9NHtp8xwhjvBKX6bAIwYRn0GHJaTT/9CK4R6ulFeC0Ea92/DV vFZx+EZedWpdXrJQ3Ty8EDK3RQ4R+0LQoYY09xTfFU5C2jhzw9F/KQ/r8MmIZw== Date: Wed, 6 Sep 2023 16:58:41 +1000 From: Aleksa Sarai To: Florian Weimer Cc: Andrew Morton , Damian Tometzki , Shuah Khan , Jeff Xu , Kees Cook , Daniel Verkamp , Christian Brauner , Dominique Martinet , stable@vger.kernel.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Subject: Re: [PATCH v2 3/5] memfd: improve userspace warnings for missing exec-related flags Message-ID: <20230906.065211-swollen.overhaul.chosen.plan-vGnGFFTg39x8@cyphar.com> References: <20230814-memfd-vm-noexec-uapi-fixes-v2-0-7ff9e3e10ba6@cyphar.com> <20230814-memfd-vm-noexec-uapi-fixes-v2-3-7ff9e3e10ba6@cyphar.com> <20230902155850.ca1d32c16862cbe54ebd36ef@linux-foundation.org> <8734zs7ft6.fsf@oldenburg.str.redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="p4ovhxzm5vwe74mz" Content-Disposition: inline In-Reply-To: <8734zs7ft6.fsf@oldenburg.str.redhat.com> X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: E3C8E40009 X-Stat-Signature: du1m3it139hbmuinoxs3pie3z56hrus3 X-Rspam-User: X-HE-Tag: 1693983540-149548 X-HE-Meta: U2FsdGVkX1/HytvvZ12PDdtK1ZG+VfXyr+/ekk90M25NYvKYPFjvy0Uahk0JJLkwh9P8r9LQjwYuP6pU+tHQac66IhdY63y8Ufn1eHVG4MeS5oYLbU5EknuEAMzDsSnkURw4S600I4NwfYAlj+MUpuGdZhkKZYNxsTF9jxO73yhXEDLMb61svErzLGEyEi8U1JvsCJSDsAc3wR14IXlLdSoa5yPFQzRCxKlQ738ZW083cUV/S0QJL8KCAzhoka6PmWUL3Pewo0Vyuyw59D8yXCIP4++VsM/Dcp+AY8KcLtuZ6O9W13wzx9yi21ToO/v3jRSDyrWhyE1doHe3b3f0A7vKJNHo2C//BkcFv5zEeNj6/sfHiZAIezxvw+22L7iPGZAEYs1ZlUMEugA4eh/jxvqXMqKv1EJK19ceOrp6b1tVlpzZeLOxdEHRDIYHbfOhCBXyag6AkAyL8t4S59tta8xcU6kMnKDbrXpiGdxwhGdYseBFHS0yC2l3bCLu/bu47o9ke49ALKszYoXa3MrQiDOwFowJ7Somiedb2okuqXmN7W+Jaw0zpP/QzvEyd8Hq8GUeaNVCnnAjmUFIq9YFasTrZl9EgJz5pujrPxh5vD0Ho+ZKuRiL8tWIyvEmO70mN71ndPxH+he3XSJ/cSoFeEo68qcKbh2u0d7pq/2X+LED4wBciEgVP8iU4AIwYzpqqBsX3wIpHKEPTNDj/JIVdHw9DkdGnXaxpO6CFUlSWuS+Jsg6eOORk7gbQaVUzQnp2MLx62j0Tczoj9UjLw67LONXljvxF+tovYB2M1KlLY2hJO+/CfNOhfrPMOvtl58Efr8sCSlmuO4NxtQcFbm8nqL7CLUe5KNofaYmd8APpq9VHoOxSv8G4VnjtMNmse7aE9ZThlaT09AyAUuuxP/JD/eB7jSR0EqZgyHoF1XNt93K8UjQW87AglLHPTN8nX22VBxWRXzlJhqfpmeicey aSJ54Xaf 6Gsbnx46kc6lvhmhB/r9miCvk68zcl4h2Vwp41AP2+MakX0W5Do6yzci5gQvWoWHdrROmJbuZJDDsmQoTZPU6Ki4junYmtBQAxNVzshlimH6LiSv44hTOmo/1XxCKhDoQQ6uuD4SSwtcqlxWL+Z/CbV1zABL+3esyYDpvOIErjfVsIaF/6gUnT8A1/+2GqJwjdaCJlgLFV1vdTonDtGDaj0EvxoOEb0hGQudnanbW/ePxlUYobTz/GtBfiXCa7LBCGfHl7fRh+c/xDKaMHkz6VJaUcMWcA6/PSPczR8I8k/eampIy/6zxsIw2MvLWd6i61wWShZz+mfx1PpE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: --p4ovhxzm5vwe74mz Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2023-09-05, Florian Weimer wrote: > * Andrew Morton: >=20 > > OK, thanks, I'll revert this. Spamming everyone even harder isn't a > > good way to get developers to fix their stuff. >=20 > Is this really buggy userspace? Are future kernels going to require > some of these flags? >=20 > That's going to break lots of applications which use memfd_create to > enable run-time code generation on locked-down systems because it looked > like a stable interface (=E2=80=9Cdon't break userspace=E2=80=9D and all = that). There is no userspace breakage with the current behaviour and obviously actually requiring these flags to be passed by default would be a pretty clear userspace breakage and would never be merged. The original intention (as far as I can tell -- the logging behaviour came from the original patchset) was to try to incentivise userspace to start passing the flags so that if distributions decide to set vm.memfd_noexec=3D1 as a default setting you won't end up with programs that _need_ executable memfds (such as container runtimes) crashing unexpectedly. I also suspect there was an aspect of "well, userspace *should* be passing these flags after we've introduced them". I'm sending a patch to just remove this part of the logging because I don't think it makes sense if you can't rate-limit it sanely, and there's probably an argument to be made that it doesn't make sense at all (at least for the default vm.memfd_noexec=3D0 setting). --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --p4ovhxzm5vwe74mz Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYKAB0WIQS2TklVsp+j1GPyqQYol/rSt+lEbwUCZPgjIAAKCRAol/rSt+lE b5/UAQDCyFuY5msfiPZGUSZKAqpdH2GRgP4/CT96FkXDXHqqfAD+MNiAGlVwvkBz ZhGBQ1/LdsJ7BX4XVg53xl7uk1PfpAA= =g5sd -----END PGP SIGNATURE----- --p4ovhxzm5vwe74mz--