From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AF4EC04FFE for ; Tue, 14 May 2024 23:02:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C65118D0052; Tue, 14 May 2024 19:02:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C14A08D004F; Tue, 14 May 2024 19:02:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B03AF8D0052; Tue, 14 May 2024 19:02:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 92BE48D004F for ; Tue, 14 May 2024 19:02:00 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 07CA21C113B for ; Tue, 14 May 2024 23:02:00 +0000 (UTC) X-FDA: 82118526000.06.851B186 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf25.hostedemail.com (Postfix) with ESMTP id 495CAA001A for ; Tue, 14 May 2024 23:01:58 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=rffGIS+E; dmarc=none; spf=pass (imf25.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1715727718; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=i3BSUGd/EvJv9WX2i6f3wnp/mH3lpJfaV5GH42xnCmU=; b=MD/PCEb+u/PM/oqLIef8KV96mmMleWuuErrQXFtEL4JSGl3q5hNorKUkvCT9B1rpEwvXE8 1DMEaBGw4dmI2yKRITeVaNNdkGu6Xxv+NDazJtOXOtaY6gZOB1PNhlw6KNI4DPnqFs+cO+ wN/9RVFYBs/C/CkDeVJoX884I22mL3g= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=rffGIS+E; dmarc=none; spf=pass (imf25.hostedemail.com: domain of akpm@linux-foundation.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1715727718; a=rsa-sha256; cv=none; b=4zlRTtUIyOmV8SUdJSAoBYQORz+TNHWSvX4RXe0yrAmGJtMj81LspkTCsiUGpVKx8/Ozkt 4AgCT7+2/4OlWuBCTm8zwMpYg5yEWB66hXMI5/YksdEtZ8zTp7nAbBKnrSR6Fx4ndmn/1f ZBD/cqlGuXqyc/24jx1KiE7RpqEEif8= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 20A95612CE; Tue, 14 May 2024 23:01:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E06DAC2BD10; Tue, 14 May 2024 23:01:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1715727716; bh=ql9IruMwPF3jx//u401rl++FzKZuu5086c7g9sy74LI=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=rffGIS+E3mt0Fj4i8hRGK7jzBkFBu2+Ts1IckYH+2iO2fXNtNyBfKYrztj3owuT+k kqYni2rDFcl3C36xXwrddcU8GIRwb+1suRtTtsCyCLSAhH3qfBTQkP2NqqbRK7wr5S 05wHzwQfae2uVTicAuWCNkfDhPt5c6OFgiLGDU/I= Date: Tue, 14 May 2024 16:01:50 -0700 From: Andrew Morton To: "Theo de Raadt" Cc: Matthew Wilcox , Jonathan Corbet , jeffxu@chromium.org, keescook@chromium.org, jannh@google.com, sroettger@google.com, gregkh@linuxfoundation.org, torvalds@linux-foundation.org, usama.anjum@collabora.com, Liam.Howlett@oracle.com, surenb@google.com, merimus@google.com, rdunlap@infradead.org, jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, dave.hansen@intel.com, linux-hardening@vger.kernel.org Subject: Re: [PATCH v10 0/5] Introduce mseal Message-Id: <20240514160150.3ed0fda8af5cbd2f17c625e6@linux-foundation.org> In-Reply-To: <56001.1715726927@cvs.openbsd.org> References: <20240415163527.626541-1-jeffxu@chromium.org> <20240514104646.e6af4292f19b834777ec1e32@linux-foundation.org> <871q646rea.fsf@meer.lwn.net> <56001.1715726927@cvs.openbsd.org> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 495CAA001A X-Stat-Signature: eh1imrf384kxerj7mzqd1ykd1i681mxi X-Rspam-User: X-Rspamd-Server: rspam11 X-HE-Tag: 1715727718-956407 X-HE-Meta: U2FsdGVkX1/6NpR3t3r27MN649evVh+cVDjT1FopoS7JK2ay+npDE10QXnd40rfncAA8PBBYGHgMr4kwq09KF4usy+xpmxvD9MbO5jkAGep3ENuiavqn42rB+Xvlfa5T4sDhyNKOJIZcrvcuL6g9QyL9Fdw309YlwJ7N7abA+EH1Yjn3eWQ8cMUQMj3LqcEtirYK1qlUrEr1UjUldI5U7+xpAZ+ZYgdA+iPGMeOlIwa+vknnqdSQVx1KgVCSrYUKmv4OOFfP1UgF403aQmHC0VsfLCHfbeKi0lLepg+mLUcYYvMd3zGuegFbRNFf+5WBBqzMFtBQF8a71FtIl1zlac3re3YQYehgzbIdP6bnGCUEmTUFj9hp7CJQ4l6UAX0dSU0dY+XK8nXBVa84FaFaCYyO6fo7v9Ffqxk+hD1VROgpMpHoAdq6uRccTIt5b442YgQE3WOWmEADVgIckW1+iJB0hWapOTs6esQH2fNI3bDlN1OgJtbmNNpwHfapphldBEZSXXnujOGOKkq73f4KP8QVrofFoOpiQdIkcmmmJDSPrMfA0HCbAk0UNdRoxr3daJGEOyxsunlq7kcw8FQEPfZPH9/Le2l6nOCK0JfPzrDUU0BwPbRHSy8d9obdnJIK9rYICehtcvvtYbYhYnbA/ZpYAULjpvLovVAT+hlNvBdNRt72W2c7xsXiGTWcMQSPotlcuJhCyYxK75nChLegziywtjCcrK7ZbFhHmqTCb0pCDbdImxEtsxgRPbP+3L07pyC0VBW5RUknTCfxEN4AZoaecNWGfflHamP3+eFGz4TU6cesRhuDNXdnTDob9NB014fyG7oaX9oz6Y3zsF+Vc1D+wo7A079LdsA7a1g9n4sZK3jyCme4z4dSDXuMhwK7kyPTEANX4veSKWoR+cBjQTfpNzaSxfs7nl+W415yiuj3XLwhclX0COA5JJvDa9QWNhTpClSERBHcsAwoSFF poh8D6WU cCu8xRRUlUwmZFtSCvhi+DJohJh+In1RHZ4+0zV2dSRj0MXtGQOh/5u5/rKxljZfivNSp4LmgoF6DD1o2cJ3wAUgrphOAK/UL273t0+zSHqLYuuW4gIdF6QvhCP20Cf2TwVdoqSOc/47AdfVxF0hTqB8ifjTJU0O3pu0GUWHFrz/WkQEINsfuYunq3RrIEqm1Gx4wTfMi2emBPI5VxSIzcfaxuc61lXHNzcLBA4Q9sLUln1FR0xky0dvEvGjOvghBl4wNKrZW4SXIlM6CuG3XgjFP4iIi4nka7lEqjGR6jQ+Ci6pzN5mTCbKhEv2KZHgX9SqZaOBquILAgsBsY83kfiMdRUqvLwcXXdbfexFyY1bcl107Aipk60FGGJPhu76aWgKEb0FoofrHyYXg+GH3uIuOcyZ0EUG8LilFV/rzmBshpC8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 14 May 2024 16:48:47 -0600 "Theo de Raadt" wrote: > Matthew Wilcox wrote: > > > > Not taking a position on merging, but I have to ask: are we convinced at > > > this point that mseal() isn't a chrome-only system call? Did we ever > > > see the glibc patches that were promised? > > > > I think _this_ version of mseal() is OpenBSD's mimmutable() with a > > basically unused extra 'flags' argument. As such, we have an existance > > proof that it's useful beyond Chrome. > > Yes, it is close enough. > > > I think Liam still had concerns around the > > walk-the-vmas-twice-to-error-out-early part of the implementation? > > Although we can always fix the implementation later; changing the API > > is hard. > > Yes I am a bit worried about the point Liam brings up -- we've discussed > it privately at length. Matthew, to keep it short I have a different > viewpoint: > > Some of the Linux m* system calls have non-conforming, partial-work-then-return-error > behaviour. I cannot find anything like this in any system call in any other > operating system, and I believe there is a defacto rule against doing this, and > Linux has an optimization which violating this, and I think it could be fixed > with fairly minor expense, and can't imagine it affecting a single application. Thanks. > I worry that the non-atomicity will one day be used by an attacker. How might an attacker exploit this?