From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 85557C02185 for ; Fri, 17 Jan 2025 10:14:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 18608280015; Fri, 17 Jan 2025 05:14:57 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 10FFE280001; Fri, 17 Jan 2025 05:14:57 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EA27B280015; Fri, 17 Jan 2025 05:14:56 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id C8E99280001 for ; Fri, 17 Jan 2025 05:14:56 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 86CB646753 for ; Fri, 17 Jan 2025 10:14:56 +0000 (UTC) X-FDA: 83016535392.19.41F06A0 Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by imf08.hostedemail.com (Postfix) with ESMTP id 4F6E4160020 for ; Fri, 17 Jan 2025 10:14:54 +0000 (UTC) Authentication-Results: imf08.hostedemail.com; dkim=pass header.d=ibm.com header.s=pp1 header.b=qKOeGeGb; spf=pass (imf08.hostedemail.com: domain of hca@linux.ibm.com designates 148.163.158.5 as permitted sender) smtp.mailfrom=hca@linux.ibm.com; dmarc=pass (policy=none) header.from=ibm.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1737108894; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=YMl2uammyGUZkli6LdYmcx3aBVbe0lXDhS5waMtFoDg=; b=53RaMv8mk/XRFRFVsKFy16XZDS0e0psE8OQ5Rl5dc9HZay6MLbtQovo1+CoN1jqpBoPRHx lHfDVZHVmIEGyb8NcVcT8w3A0n4i7Tp5Be/NjutoI0ubEqRjvpP9f0vCAE+6n8LTjnFAJG aLRxcHOiDzW3nLcqQneiRMYB/A30FYA= ARC-Authentication-Results: i=1; imf08.hostedemail.com; dkim=pass header.d=ibm.com header.s=pp1 header.b=qKOeGeGb; spf=pass (imf08.hostedemail.com: domain of hca@linux.ibm.com designates 148.163.158.5 as permitted sender) smtp.mailfrom=hca@linux.ibm.com; dmarc=pass (policy=none) header.from=ibm.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1737108894; a=rsa-sha256; cv=none; b=tt4MWaaJBhcSTL2JCy1cV1QhFPuRYfDE+5hw3SXuWzrTlYAs0xJerToQvyXnSJ1CdBgEsw 31W32g6kO2UpBx6FLKq1aqdDjHe2zzkMJxbDed+gh1CznLY3Tnk3y0KrkED7oO2LSD3hdm y8sSGINnC6QU/LG9CmPhCg/LRti/SKM= Received: from pps.filterd (m0360072.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 50H85Zt6000477; Fri, 17 Jan 2025 10:14:36 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc :content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=pp1; bh=YMl2uammyGUZkli6LdYmcx3aBVbe0l XDhS5waMtFoDg=; b=qKOeGeGbxRzXlPjOVD3g8SuBuS3JX1t//g2Nq+wV/9Y0NM wVWEoBhc2GwulXrMvRpXoU9hoiiee+gk/MlSemaLuDWQSPh24YPIFqSNh+gmvUq+ zrmzDjWdVYIXNmkt6H95GtwEVMBgnab3cXCO7guUhzv/4QBcuzgXMOpSpzV9brtg WGjoMMO+yskRkWzQjuUNg4bbpIYx1MItXyvbD5IBF06RGCsCsfkRhOg7v0eI1Le+ Fy+Uxxmcd81rVVgrmG0RyEofGhQOaHNh1xUyhWN+F9eEF6k74RrSH/gReiW9QndZ HTVRbBZlAOs9B5AYZkHMVLzT8vdlBRYDVWPWkdtA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 447kd3gjgc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 17 Jan 2025 10:14:35 +0000 (GMT) Received: from m0360072.ppops.net (m0360072.ppops.net [127.0.0.1]) by pps.reinject (8.18.0.8/8.18.0.8) with ESMTP id 50HA1aNF004031; Fri, 17 Jan 2025 10:14:35 GMT Received: from ppma13.dal12v.mail.ibm.com (dd.9e.1632.ip4.static.sl-reverse.com [50.22.158.221]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 447kd3gjg8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 17 Jan 2025 10:14:35 +0000 (GMT) Received: from pps.filterd (ppma13.dal12v.mail.ibm.com [127.0.0.1]) by ppma13.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id 50H7LdD5001110; Fri, 17 Jan 2025 10:14:34 GMT Received: from smtprelay07.fra02v.mail.ibm.com ([9.218.2.229]) by ppma13.dal12v.mail.ibm.com (PPS) with ESMTPS id 44456ka5hv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 17 Jan 2025 10:14:34 +0000 Received: from smtpav06.fra02v.mail.ibm.com (smtpav06.fra02v.mail.ibm.com [10.20.54.105]) by smtprelay07.fra02v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 50HAEWqj55837154 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 17 Jan 2025 10:14:32 GMT Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 3D5DA201E1; Fri, 17 Jan 2025 10:14:32 +0000 (GMT) Received: from smtpav06.fra02v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EC236201E0; Fri, 17 Jan 2025 10:14:29 +0000 (GMT) Received: from osiris (unknown [9.171.15.37]) by smtpav06.fra02v.mail.ibm.com (Postfix) with ESMTPS; Fri, 17 Jan 2025 10:14:29 +0000 (GMT) Date: Fri, 17 Jan 2025 11:14:28 +0100 From: Heiko Carstens To: Kees Cook Cc: Christoph Hellwig , Lorenzo Stoakes , Jeff Xu , akpm@linux-foundation.org, jannh@google.com, torvalds@linux-foundation.org, adhemerval.zanella@linaro.org, oleg@redhat.com, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, ojeda@kernel.org, adobriyan@gmail.com, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, Liam.Howlett@oracle.com, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, Vlastimil Babka , Andrei Vagin , Dmitry Safonov <0x7f454c46@gmail.com>, Mike Rapoport , Alexander Mikhalitsyn , Benjamin Berg Subject: Re: [PATCH v4 1/1] exec: seal system mappings Message-ID: <20250117101428.10714-A-hca@linux.ibm.com> References: <20241125202021.3684919-2-jeffxu@google.com> <202412171248.409B10D@keescook> <202501061647.6C8F34CB1A@keescook> <5cf1601b-70c3-45bb-81ef-416d89c415c2@lucifer.local> <202501151538.3E757401@keescook> <20250116052655.GA23894@lst.de> <202501161137.D76EE5CEC@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202501161137.D76EE5CEC@keescook> X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: T7TjX-CnkmH_6KmMNkt-BPQvC-whKsbo X-Proofpoint-GUID: AklqSMAcI8Nb8_dMc2O0gIEz8uWLGDpu X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2025-01-17_04,2025-01-16_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 mlxlogscore=862 priorityscore=1501 malwarescore=0 mlxscore=0 suspectscore=0 bulkscore=0 spamscore=0 impostorscore=0 clxscore=1011 phishscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2411120000 definitions=main-2501170079 X-Rspamd-Queue-Id: 4F6E4160020 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: ejmszu8gjgfgte6ixc74fknuiiwz65io X-HE-Tag: 1737108894-353259 X-HE-Meta: U2FsdGVkX1/mAkiwaCUHfAw+n/MdTcQSZNMV4buS07zU78XWzqij4ABfvH7u9xj5K2acYZh6fMrkiWJ+hZzFiLh+w2Pi2EuCP8AfqtAEbvfpt611ohFmtaJ1HOIf5Udcpdmso26MNOTqWN2zFwEq9WUNEyXadxTOtxXJGnMYJZuYF1dlwJRd+z7AcaohpCmmlZeRslFE6JdAxeX2EgFn4vRXCheb0EYDur/J6dTzrHpovCWyktWuX2QcIsR7hfGDC3bSzJyjxMj0QHrHcOuTepF9ds3L/BBzOcIfugXgJScnB4k4sbu4xk1c2s9e4jH17LFXbzKrRKh/h6vTV2/s25bb/IYbl1MXmzrVwSLe4c8TNGn1FfGSEcT14QfVld1fw4lSuR4TSCpq7F+MaBQJngApk/oPqyNvedg6U+e3h3jEsHTH4T2Q9Qz5WVXPZie1Z8SX/eKLu12HaDwAq9OxISRrKE1PH+0xj4TwIxmJoOl4KHS1hxkauin2wrIkNMKkk9zht4DqA8u7xzZpf3zYje2G4XPjaxifrhsHYMXWTv7tJvAZocQ/H8H8jc2X1quFf5VfRhecRrCpR54J+fKpK+/a8VCxTJVzRszz6Xm/TXWu0avg2U2QTuPKNHHHQaF7BnYspEfaIEo7Kj9S8MXRZB+Y54XW9mHc0crJjOCZdlDYwCVUrE0P6VnoLAQrLVIvbb0IOB1fj7YGUFJDRLbgcVaG51H3r8tJXx26zcrRTpWnUXQ8IrcLr/plKMIt662p2WRgfYu+cK8PmF8C1hdDHI6q2L8gFxsYgm7WGjucjn+6nLqcVkKAA60HVO1nw5c0q5a3XI0NdKSyDZb//S52YyfZ0DcbcmCLKcwag55L7RYtuCUtNht7mXuyXd9ThAqubjmWOjucvr/Yt0rDRBeuboMeIASLDnZh7r9BFRjaU1OnlvtdWzSb6Z6xo4X7VQtcI/4b1Bn4m0RVCPDF+1P YVCNSckW a6QnZmyhOzpzaMXOgnuCv6aDR2TzjAI1mnTWlO+w4GlKR74jwwxVnN9udhGZQhqArinhuT/8rRzILaVz8vmQRdHN6Rryl9yCm0zYwDbA3pR4e+QyXg3pIuZO25/g1JeoZsf0ASlezl3KryaMxCyIQk/GdrOrD2gzDqVo/BXW9mqmy0s98E73dgYUU9hjFXn5DVgjICGK5xFmWa97NZm7bnM3m3114FDeQI4zLkHBtJ0tRGfD2/Lz2m20bSs9aBnl6SSlQ3TguVAbTcHSxHEU+57SqAGqTNCwy5s6WujQgfbi+YuIjycWX+93G0nKuU4OZ/7JwBjbM9OlTq8vFiOERywvZcKoyolOc933S9WlT1pfFaMqbaS0iUobUId1742DLMjAf X-Bogosity: Ham, tests=bogofilter, spamicity=0.000116, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Kees, On Thu, Jan 16, 2025 at 11:40:37AM -0800, Kees Cook wrote: > On Thu, Jan 16, 2025 at 06:26:55AM +0100, Christoph Hellwig wrote: > > On Wed, Jan 15, 2025 at 03:52:23PM -0800, Kees Cook wrote: > > > > You seem to be saying you're pushing an internal feature on upstream and > > > > only care about internal use cases, this is not how upstream works, as > > > > Matthew alludes to. > > > > > > Internal? No. Chrome OS and Android. Linux runs more Android devices > > > than everything else in the world combined -- this is not some random > > > experiment. > > > > All of which are tightly controlled by Google and not actually open > > to users. Which doesn't say they don't matter, but they matter a > > lot less than fetures widely useful to the open not locked down > > userbase of classic Linux. > > I get your point. Though in my proposal it would be available to anyone > without CRIU too, which is, for example, defconfig builds (excepting > s390 and riscv). Just looking from time to time into this discussion, so I didn't follow everything. What makes s390 and riscv special here?