From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2AC21C021BB
	for <linux-mm@archiver.kernel.org>; Mon, 24 Feb 2025 19:26:31 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 9D29228000C; Mon, 24 Feb 2025 14:26:30 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 9829E28000A; Mon, 24 Feb 2025 14:26:30 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 84AA728000C; Mon, 24 Feb 2025 14:26:30 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id 45CB128000A
	for <linux-mm@kvack.org>; Mon, 24 Feb 2025 14:26:30 -0500 (EST)
Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id B1042121BB9
	for <linux-mm@kvack.org>; Mon, 24 Feb 2025 19:26:29 +0000 (UTC)
X-FDA: 83155819698.01.8130E33
Received: from tor.source.kernel.org (tor.source.kernel.org [172.105.4.254])
	by imf22.hostedemail.com (Postfix) with ESMTP id B6568C0016
	for <linux-mm@kvack.org>; Mon, 24 Feb 2025 19:26:27 +0000 (UTC)
Authentication-Results: imf22.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=Oz0Rl+93;
	spf=pass (imf22.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1740425187;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=5yqpfaf+d9ufZpCUX0rQyRA9skwozVHLuBCqgu1hkzM=;
	b=PG9dAtLhTsK/VWYQq41LRiNvre2LjQVKRJXmQQl39//U5a88l3ZrRC2zqdLcxaRfja2php
	Ibkxrdf4Vr8j69IbjEsMHLnZwNDtxjSaHN5+fkrQDmjpUF2PV4GG5cM1S/x6bCYFbyhDT8
	HglGvyhRrbZnsKrFu4tL0Qr98NU2n7w=
ARC-Authentication-Results: i=1;
	imf22.hostedemail.com;
	dkim=pass header.d=kernel.org header.s=k20201202 header.b=Oz0Rl+93;
	spf=pass (imf22.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org;
	dmarc=pass (policy=quarantine) header.from=kernel.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740425187; a=rsa-sha256;
	cv=none;
	b=POajEnooLxMZTOMQQ6SCM8NTclJFEvHhY3jL0FAGICakxVo8sQ9G73D1VLtwfmZOqUaFcB
	3Hk/vfIlUe0Tx/6hzAKg6NWZi1Df9Ao4fGw7SN/zypSMh+df/Llbr1G7gqjBhu2shAlYvy
	C6aT4K9drIIVeENPbzTg3Y/3vgDBlVQ=
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by tor.source.kernel.org (Postfix) with ESMTP id 292AE611EE;
	Mon, 24 Feb 2025 19:26:21 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id B15E6C4CED6;
	Mon, 24 Feb 2025 19:26:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1740425186;
	bh=3FT9s1t6iJB4QohyR9vPRCV6YPVdGd4Yaqn2jw8n9ss=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=Oz0Rl+93ss0qSQdiDaK8lNcvvfq3+OmN1KTMEiHko1yuF96EIMp6UQCqFBHrWVYn4
	 RcDQOWXO37K4zyNxLHYdFWIDDlD08TPlZ/XH1EwXc9XxgTRXrt10/P8hUMzsEavydl
	 VYWt9XTv0uLtek0ozimYehbWUlpjdApwAyhp6Kc1aAhgEUPT2LV38pP/F+Eb4g8TEC
	 OYEjLQ7VgaXzvC0a2Cn/R2qnuTAIDwnrTccHtQMVDZB3TYP/Vt0DBrcYk2Jmz6+TQx
	 Tw+jE8421EuyzsEkmMjvk4PB33YJSWQRztCaL27/NP85XbOTEoyAfY7A4AnRgDMh5L
	 GANp+jV5WhznA==
Date: Mon, 24 Feb 2025 11:26:22 -0800
From: Kees Cook <kees@kernel.org>
To: "Liam R. Howlett" <Liam.Howlett@oracle.com>,
	Dave Hansen <dave.hansen@intel.com>, Jeff Xu <jeffxu@chromium.org>,
	akpm@linux-foundation.org, jannh@google.com,
	torvalds@linux-foundation.org, vbabka@suse.cz,
	lorenzo.stoakes@oracle.com, adhemerval.zanella@linaro.org,
	oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net,
	linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
	linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com,
	hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de,
	adobriyan@gmail.com, johannes@sipsolutions.net,
	pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org,
	anna-maria@linutronix.de, mark.rutland@arm.com,
	linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de,
	rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com,
	f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com,
	mingo@kernel.org, ardb@kernel.org, mhocko@suse.com,
	42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com,
	enh@google.com, rientjes@google.com, groeck@chromium.org,
	mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com,
	mike.rapoport@gmail.com
Subject: Re: [PATCH v6 1/7] mseal, system mappings: kernel config and header
 change
Message-ID: <202502241125.75EF4FC783@keescook>
References: <20250224174513.3600914-1-jeffxu@google.com>
 <20250224174513.3600914-2-jeffxu@google.com>
 <443992d7-f694-4e46-b120-545350a5d598@intel.com>
 <CABi2SkVKhjShryG0K-NSjjBvGs0UOVsY-6MQVOuQCkfuph5K8Q@mail.gmail.com>
 <385e1498-2444-4a7a-a1b0-0013b0b8fd68@intel.com>
 <202502241053.1FF33D5B0@keescook>
 <lvzy3x2tv4uskn7dmatdqwqhhs4xv4vumk5f46thunndxqro6q@egremlepcgo7>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <lvzy3x2tv4uskn7dmatdqwqhhs4xv4vumk5f46thunndxqro6q@egremlepcgo7>
X-Rspam-User: 
X-Stat-Signature: mayg4usomuetqc3gzos7ta67ojhrb5d3
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: B6568C0016
X-HE-Tag: 1740425187-296328
X-HE-Meta: U2FsdGVkX18ooO9jJEcULfKvQfYPYj8fQ7nEkkTj5qg53qvLqqZCoNaopoYyu5ht3HguA8ydhQ8l16hYfYZJEcIDOdnxpWlCFF2HjmiXrmTgOiwRetEPwtdTaEdUknpM1gyqEH3WbRYyCTMPIJoF4RN+0eF0wv/zJf5td1qRQDTIYObTU6IAkB3HNJDXsCEz+Cw0qJ3UyPoMCLNgeY/nOqfDyfyKURJzg2Y0hmVy8cfd5BRSVF7sqz01Kv9m+R3oskdpAhUj/PtTiqVxCxHPq2hzX4HHI0dL/AqreZfS2IESUkA9aP5vddgUdRtNF3Vj4q70SHYWhXJScTBa9nnkgrEhYlPDLbKwh4HK6p60IOJOwLL7/MInflOtLCnnRx1I0b0FZtBDLr36xaHZGHHaiJ/KG7crPjN0gqoCEvXVGIpcBnJcV5BknzgQdSO3dWOJpe9FraqgVcHGj7y8UaLughu1bGNEAq+Gg9ebZpgifhOFtj3XAW8tN3EeJ8+9EDo+GOMd5u/Tj059GnJi7jmagWTAJYY1qjLmpq1dLytcHPv3SIZ6a9+PYVBnGNVvli4J+FsaJsw/njTNEe+vgifZME22J09GAubvx2jic4uvwCOxPsZUeTETLTm4aDyupjIcbi33xRZRKsZbuj8rF5MKNAlOuxIjs1iSI9L9xIdxxuAAC0MR2X1YLh26HFJWcQbIsQhHueC5iSPku/Q0b9RTtcMqV9Cvsc3LV2svUpwCjOOSqsQvQf78kv4jv5ReAJ1SJUJvTBvFXH8Au7n0vbQzlrl9hdhUch2CpoxE7QdSI3c6ffLDPNG+Z0sQO2/Wll3UXF3k1MP3Ts7/FOfl6jD92tfj63M0ilbbJg4fkTMP4CKhWOVSmu8WWHvHuDqoRHbGRlAdLeXIXUF/SYZeixAuOdkMNatec+eVgRDUIHS4qjRS5lhfzJubCJ5IyExAf9uv9Lh2GJWRBDIVegGySct
 1KV/Fy2Z
 wksZ6v617EJ5lpkwS+Rm4C8GHcaq8w5HOj6EZdJL9L+H1rA2k2p+iSc+LeJvXWn+cKz+S2+cDzFt4ka44r+6Q/muc0dmh6s9xavFSDD7YY+XyF1FYqrehhJYlwkTL7qryFyrs/GWRjepo7NO2u+CToJkR7UgAloSs95ls1TT1dsphsSl/YexcaBa5fsQ8o9xRyjwjjvzSF8u9s32ttx9oTlqI4fpxcAy23GzIYJlXCq6cQjUP3h5I112RtopNbKwz4ojLS8TVvd4EpmTwXMG4DXh8EGRoc59EtpL7IB7OWpNSDuyF349+TnoZfyOS5d0QCULkcDlZu/GUEwvGWxihzBQIhK2lYo/N790J
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Mon, Feb 24, 2025 at 02:10:58PM -0500, Liam R. Howlett wrote:
> * Kees Cook <kees@kernel.org> [250224 13:55]:
> > On Mon, Feb 24, 2025 at 10:52:13AM -0800, Dave Hansen wrote:
> > > On 2/24/25 10:44, Jeff Xu wrote:
> > > > For example:
> > > > Consider the case below in src/third_party/kernel/v6.6/fs/proc/task_mmu.c,
> > > > 
> > > > #ifdef CONFIG_64BIT
> > > > [ilog2(VM_SEALED)] = "sl",
> > > > #endif
> > > > 
> > > > Redefining VM_SEALED  to VM_NONE for 32 bit won't detect the problem
> > > > in case that  "#ifdef CONFIG_64BIT" line is missing.
> > > > 
> > > > Please note, this has been like this since the first version of
> > > > mseal() RFC patch, and I prefer to keep it this way.
> > > 
> > > That logic is reasonable. But it's different from the _vast_ majority of
> > > other flags.
> > > 
> > > So what justifies VM_SEALED being so different? It's leading to pretty
> > > objectively ugly code in this series.
> > 
> > Note that VM_SEALED is the "is this VMA sealed?" bit itself. The define
> > for "should we perform system mapping sealing?" is intentionally separate
> > here, so that it can be Kconfig and per-arch toggled, etc.
> > 
> 
> Considering Dave is the second person that did not find the huge commit
> message helpful, can we please limit the commit message to be about the
> actual code and not the entire series?
> 
> I thought we said that it was worth while making this change in v5?

Right, please minimize patch #1's commit log to just what it is doing,
etc, and leave the rest of the rationale in the 0/N cover letter.

-- 
Kees Cook