From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69E5EC369DC for ; Mon, 28 Apr 2025 20:29:35 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 844B26B002F; Mon, 28 Apr 2025 16:29:33 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7A2D46B0030; Mon, 28 Apr 2025 16:29:33 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5F4F46B0031; Mon, 28 Apr 2025 16:29:33 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 24EF36B002F for ; Mon, 28 Apr 2025 16:29:33 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 054311214AB for ; Mon, 28 Apr 2025 20:29:33 +0000 (UTC) X-FDA: 83384593068.28.9D9F85E Received: from tor.source.kernel.org (tor.source.kernel.org [172.105.4.254]) by imf22.hostedemail.com (Postfix) with ESMTP id 64CE4C000E for ; Mon, 28 Apr 2025 20:29:32 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Q5eimXIC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1745872172; a=rsa-sha256; cv=none; b=CxUq1dRg/j9g9/Z8o0/qqqXuGwrCdJSWh06NAyv6Wy6PvR+oP25um8AVpy0lLHJmAkIpHx TA+Q8+iI5FSerp93mJyXaO8QDb7o0Fp8Dsx2UIwcgt5aYNao2ow/8TYwJV69ut1OZ5N0Ka fal3Cr8W/cRPiMGgJm/7+zikU2UvUog= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=Q5eimXIC; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf22.hostedemail.com: domain of kees@kernel.org designates 172.105.4.254 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1745872172; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UDFYwUqLroDZhxRE5EklR6rXEIZMMRVsELfzFCVi4GI=; b=NBkNmz3mIGvByaEdakgh1d1zu9IVcExOd7gRz0TcgTEfWXC6D258pwBU5tonQ9p2eA6dsP 6wPxXQjaqyQMGz0z0qSv3uvGS1sg/E9KTo/OXd8dnbDmwluJ+Li5Mgp/qqtvlcgUvWAuLw HAXxp+8X97GpAwbHgATRRGRuAcxpveA= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by tor.source.kernel.org (Postfix) with ESMTP id 6554F614AE; Mon, 28 Apr 2025 20:29:06 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2DF64C4CEE4; Mon, 28 Apr 2025 20:29:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1745872171; bh=t99wgD/1kSq3OuHKjbQE/PDIYvLBiQxFXqsgNZ//Wik=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=Q5eimXICKZ4Cu4j4zFJd6XxcNBXnYVyfIFXx0e7pzbIm/5vx27voqC+0VoormEO0c t3nZPZWXEiV78kT4prnKA10SKsTy4TdMiqN7eLGQAyob8Dtk2K4+9HRp9UiIQurDuA ypUKp7hmD9P0GdNrsI1q4tSKlxvtvP24dBidWIoHupNW/+C3RBw5xySMufbjejcv9k PBSBZNtwUArGm9J6zLU4PFSY4IZBRU5u7a6K2dA1FH9hQvN8l5KMqPXb6zJ0XN0xQH dBEsBFEJXfpFXhQ+8hBJYj3bjGc51M4xORrpPRPlFMltBWZMkB13910li0f2GGrmWF nXIkKEWeD3Xxw== Date: Mon, 28 Apr 2025 13:29:27 -0700 From: Kees Cook To: Lorenzo Stoakes CC: Andrew Morton , "Liam R . Howlett" , Vlastimil Babka , Jann Horn , Pedro Falcato , David Hildenbrand , Alexander Viro , Christian Brauner , Jan Kara , Suren Baghdasaryan , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 1/3] mm: abstract initial stack setup to mm subsystem User-Agent: K-9 Mail for Android In-Reply-To: <4941ed00-09a4-4926-b7e4-9cdd70eed281@lucifer.local> References: <92a8e5ef7d5ce31a3b3cf631cb65c6311374c866.1745592303.git.lorenzo.stoakes@oracle.com> <202504250925.58434D763@keescook> <8fc4249b-9155-438a-8ef8-c678a12ea30d@lucifer.local> <4941ed00-09a4-4926-b7e4-9cdd70eed281@lucifer.local> Message-ID: <3D2389C5-6908-47DD-824F-4BCBC8273653@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 64CE4C000E X-Stat-Signature: drequd8a993krdx36xjeqk7xh13pbt7t X-Rspam-User: X-HE-Tag: 1745872172-916761 X-HE-Meta: U2FsdGVkX192mR7Gyl+hSV+rXhII4kb4oh4Q+di6b8uraevM0pUVI3P9kyDS3lDDn+iK9Q3EKYDvbwGTy6YrV84CNs75EqkXcBXs66c2rW1tRoib4rDX9RiGLlzlejGIZy+aPl0OenASuE7VR9IoVITKUeCkaKbr3+q0Dl3C+0Wh85567I+EV0O9I/nolQylisdW2dQBpNZsPpiN2WW9EJxZk1uVIacOe6W+HJHqT6uDrbc0oqfECDzTLoa30HAQ0vqYRKjUdXS4Y4SKmfx40dzmVkCVi5ZGcO4LyHRzrS5fr8SWIFjNvB74nsHfL6R0COvObU71Mbmbj9xafM17i/PYU0pNkPPcFGLuXxptCKeBbQIHaPw8pDSrn5dyBHy8WV8neNR0NuVe9OeyZStGf0uZhE4vppA/X7HHxx/gTbFZ8BUTrfvEKbGyZ/zqmVo4qp5wKJNwZ3q9VcPDDcIk2a4u9HNa/LsCRu6xf++ZALnJATBHFuLxIGla/F+YIxzXGik6ZlKLotjpIHRvmvIwwzYJ1V0DI9knrFtgP4rPNY4Q8IhH6uKggq4/oaa+fuOMepm9TZsX8B2Eznb6v79zMh6k4+/ueanmUQobvjtspK6EnwXseQNiVu9baOSDqPcOoTY+MXVbMIyK8c2LHwX8Ka/m2n/QrQ4/SB24Z/Ki9cD8/LCSGQfyEOq0J+TbRCwGEN5tpbTVDGIl4FJip3rd3z9nplB5RPxjRKCmWlO74KriYM2MB0nUWguNfA3ak86HaUwadPzCOH8enpqncY0Zb5tiHCELcuIMr6vbe66yhU8xhPTgcodLb0olEC+PyngZUr4Dnx7K7XWnpH0cg7wMHWTDqhASKreEsEK6jpw2bRzbGjbnnGe3Sly5RdNjvbqgFiyVlB9xFllJ5lLKoXu4cRYHIPitkHt/hMZWCeudURh/1x+kZMDZfjuX8yu1Hs+z5w7XhUdI/0PCXDKOZOF zngo4a9K 2okdWTri5/2VWaB7hYZSlgMvmVD8u4GQC/M3yUzJc+FgyP8YQEU63Y+R5DlbeG1jF/xxhWZ4M1ITKdGM3VOQS/2xKDrSIVmaOPhRDteafwA65nK1kxTysQ0luC5q9OhNY9Ra5NmyZzZyRgRePB9FlRZXt2MJxl8LN8HeRUbhMKSvgjuMp1VsTHPWmSCLAiteh699TYwpcX0C37ISlSK1yi6gH2sxKgJz+YM+xlRXVndgsFe0fyDEr50VmdfM3ZltcJzHxxnf6le2qpp4k7s+iYitNRWXDzS14/S0i X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On April 28, 2025 3:46:06 AM PDT, Lorenzo Stoakes wrote: >On Mon, Apr 28, 2025 at 09:53:05AM +0100, Lorenzo Stoakes wrote: >> On Fri, Apr 25, 2025 at 10:09:34AM -0700, Kees Cook wrote: >> > On Fri, Apr 25, 2025 at 03:54:34PM +0100, Lorenzo Stoakes wrote: >> > > There are peculiarities within the kernel where what is very clearl= y mm >> > > code is performed elsewhere arbitrarily=2E >> > > >> > > This violates separation of concerns and makes it harder to refacto= r code >> > > to make changes to how fundamental initialisation and operation of = mm logic >> > > is performed=2E >> > > >> > > One such case is the creation of the VMA containing the initial sta= ck upon >> > > execve()'ing a new process=2E This is currently performed in __bprm= _mm_init() >> > > in fs/exec=2Ec=2E >> > > >> > > Abstract this operation to create_init_stack_vma()=2E This allows u= s to limit >> > > use of vma allocation and free code to fork and mm only=2E >> > > >> > > We previously did the same for the step at which we relocate the in= itial >> > > stack VMA downwards via relocate_vma_down(), now we move the initia= l VMA >> > > establishment too=2E >> > > >> > > Signed-off-by: Lorenzo Stoakes >> > > Acked-by: David Hildenbrand >> > > Reviewed-by: Suren Baghdasaryan >> > > --- >> > > fs/exec=2Ec | 51 +--------------------------------- >> > >> > I'm kind of on the fence about this=2E On the one hand, yes, it's all= vma >> > goo, and should live with the rest of vma code, as you suggest=2E On = the >> > other had, exec is the only consumer of this behavior, and moving it >> > out of fs/exec=2Ec means that changes to the code that specifically o= nly >> > impacts exec are now in a separate file, and will no longer get exec >> > maintainer/reviewer CCs (based on MAINTAINERS file matching)=2E Exec = is >> > notoriously fragile, so I'm kind of generally paranoid about changes = to >> > its behaviors going unnoticed=2E >> > >> > In defense of moving it, yes, this routine has gotten updates over th= e >> > many years, but it's relatively stable=2E But at least one thing has = gone in >> > without exec maintainer review recently (I would have Acked it, but t= he >> > point is review): 9e567ca45f ("mm/ksm: fix ksm exec support for prctl= ") >> > Everything else was before I took on the role officially (Nov 2022)= =2E >> > >> > So I guess I'm asking, how do we make sure stuff pulled out of exec >> > still gets exec maintainer review? >> >> I think we have two options here: >> >> 1=2E Separate out this code into mm/vma_exec=2Ec and treat it like >> mm/vma_init=2Ec, then add you as a reviewer, so you have visibility = on >> everything that happens there=2E >> > >Actually, (off-list) Vlastimil made the very good suggestion that we can >just add this new file to both exec and memory mapping sections, have >tested it and it works! > >So I think this should cover off your concerns? > >[snip] Yes, this is brilliant! Totally works for me; thank you (and Vlastimil) fo= r finding a good way to do it=2E -Kees --=20 Kees Cook