From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 78DC4C77B75 for ; Mon, 8 May 2023 12:19:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CF3956B0078; Mon, 8 May 2023 08:19:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CAC996B007D; Mon, 8 May 2023 08:19:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B6B386B007E; Mon, 8 May 2023 08:19:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id A4D526B0078 for ; Mon, 8 May 2023 08:19:26 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 6D890160352 for ; Mon, 8 May 2023 12:19:26 +0000 (UTC) X-FDA: 80766993132.04.C8F5B5A Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com [209.85.219.177]) by imf25.hostedemail.com (Postfix) with ESMTP id 86ECEA0010 for ; Mon, 8 May 2023 12:19:24 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=A6Mkv86h; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf25.hostedemail.com: domain of revest@chromium.org designates 209.85.219.177 as permitted sender) smtp.mailfrom=revest@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1683548364; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3e1jUGaTBuNemN6uR6TzC1pUueo581jEXtXPySa7NMk=; b=DfI931US+vT+cytT5FAB96UwHjqxbuLI4xzFP2Ur5l1+JcGBfm8cqYUUqH7zy3HhfZ74EB STaCtFh9G1Rz92gYoR+ZyU7uteYkTZPXHttzdiVFOwi8COOqhi9AxII0vBE1IxRhsQpfn7 FhG6XiHfu+iKhPX9MJVlG5sZK9hGkSM= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=A6Mkv86h; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf25.hostedemail.com: domain of revest@chromium.org designates 209.85.219.177 as permitted sender) smtp.mailfrom=revest@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1683548364; a=rsa-sha256; cv=none; b=Y0CtOOGX6l/9bCmzrjjaszSUTq+lTbG6H1WSnTVucA3gZSP2qtbzXZXWPnEahPzO9yXssn LcvMj2X4lNFcXroWBT/VDINtCbIG6T+QoYRMjerEtJlIicGTSRzlzG6CMks90CiULFJCEi 7SB39BAVPUs8ah83E0zfutH29c/OHXQ= Received: by mail-yb1-f177.google.com with SMTP id 3f1490d57ef6-ba1911d60f5so6966997276.2 for ; Mon, 08 May 2023 05:19:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1683548363; x=1686140363; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=3e1jUGaTBuNemN6uR6TzC1pUueo581jEXtXPySa7NMk=; b=A6Mkv86hwIx6f/B5WBK9P8lELs+BBS9TszBK/UvE3xjp2vCHi3KewIl28l4TOxQLMD 6Ez67rsF+oj2G/X/1OhgsActVl6nl/IkdPd9r4YWvpTa/399TI3vJMRgIER53HrZ1thC JwkbJ69NTueqQY2eCJ07uohj4IhnLIYN1vkeo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683548363; x=1686140363; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3e1jUGaTBuNemN6uR6TzC1pUueo581jEXtXPySa7NMk=; b=LERul/lajjlKdCvWgFFuPIVo5bRLbpANCJp0QjsejdP44gvRppqQRxRFGR0T/q2RN5 Mi6gM4JxS9VqtQGd4wvAV1jxW75kwgi4EQmkenWk4/lHhxrSZcdUpV9BsIg6O9cUzm8B 2eFQr1XUhtfQ4P0IseqWZO4fooWW9W5eBI9DsqQVkYNtTalu4VvVzSn9f7VzfmgJnhFF IyG/cirgulLOnZlY3pgGKCyjWTX4znYNBW3fnYf3TjIq+3yxWUN/M29Oc5AuXiYHQzYa nY7emEvCFJ1Ch7UFCQMEO+9I0jKMXA/wwE72TN64IrUxQ9FtgN3QpWeDJZtL/iF7yzxT Mohw== X-Gm-Message-State: AC+VfDw0BzARN1XmC8tTvPJdTxvukNRTe5e8jlqnufpfEKz6W8NeO3oZ 5lnO6Y3Vai//dpofHe9SZCRw5Wo51ab4ph0Lghvxa5IdGkTLDux7 X-Google-Smtp-Source: ACHHUZ7TBiJ/msXleYpLRRPvIC1oV6IgOG3qi1a+0OGSs6T0pyQ4avGRXWbvRbzC2K8iwZm2pVAOHPpHx+cjCDE+ouc= X-Received: by 2002:a05:6a00:180f:b0:645:d02d:9a83 with SMTP id y15-20020a056a00180f00b00645d02d9a83mr4581132pfa.17.1683547925407; Mon, 08 May 2023 05:12:05 -0700 (PDT) MIME-Version: 1.0 References: <20230504170942.822147-1-revest@chromium.org> <20230504170942.822147-4-revest@chromium.org> In-Reply-To: From: Florent Revest Date: Mon, 8 May 2023 14:11:54 +0200 Message-ID: Subject: Re: [PATCH 3/4] mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl To: Catalin Marinas Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: mrqj5b6hntap1d39nnk4xfyk9mardg4t X-Rspam-User: X-Rspamd-Queue-Id: 86ECEA0010 X-Rspamd-Server: rspam07 X-HE-Tag: 1683548364-739320 X-HE-Meta: U2FsdGVkX19cLTyh7T35Dv8Er8BmC/QL+qtqTOXTVHlPnpT2U8ez2wbF6UQGFNJvudHIREBVZ3tNIANHRvg+dqSJMy0fieLSxkvfGvrvDnefOjT+atGYDfD3NLapdaHCrkzenYDbyxQXqKe51Ya8WhMN2fiM/GHjdpoftAOLKBB2EX+f1bvgZwfn69LxHP/LcFI9hMV16NDpHqh0CDu+YWl7iTSGbZH9gO63lYtBXy4/UfUgsp3NVWYn8k0Z+ENO/YxdqWUo4vwp9DmgnH4Osovf8CaFk9vOOTaIEwm3g39NSyFmN7fHyB4wHqydr1bPVPTV5YX0IM7YHHfsPmo2s/vpX9ONoOCD6KO77lv7GsU4ouB2vauxsaHmnDdP5m16v1mTkGywgM3KH+EerbGxawmz46Zmg1RvzLBr72VeJrdwl+vfvQw8YZS7FuUrPfDi070wyIz+u3bhosi0HP0GPfevQkYvrKNvS1wNB+u6s5WrMYo2see5AF3eQdFJ+w14tzlsRygMIdUx2cDQQgUHdYSDOF6sYgdSTCAElIchvxqnWMF4r9IGzq6bwX8KqfUPQydGUVvn3gdqNa4YmyIN9D6Z/IPBW2rIMJQh4/P3Jo/lSyqvYz3g04Pf7p5i42RQsfOzEUgTgILDfmcJ5lno07FgyidFnXFpFl7lFL5kyLGMofctYB9ld11YwvW3jM3g4MLkHPIlkkJvhBlisLMOKB//YKdTzWIbiKDM5jxOrpDTLjkCD8so+KiibM+5xGz/TdfQhfTHT3SXvf8SKvEBpgdFjtM0EczVsqzPWSKTc4i9lmXzXOrPtl/1TV2XyuoPGSQOfYEpurOnkZrl+ktwCa2T1xFqeqCnJ25L5rm7BsaD8kUGhEvNYuDbH+VkdBYG8633gymj8VQ5B12/DPaldk4xq992HC5f3X0gY9qCErVKpiSVtdkLFnZ8n5ZJsUxuVyvZYNVPrQfp2YubBRR Tu6kA/W4 t2iCET+Vgb2RTmUNkHVCSfEGSTaWt84IgBwz1r2YcaVLWhhkEI1bSzOvNLkWr0AbJZRUsxEQvhpj2RbQALlgcV3W9nds+QsjQWA/IojY7bLiGlMDOIcV1zWRUIOP1WGP9QjniicvMynedtuklhV7F+moJIFtL/wF2S3S/1leQtOxLNloSEi/khVme21pklQ32e5OVAOQTCIci7DTS8wv0GmShmpdrUoTqcJvvSSvYnV8/Um6NKbmn5OUzN1QRs5d/T99bjYELcPnfFYiacG030FXLuk55EV1v9NntWc+rm1XahalwGBNpY29ZokrlWtiDQQcNMqaAefGEKWP941e9LYH3Yg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, May 5, 2023 at 8:34=E2=80=AFPM Catalin Marinas wrote: > > On Thu, May 04, 2023 at 07:09:41PM +0200, Florent Revest wrote: > > This extends the current PR_SET_MDWE prctl arg with a bit to indicate > > that the process doesn't want MDWE protection to propagate to children. > > > > To implement this no-inherit mode, the tag in current->mm->flags must b= e > > absent from MMF_INIT_MASK. This means that the encoding for "MDWE but > > without inherit" is different in the prctl than in the mm flags. This > > leads to a bit of bit-mangling in the prctl implementation. > > That bit mangling is not that bad but it complicates the code a bit, > especially if we'll add new bits in the future. We also need to check > both the original and the no-inherit bits for each feature. I agree :) > Another question is whether we want to support more fine-grained > inheriting or just a big knob that disables inheriting for all the > (future) MDWE flags. Yep, I can't think of a more fine-grained inheritance model off the top of my head but it would be good to have a sane base for when the need arises. > I think a somewhat simpler way would be to clear the flags on fork(), > either based on a big MMF_HAS_MDWE_NO_INHERIT knob or individual ones. > Something like below (completely untested): > > diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredum= p.h > index 0ee96ea7a0e9..ca83a0c8d19c 100644 > --- a/include/linux/sched/coredump.h > +++ b/include/linux/sched/coredump.h > @@ -91,4 +91,12 @@ static inline int get_dumpable(struct mm_struct *mm) > MMF_DISABLE_THP_MASK | MMF_HAS_MDWE_MASK= ) > > #define MMF_VM_MERGE_ANY 29 > + > +#define MMF_INIT_FLAGS(flags) ({ \ > + unsigned long new_flags =3D flags; \ > + if (new_flags & (1UL << MMF_HAS_MDWE_NO_INHERIT)) \ > + new_flags &=3D ~(1UL << MMF_HAS_MDWE_MASK); \ > + new_flags & MMF_INIT_MASK; \ > +}) > + > #endif /* _LINUX_SCHED_COREDUMP_H */ > diff --git a/kernel/fork.c b/kernel/fork.c > index ed4e01daccaa..53f0b68a5451 100644 > --- a/kernel/fork.c > +++ b/kernel/fork.c > @@ -1288,7 +1288,7 @@ static struct mm_struct *mm_init(struct mm_struct *= mm, struct task_struct *p, > hugetlb_count_init(mm); > > if (current->mm) { > - mm->flags =3D current->mm->flags & MMF_INIT_MASK; > + mm->flags =3D MMF_INIT_FLAGS(current->mm->flags); > mm->def_flags =3D current->mm->def_flags & VM_INIT_DEF_MA= SK; > } else { > mm->flags =3D default_dump_filter; > > The checks in MMF_INIT_FLAGS() can grow in time if we add more bits in > there but we still only keep a single flag that determines whether the > feature is enabled (maybe that's more like bikeshedding at this moment > when we have a single bit). Sounds good! I had considered something like this but I was afraid I'd spill too much logic into fork.c... I didn't think of making it a neat macro in coredump.h. That's a good point, I'll do this in v2. > (fun remark: I see you cc'ed nd@arm.com'; that's not a real person, it's > what our IT folk asked us to add on cc so that the Exchange server > doesn't append the legal disclaimer; most lists are covered already > without such cc but I guess people feel safer to add it, just in case) Ahah! I mostly just copied the cc list from Joey's series. I remember wondering why I couldn't find any patch sent by this mysterious ND but I thought that if they got such a cool username, surely they must have been at ARM since the early days and have some important role... :) Then... mister nd won't get to see my v2! Thanks for the heads up.