From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DAB0AC71153
	for <linux-mm@archiver.kernel.org>; Mon, 28 Aug 2023 14:46:46 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 48407280019; Mon, 28 Aug 2023 10:46:46 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 40D488E000E; Mon, 28 Aug 2023 10:46:46 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 28706280019; Mon, 28 Aug 2023 10:46:46 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 132C38E000E
	for <linux-mm@kvack.org>; Mon, 28 Aug 2023 10:46:46 -0400 (EDT)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id EBE644028D
	for <linux-mm@kvack.org>; Mon, 28 Aug 2023 14:46:45 +0000 (UTC)
X-FDA: 81173789970.30.7584C55
Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171])
	by imf05.hostedemail.com (Postfix) with ESMTP id 0097D100021
	for <linux-mm@kvack.org>; Mon, 28 Aug 2023 14:46:43 +0000 (UTC)
Authentication-Results: imf05.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=SwJYHWYP;
	spf=pass (imf05.hostedemail.com: domain of revest@chromium.org designates 209.85.214.171 as permitted sender) smtp.mailfrom=revest@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1693234004;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=hojslKU89OGZiopVEeX/Q5HHgDBWv2GS+nilxQCP6n8=;
	b=lXtyrLuqF4Ok5gyPtlNWLqcCHK4qW/5Q1MFoW5JglhjM+WQC7QqLgN1xHUryqmZ7BZqXIS
	dk+4BfVTbCDUSm9SBVvN4EoULRZRtmchP8hyq6ithRRTEpuGCxk3gIdXTji2yjdZn2wBId
	xhiX3aQTZ9sXazv+Kydl+FipHWFQTLs=
ARC-Authentication-Results: i=1;
	imf05.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=SwJYHWYP;
	spf=pass (imf05.hostedemail.com: domain of revest@chromium.org designates 209.85.214.171 as permitted sender) smtp.mailfrom=revest@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1693234004; a=rsa-sha256;
	cv=none;
	b=Gx+93N3YdGxx3MwHIEKpx+3QbzM5NEkhLeBJCmj/OmG2FRQ5xD14xQkpEZdpXUkmV5z2UF
	ohStBNCnXevZi4SE5N2GxGFU8CroL0O1UNkYQg/VusTeUYQQpyE0mUgperKJ+a5BAIs8g7
	zva/uOYrOrzG5E6P/7daew8ruXa3xHI=
Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1bdb7b0c8afso18311415ad.3
        for <linux-mm@kvack.org>; Mon, 28 Aug 2023 07:46:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1693234003; x=1693838803;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=hojslKU89OGZiopVEeX/Q5HHgDBWv2GS+nilxQCP6n8=;
        b=SwJYHWYPwKXFib+Kkm1zjgKNgqrXVBVAQlTBxtUca7y62BreR+KFIzav7YfOE3UvUt
         ZpFRt1q98XWsQARhjOTBEp0SHn1CXFrHFrEYBOKHuWgHHmbUo/q4mUAm86Vi1B8Pl5Nn
         fqM/8LkVXTF+U+Aly963weoWPzzMAeKU53/NQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1693234003; x=1693838803;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=hojslKU89OGZiopVEeX/Q5HHgDBWv2GS+nilxQCP6n8=;
        b=NpMhYMTjKiCT+FepwsusApgkq4/nHn8Cm8x7Rl57slylpBaEW59x2Yrti/d66mXojp
         NRfztU/cWnotVm5vq/0hxb+MV4KU/RzX/5tbf/tNyBNalI3/gruPoF/Mr/5DPdX8tIx3
         zmYzaLYE/tWGcvEa2majeEkfsCFCvpTJZiD6LptPbGuIJu3giPiRNTsnMx62RyrZM8T5
         CHZEN9m6cEzS/0tMWoNcx4YDHaWfY87Jc3B3IW/D2aQXxomTI3Ia3pinupQDZl2CFQzf
         10bh7X+1w8wLbXCYkWYuCdVmjHwAAP7M+jm/XmMO0n7SnJOI57kyuFNvqlzT9Yj89vM2
         tazg==
X-Gm-Message-State: AOJu0YyME4vSjTrLmXLsQoRBQz8pg9q1YRkBRt2QsfhtNch3IqMkS5o3
	swI2dAm3VHBj2d+miDSl077D65RXUkaQ1DMvzXq+3Q==
X-Google-Smtp-Source: AGHT+IGN02H1r1gE7l7bfLrtgLYA7dmiP7U2Qc3iX7gH1DRg+NhrHeWy+YV4uZCc4jjq2WKSVC39RoCgc1+lrQ4i964=
X-Received: by 2002:a17:90b:1204:b0:26d:37a:9f9d with SMTP id
 gl4-20020a17090b120400b0026d037a9f9dmr18694915pjb.29.1693234002890; Mon, 28
 Aug 2023 07:46:42 -0700 (PDT)
MIME-Version: 1.0
References: <20230704153630.1591122-1-revest@chromium.org> <20230704153630.1591122-5-revest@chromium.org>
 <202308251535.551E797B1@keescook> <ZOtK7LwdDbVzCvjR@arm.com>
In-Reply-To: <ZOtK7LwdDbVzCvjR@arm.com>
From: Florent Revest <revest@chromium.org>
Date: Mon, 28 Aug 2023 16:46:31 +0200
Message-ID: <CABRcYmKa1ROu+kM8QMn0iM3JzTmojoOUR0bzRe0sfXukd3cEOg@mail.gmail.com>
Subject: Re: [PATCH v3 4/5] mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl
To: Catalin Marinas <catalin.marinas@arm.com>
Cc: Kees Cook <keescook@chromium.org>, linux-kernel@vger.kernel.org, linux-mm@kvack.org, 
	akpm@linux-foundation.org, anshuman.khandual@arm.com, joey.gouly@arm.com, 
	mhocko@suse.com, david@redhat.com, peterx@redhat.com, izbyshev@ispras.ru, 
	broonie@kernel.org, szabolcs.nagy@arm.com, kpsingh@kernel.org, 
	gthelen@google.com, toiwoton@gmail.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 0097D100021
X-Rspam-User: 
X-Stat-Signature: qeuwr8onup9hcy866czg3h5s6cfkx8iq
X-Rspamd-Server: rspam01
X-HE-Tag: 1693234003-7722
X-HE-Meta: U2FsdGVkX19zu9AQVr0WeFR1tx/0qgNgTfK3/fXgHUbmZlGLkC5b+ShiiSkpKY5S0jeQB6hRcCE0coZmbqn18Mb1FKnGjF8RPKBkFcy9TRcoQ/7qwYCT9KfqtQvUQxlYGlYtBh5389n+aZfVNHz/j9PFJdeRcaVhN3//ipGZXqnYdu6kDmivIpR+EDEuGSOdijcxeihSvB6kV8TXzjl8mCpmAa5WyCy7FEQwWmSZfazLpUmQtGGSnqND516H+75/f09oGWqRX4n3yBc993l9JfHYO9aKfV1xwRVL2g02Cu0aZ/bKp7mdouoGGD3514olQ9XTlF+SqLAxGgPnexkNfBaJlH+uNPG83Lv/flLWIb+2aM4RXvKdvdufldmambMPBhy6yiqHhWddaeMWjzFZ8m3J/lrtizQ1TdrkRLNgEjsoXIQndG4AKKn0BPWuxRoa8o1EYQ+VEjlbyqZuOqO7qCDo8kijSeMCagYKlx3TuBHK7MsvGi8jrwx776gUyIZCCfixH3STsjjE3/UvGRzEFTtx/ggo+8aahQajdO4K7pjEi9xV7ugkrOZlFk/dHEQPV5gS2vb9Ldi3PWEMEHh/hxD6sXzYlEdfuc82O6IkLIZ1V5ZChGOIdc7PpmXyULV4t4xQlplEzoADY50yNVL0eo18INdytrFbYQP2w227Jm0t2NWYDKbHwcP/Chc8s05XQXe+Dwe7s5XRNMoyxTwP965AjLDolIHXrxZBU6XBVKOYFqElWyFAe8L+OzThfeFTy7k5yufMAkdqMpHyjGBDNNCzjDizNTSIViTUux8Na7nVKsJKQk5PKjm4TDycfJsULQ04naVl2+awT6rr4OrGC1RTWnW2TEAluu+B4LlrChNNK1LqRmci92M5Sc2hPBQ8GY22XBKQp7LAOJBpr7rfmJy8CHyfPm0affGvhbiblt7qBvxsdd/qLpOPrEBv74Bn0HaofibtOVMnc/dW5Oh
 w8kAvAYZ
 0yrxopRS1tagGEmqM05d5TIJ/lvBGbaCtzO9uZ1TXGdISYuSGPesLDc3zh1pfaSNWDKcb2zc/WZBhCTQDIPGEAI+xOwX4lFCRkGr4MTjL7siAsWUHKb85SMGmZBxNKuIKn1VkRUMAWruMrPvU9Sqgx8Q8FeWB0r8spy5gJEKpAXJj530UHweilcjCc14B6TrQLl06w7DMB2jtSt2+TDc+5rgtD5HVSU5cWNdTrOM/yiDLaq2NsyozXYCbArhVGudgSdmReZsHqmkdTFoiqVBAhIgHQQnzKJ94gWZpF3Wv2Ru6lNmLGWqaZs5smoLrHrqkC0n+td6Nl5wPHVsGmAJeSyXkH8YR49f8na7qOBOq1F2HV+6CrW4sUzLjUe8f1XIWrRK7d5pEg76ZnnJWApe5omFk96X0ULs558xn
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Sun, Aug 27, 2023 at 3:09=E2=80=AFPM Catalin Marinas <catalin.marinas@ar=
m.com> wrote:
>
> On Fri, Aug 25, 2023 at 03:38:36PM -0700, Kees Cook wrote:
> > On Tue, Jul 04, 2023 at 05:36:28PM +0200, Florent Revest wrote:
> > >  static inline int prctl_set_mdwe(unsigned long bits, unsigned long a=
rg3,
> > >                              unsigned long arg4, unsigned long arg5)
> > >  {
> > > +   unsigned long current_bits;
> > > +
> > >     if (arg3 || arg4 || arg5)
> > >             return -EINVAL;
> > >
> > > -   if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN))
> > > +   if (bits & ~(PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT))
> > > +           return -EINVAL;
> > > +
> > > +   /* NO_INHERIT only makes sense with REFUSE_EXEC_GAIN */
> > > +   if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAI=
N))
> > >             return -EINVAL;
> > >
> > > +   current_bits =3D get_current_mdwe();
> > > +   if (current_bits && current_bits !=3D bits)
> > > +           return -EPERM; /* Cannot unset the flags */
> >
> > I was pondering why PR_MDWE_NO_INHERIT can't be unset, but I guess it
> > doesn't matter. Anything forked with have it off, and any process
> > wanting to launch stuff before locking down can just skip running the
> > prctl() until later.
>
> I had a similar doubt initially but then realised that the no-inherit
> mode won't be inherited and concluded it's ok.

Indeed. We previously discussed that in
https://lore.kernel.org/all/CABRcYmLt2KsCoD8WzyCTxuY=3D6ppuWEqyLSDRXSsmXSxP=
LHtEzQ@mail.gmail.com/
and I agreed this doesn't matter for our use case and this keeps the
code a lot more maintainable :)