From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 47AC7C3DA4A for ; Mon, 5 Aug 2024 21:34:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CA6CC6B007B; Mon, 5 Aug 2024 17:34:13 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C57BD6B0082; Mon, 5 Aug 2024 17:34:13 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B1EAF6B0083; Mon, 5 Aug 2024 17:34:13 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 9409C6B007B for ; Mon, 5 Aug 2024 17:34:13 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 3BF5D40694 for ; Mon, 5 Aug 2024 21:34:13 +0000 (UTC) X-FDA: 82419495186.14.0A53E40 Received: from mail-oa1-f48.google.com (mail-oa1-f48.google.com [209.85.160.48]) by imf29.hostedemail.com (Postfix) with ESMTP id 67FD212000F for ; Mon, 5 Aug 2024 21:34:10 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Q4G7MqTe; spf=pass (imf29.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.48 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1722893588; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kJj/weLh4AnZstbA8m8zHpr8XkLqzL/0qgZoHSEQ9Eo=; b=5cnHMK9opdW3Jyv3cGwy26BEfsKza6a2xeJd2qw436RsmqnfatGBIYr0898dp7PhO2W1DN J7stNUnfGdWcwRrw65EeIRuk4BYcgLAjOxxNQhcpvX2XXZqEEeA9nZJ5eZjIy2dMCwjrYz 6NYfRqTEvYviXM9VBYtYMOoKbdQJ+x4= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1722893588; a=rsa-sha256; cv=none; b=cjTrPUZdUt1YPvhTrSGZ2UgWDpuh7SWUzIUKMb7kXYPl0ZtXe78XOu1LT6vmQ5oAWaaa1G JTAPzGsh+aNHV7dkVpIyrG4pNNMuVZeUSt9Mvn5FtNUnkuAob8MbJTHtBQQ55gXD2FJ/Vr DRSFfljmlNz7Ym8u/ILTg1giji8wG6Q= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Q4G7MqTe; spf=pass (imf29.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.48 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-oa1-f48.google.com with SMTP id 586e51a60fabf-260e6298635so2682319fac.1 for ; Mon, 05 Aug 2024 14:34:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1722893649; x=1723498449; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=kJj/weLh4AnZstbA8m8zHpr8XkLqzL/0qgZoHSEQ9Eo=; b=Q4G7MqTe1VPUM7CvKpiqXLMHlaIMgir/r0eyvQ92ifSZqBNVw6qWTd4lOpGecYucJ4 F8ocv9mhCwxkJDZGgb8t/Hj7dQ9Er839TGCANYDNiDrK81vIxOAy6HyyFLQBaw0LDMo1 TkXQTUuNnac30Qkej4iEfLMaETaBuuJ6ZHKo0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722893649; x=1723498449; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kJj/weLh4AnZstbA8m8zHpr8XkLqzL/0qgZoHSEQ9Eo=; b=ApSl9nhyynfaZy3uEJWTxLpb8OsBdaF7f1nPBujmS6ef3sJ6zgvBZUy2nvPK5Qg8+i uN+fdzlsaOIM8F9GMQQLuAS3jxNiOZhD7Z9a3J1awZ/du0wYAtWZRFtgg1I5PISAgkYq iYHLuTNkeXzN57ugjfuKGZT0KTawDZVmGSuQhW22Cx0hnHcQhq4cZ0Emy4Sm1qvDNhUB 8tHuc4VZeSUi5uPZwykwmcK5wxJ8lVMk+02utXxG6SAAGsBQGY51UCiQeJXqzrLnywYK RoDJ1YBZH78auOueor4d4pS2gEyM7/WW52zHsLQAEw8DcxUCnaVRTzuxtH0fGy6HsAZE mLDA== X-Forwarded-Encrypted: i=1; AJvYcCWhQmaPXytW2dBWmhjrrUaN6oSF2WTlw1SiUGmvITgfVH9dfE5N903cGcnXraR7AqJdQHw12rZUZbXLdlgVSWeDFuQ= X-Gm-Message-State: AOJu0YyXUMmVOHf1u0maG5U3AJ9Z4I55GFcSr+DG/mKIu8k0HvR+UHua qzMknFDxhBLPNlHiuJ8X5Q7CnDeitei9cUPyzfz3Bwy+Ya3B/Ch0VVeToRHjxa3TjKt45JFnR+P 16VQh85hV1iVLCP5Fi9KAG1ED/N+spli+wiDT X-Google-Smtp-Source: AGHT+IE8TLudz2YreomFPKewuIm8hKAgVVHp3aBUWpNonauvOFyC4N7BUufAoKQLSGYePiH0K984kKpEDPpFSCQi7Sc= X-Received: by 2002:a05:6870:1485:b0:267:dfce:95ec with SMTP id 586e51a60fabf-26892644934mr6054136fac.14.1722893649241; Mon, 05 Aug 2024 14:34:09 -0700 (PDT) MIME-Version: 1.0 References: <20240801170838.356177-1-jeffxu@google.com> <20240801170838.356177-2-jeffxu@google.com> <202408051402.9C0FA18A12@keescook> In-Reply-To: <202408051402.9C0FA18A12@keescook> From: Jeff Xu Date: Mon, 5 Aug 2024 14:33:57 -0700 Message-ID: Subject: Re: [RFC PATCH v1 1/1] binfmt_elf: mseal address zero To: Kees Cook Cc: akpm@linux-foundation.org, jannh@google.com, sroettger@google.com, adhemerval.zanella@linaro.org, ojeda@kernel.org, adobriyan@gmail.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: odpcxey1xiihmoen9mat1a4obn16exq5 X-Rspamd-Queue-Id: 67FD212000F X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1722893650-852889 X-HE-Meta: U2FsdGVkX1+5NPIrHSFupwWtgZxC1Z6Q9D6snioNqU1aa5SrmCw//70GTCSeaDrGgZUXzAdIkw10pY8kanlLq9q8uL2dzBovmGb0QIUcUeK6x4VGdaENHD9shmyJxlqmimn7X+c+5490L2wIJdWWKqdGIbIAwuC+fRorb4tZ6jMRDEEMSqpOvaVtH8rc9E6qxZCC4wUfXmUWJCN5MVjtuEn2pqVa0qzzXLc9jlnu+kmVBNgRlQSKKmRLYCG5JZ4KOt4O5KspyXEAfVmmz9qSx3oBryjUpr9tkJsHZUYcNeRC9xLJ7nFFAuHx+h6VimzhjHozRs5gDNBG8N/Xs/zSeBfc2fqZktJNNTneH6Bj+/9Q23/iw+KinHJbOj1VPFoqhnr6TNk+fRxGbHxU5JvfkA4+wqEtN0VoNCJnlaNFXbliSZcHNmk07sJs1hb2GSJy53ftHwCWskdCynitjprHtuNKaHwmjA5TGpeUJyf3d+DRaa0gwlHYaY6FteytDV/lM7PYaLx3M4S+aTF6xsZ5UmR+s25b7Xc9RdAvxImEEZXGXeGARNXpej06mLKqqCecX5ifp36nHWQq0McIJwwGAkaq2hoEOD4MzO1zOdWEFdjImUKaaqdGo5jW6kIl/8qs3/Geee0V/rAZhdvp8OkrgQkHK4piZh76Jze1paab40mGJmkg1r+Aeby43+Xu2CVXFvns66UKiPFq81yh4oCVGFI1VWMrwYvX9wNofp21T6tUCNK9CEYOiKIKJyxQHUNTGe7dfn25kaayBwGweCXxQ4N0uWWQh0ZcnX8z52Wv9ZTmf4JwO3nbOUZV6ajoiw+voAsLqIOgDxsNybU6UocNYyJ07MIhzTgBT8GSB6yUONYKTOyuCicMI4JRk1oy5a6l1nlTJzognmHgABdbfIcn9gOa3cUcb9lec02qrDc1kp1Vsw2AgQS+wXPgdv9DsEQePIMb9LZn1K4wF+BVmT9 1RLPpqd8 37bHnWlOIrvBfdhGYNHCTTbPUrtOyv+EBdOFvmFCLvwSOiCybrwwZCfU0Wncbp9PanaArIchVno7pKLHiH7VKUp2kfEQo/eYrHhgTwsLHKKhskCUZrr1Zod3gOuW2rIVxXxjN9s7mvqf/n38IA380RnYG4XmM7MNNSl4RszPqarwdXKregykoWCVmOZ6VIEngbHDjUrpLvCkFzqdnnzk8neZbp3Cuyul2YJXyu/aP17j7IIRbliXAJocLeRoFZBAxc228MPZ2U1Io3WiVWr0LENZJ26ULUJx99+rj3WpCQv+oaWUx3dbtpiffJ5xzoIDY2P8vguL9Aa/1hm8oq1jNUSwTlQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Aug 5, 2024 at 2:05=E2=80=AFPM Kees Cook wrote: > > On Thu, Aug 01, 2024 at 05:08:33PM +0000, jeffxu@chromium.org wrote: > > From: Jeff Xu > > > > Some legacy SVr4 apps might depend on page on address zero > > to be readable, however I can't find a reason that the page > > ever becomes writeable, so seal it. > > > > If there is a compain, we can make this configurable. > > > > Signed-off-by: Jeff Xu > > --- > > fs/binfmt_elf.c | 4 ++++ > > include/linux/mm.h | 4 ++++ > > mm/mseal.c | 2 +- > > 3 files changed, 9 insertions(+), 1 deletion(-) > > > > diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c > > index 19fa49cd9907..e4d35d6f5d65 100644 > > --- a/fs/binfmt_elf.c > > +++ b/fs/binfmt_elf.c > > @@ -1314,6 +1314,10 @@ static int load_elf_binary(struct linux_binprm *= bprm) > > emulate the SVr4 behavior. Sigh. */ > > error =3D vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EX= EC, > > MAP_FIXED | MAP_PRIVATE, 0); > > + > > +#ifdef CONFIG_64BIT > > + do_mseal(0, PAGE_SIZE, 0); > > +#endif > > Instead of wrapping this in #ifdefs, does it make more sense to adjust > the mm.h declaration instead, like this below... > Sure. > > } > > > > regs =3D current_pt_regs(); > > diff --git a/include/linux/mm.h b/include/linux/mm.h > > index c4b238a20b76..b5fed60ddcd9 100644 > > --- a/include/linux/mm.h > > +++ b/include/linux/mm.h > > @@ -4201,4 +4201,8 @@ void vma_pgtable_walk_end(struct vm_area_struct *= vma); > > > > int reserve_mem_find_by_name(const char *name, phys_addr_t *start, phy= s_addr_t *size); > > > > +#ifdef CONFIG_64BIT > > +int do_mseal(unsigned long start, size_t len_in, unsigned long flags); > > #else > static inline int do_mseal(unsigned long start, size_t len_in, unsigned l= ong flags) > { > return -ENOTSUPP; > } > OK. > > +#endif > > + > > #endif /* _LINUX_MM_H */ > > diff --git a/mm/mseal.c b/mm/mseal.c > > index bf783bba8ed0..7a40a84569c8 100644 > > --- a/mm/mseal.c > > +++ b/mm/mseal.c > > @@ -248,7 +248,7 @@ static int apply_mm_seal(unsigned long start, unsig= ned long end) > > * > > * unseal() is not supported. > > */ > > -static int do_mseal(unsigned long start, size_t len_in, unsigned long = flags) > > +int do_mseal(unsigned long start, size_t len_in, unsigned long flags) > > { > > size_t len; > > int ret =3D 0; > > -- > > 2.46.0.rc1.232.g9752f9e123-goog > > > > And if it returns an error code, should we check it when used in > load_elf_binary()? (And if so, should the mm.h return 0 for non-64bit?) > It shouldn't fail. I can add pr_warning to handle the error case: pr_warning("pid=3D%d, couldn't seal the page on address 0.\n", task_pid_nr(current)); Thanks! Best regards, -Jeff > -- > Kees Cook