From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C7D0BE69E87
	for <linux-mm@archiver.kernel.org>; Mon,  2 Dec 2024 20:05:18 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 569716B007B; Mon,  2 Dec 2024 15:05:18 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 518476B0083; Mon,  2 Dec 2024 15:05:18 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 3E0DE6B0085; Mon,  2 Dec 2024 15:05:18 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 21DFA6B007B
	for <linux-mm@kvack.org>; Mon,  2 Dec 2024 15:05:18 -0500 (EST)
Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay02.hostedemail.com (Postfix) with ESMTP id 813A91202F2
	for <linux-mm@kvack.org>; Mon,  2 Dec 2024 20:05:17 +0000 (UTC)
X-FDA: 82851097812.25.27D961F
Received: from mail-ot1-f54.google.com (mail-ot1-f54.google.com [209.85.210.54])
	by imf25.hostedemail.com (Postfix) with ESMTP id AAD9DA0011
	for <linux-mm@kvack.org>; Mon,  2 Dec 2024 20:05:06 +0000 (UTC)
Authentication-Results: imf25.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=ocETUvQq;
	spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.54 as permitted sender) smtp.mailfrom=jeffxu@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1733169910;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=Bf8kBob7N+zrqpvEKZnEpktIy618/JwhlZLNzkT+Qqo=;
	b=vuSNRqIKE4kzQpF+wVzRDkMLCm/7xSpVPXrDY3sG56jxxqKonG8PFkaqVS1swaQPikYb02
	6iv0ULlnqBemb8qFZagFCVNvtaYp316Ln+IzaL4kWbHtuXL0I5dG9YYepHo1DJKIGUWSf9
	9Vx98GGXFOiGZzWUnyRFFV76iidMN9g=
ARC-Authentication-Results: i=1;
	imf25.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=ocETUvQq;
	spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.54 as permitted sender) smtp.mailfrom=jeffxu@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733169910; a=rsa-sha256;
	cv=none;
	b=NSyBahbQz9VZ1byJ6Gan6ST8T3L+9Ly8pN/uctwcMb7Bx5Cir7fRb/tF95sGq88BcV/rJZ
	eWAYUJ+MesgkC6uKndZLgREdKNMAtq/eIlUsedvdTmHG8mRXIub3Z9q3gzUAbLbF2WtNW+
	LK1OWKo0AbsLQ8ZaPXS/8g+oF/yxiY4=
Received: by mail-ot1-f54.google.com with SMTP id 46e09a7af769-71d4d3738a2so1043551a34.0
        for <linux-mm@kvack.org>; Mon, 02 Dec 2024 12:05:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1733169914; x=1733774714; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Bf8kBob7N+zrqpvEKZnEpktIy618/JwhlZLNzkT+Qqo=;
        b=ocETUvQqYzjTcJeRkQCCi5N/7xoJQMAArikJ8w4LEtqyPZpAIihIgnqh09IB0ksie3
         Wba89Oy0047cB6nD5xDIfYkg+dyclCzokOXUytzcMmV7szuGg78BBsJesm2teUIxHq44
         0NUR0IZbe2E+qSTUQcb9iDEpuHqdhnzyGRa0I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1733169914; x=1733774714;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Bf8kBob7N+zrqpvEKZnEpktIy618/JwhlZLNzkT+Qqo=;
        b=f+3BJz3dvbImjlohdliwKQ1jE3ihiC99MheLT5eXxGsTGfujulP47b5G5FsmH9lZMG
         +iCo5qyvLTrnD+9r9QmHR+t4ZHqPgArE0KP/N8DSndyDkfnQIHr6j5s3BFPPO+miRin4
         G8kiEJDH7jj9+eI00a0uF5pG+A82KTV3qgWHk226zWrexjfA1yIa7KyZWojrlHet1WKa
         rweKPylIpDZ1+J2JsRSFyyCiQWhT2CpBR1Be/yLWHE59Dt8WjJ41r9BYqDcQhQFXNj6F
         Pl13Rsmu7u09VLXSfdk6BL0jGp8L4W9TuTPThCR9sGzUCD1gfXDiqSy9BvhcSKNFYYoT
         HjUw==
X-Forwarded-Encrypted: i=1; AJvYcCVz1+hQ+oyUkBPYJZNKHdqrpsCRAV79wkZnFYR47M/yKJPnED5uWGJ8H3ILGevAjiIewwVz5oUYmQ==@kvack.org
X-Gm-Message-State: AOJu0YyMk0mo5IpxmB7WZjcAOGi4clmxFSrV9PjYwGtWeAwGYapuGJ0+
	ljyhfKMZGPNE1Udng6/d6Kmh/qIzH5Sv2hkrOr9jwOWpQMU1v+8priSDkcB211efS0AsYxwZJzz
	yM1Q6hqst/ALPv2kAwf7AyqEHKYjExx90gZEy
X-Gm-Gg: ASbGncvNjn0HOi/UbcWPdihpuWidUWBQw2SAP7MGHNQvSmLobNQ4TJdfqokzl5D2NhG
	ZKHBgafvQDf0FzXrK+ulo6CspfJhVre4nPBZUu4yrlLSrXftM0/5M/ghDIh0A
X-Google-Smtp-Source: AGHT+IH3t9USd84fCmCXjOCzqCQ4JB1S5NtY4dFkzxriLvAmrlk197UYZRHaBgLaOYTA3iviLUIOVZJbObKsBSEcwsQ=
X-Received: by 2002:a05:6830:3106:b0:715:4e38:a184 with SMTP id
 46e09a7af769-71d65d02467mr5511046a34.6.1733169914339; Mon, 02 Dec 2024
 12:05:14 -0800 (PST)
MIME-Version: 1.0
References: <20241125202021.3684919-1-jeffxu@google.com> <20241125202021.3684919-2-jeffxu@google.com>
 <Z0Tgp4WBPvJiojqG@casper.infradead.org> <CABi2SkWkD90ghRHO-1eV9oA9C2sy6Sdzj+3Z-jLzrm6dVGDXvQ@mail.gmail.com>
 <37817840-66d5-4208-b5d4-5f941ea6b95f@lucifer.local>
In-Reply-To: <37817840-66d5-4208-b5d4-5f941ea6b95f@lucifer.local>
From: Jeff Xu <jeffxu@chromium.org>
Date: Mon, 2 Dec 2024 12:05:02 -0800
Message-ID: <CABi2SkV9=LPYfzO9eWZmTxrie_pqLEDmv0pcYHwtRcL4Teuzfw@mail.gmail.com>
Subject: Re: [PATCH v4 1/1] exec: seal system mappings
To: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: Matthew Wilcox <willy@infradead.org>, akpm@linux-foundation.org, keescook@chromium.org, 
	jannh@google.com, torvalds@linux-foundation.org, 
	adhemerval.zanella@linaro.org, oleg@redhat.com, linux-kernel@vger.kernel.org, 
	linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, 
	sroettger@google.com, ojeda@kernel.org, adobriyan@gmail.com, 
	anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, 
	Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, 
	hch@lst.de, peterx@redhat.com, hca@linux.ibm.com, f.fainelli@gmail.com, 
	gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, 
	ardb@kernel.org, Liam.Howlett@oracle.com, mhocko@suse.com, 
	42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, 
	rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, 
	Vlastimil Babka <vbabka@suse.cz>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: AAD9DA0011
X-Stat-Signature: dfheyskkukn4kukt15wcpazywymmkrbo
X-Rspam-User: 
X-Rspamd-Server: rspam11
X-HE-Tag: 1733169906-608840
X-HE-Meta: U2FsdGVkX19Ats95ZWqXujIWHrXLiiLVuHNFaFWi/xU/WMpn+l8pCob8ebaSEo3xK0G7i9MiQmbmttVKMmekhuu5VtsIjnS+pHlZnOr8wv+JVzfIUMwJHC4Oj5cDlEsZhPBCbZ7HCfUydDIdjmrfgxRAp97PinWI8usWfThKqbvVeNIDXW662gm/Xpwxvz5F05bbfwr02vTBEHOPmPelTrVfRGT8KYLQe7sUl6kHqhU88PvezAneSiZ9EyKXdSCOdafuZ+5PgrvkdIohhaUsJG6EuFqb7cF5SFrgraCUH5yzQI4PMVodG0p+g26muYedkNDwpI/rTTWZm4cII68D2Zkb36/kNXXM7PP+w64vsmkk7Bxp9r0lnc58vgaS2d9VAWw5tsSwZ6LRAlJrK4JkuArGZHP/62XhGwUmql4zj+plhlmVhocSzz7i3hA92M9R2apYReveWfBmXGC9GiyFZKrLpW9k5DjNL6GU3H7p/vEunorsRn0gJHF9xOjjDTtbX3lGojBw5uuUZ2vtL0X/2srEhDrxZVOcplblVy1GqUy95+DEIk801j0nEeIDcz1N54QWkzJg1XkJPQPahgtjysij9NbNPxqPBa9+gwdAY9ykdpc+33Wy7wDsJIt+QeUbFFPy6GmR9X/JwIU2FE+xvdeO7pu/Pgj1iQnT8g30ON5V2Hc922bvBo8sTv3hz8lqdx8Ue5GAhaeeuU/ryKvB7Ry595BFJURnvVZqmZFRZET+++FLsvrgzOKLGsCz9qF+CdEKKNN32PkVZFzYBfgFYmNlAAjAwGf/7cvcFf8HhIimhPpqWZooiDpVMlAdbUVRFe/EuCdGPZcaUSY2DXUjKACzR5QEFIbw3j9uqjNLnWp86J8EAwv2Xw533AbjDSMKA1zxHaIkx05hjSYIbeetNDl+tLgOsIVhg3dXFgcpA2NDmX58H65efs9JZDdm4GYcB8F5J00B94mozuh/xuM
 LCT9jJZf
 vp2xktR9c1hNq3jqE7e8/e441gwemPFEDNwvlu3wURiSt6PY1r7/E/9AFjQgD4WR4sm8ik74jHCQMOTmmKWgC26RLKErfOq4GhCONbUhMS4lb8LuwOX6lbFcPPA/iI1x5kqrUNemYjYDoYvcnTHXpQ7D0tikDqNcwcFGSAtMfH43W/Kqy93DBE4m6TExzc5Zh/KZpLM6Mn95cI7vwRlup8DLaNVn5TCqCmURTpNeaJQAR5dukAzwkHvCNl0sTFhXx7/YOhoSDqRNrM2FCvK8QRxQ9XBZzQzuWvwkF3Tyv9t56dezcA1sxZq8XRpj9SUT9qBNB2r00eNxibri12INfdUcEoTfyZbM8aSpjHvtUyliPjsv2vn29fsJQdwYyq3o52D6kfqwbvCcauJ4JHLaiDhvEfMmrMumvd5Sfr1r5Q1HrYsbzx9Q/i8M+Ae8rtZAOWz2zX77wcjgW2zI=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Mon, Dec 2, 2024 at 9:57=E2=80=AFAM Lorenzo Stoakes
<lorenzo.stoakes@oracle.com> wrote:
>
> On Mon, Dec 02, 2024 at 09:22:33AM -0800, Jeff Xu wrote:
> > On Mon, Nov 25, 2024 at 12:40=E2=80=AFPM Matthew Wilcox <willy@infradea=
d.org> wrote:
> > >
> > > On Mon, Nov 25, 2024 at 08:20:21PM +0000, jeffxu@chromium.org wrote:
> > > > +/*
> > > > + * Kernel cmdline override for CONFIG_SEAL_SYSTEM_MAPPINGS
> > > > + */
> > > > +enum seal_system_mappings_type {
> > > > +     SEAL_SYSTEM_MAPPINGS_DISABLED,
> > > > +     SEAL_SYSTEM_MAPPINGS_ENABLED
> > > > +};
> > > > +
> > > > +static enum seal_system_mappings_type seal_system_mappings_v __ro_=
after_init =3D
> > > > +     IS_ENABLED(CONFIG_SEAL_SYSTEM_MAPPINGS) ? SEAL_SYSTEM_MAPPING=
S_ENABLED :
> > > > +     SEAL_SYSTEM_MAPPINGS_DISABLED;
> > > > +
> > > > +static const struct constant_table value_table_sys_mapping[] __ini=
tconst =3D {
> > > > +     { "no", SEAL_SYSTEM_MAPPINGS_DISABLED},
> > > > +     { "yes", SEAL_SYSTEM_MAPPINGS_ENABLED},
> > > > +     { }
> > > > +};
> > > > +
> > > > +static int __init early_seal_system_mappings_override(char *buf)
> > > > +{
> > > > +     if (!buf)
> > > > +             return -EINVAL;
> > > > +
> > > > +     seal_system_mappings_v =3D lookup_constant(value_table_sys_ma=
pping,
> > > > +                     buf, seal_system_mappings_v);
> > > > +     return 0;
> > > > +}
> > > > +
> > > > +early_param("exec.seal_system_mappings", early_seal_system_mapping=
s_override);
> > >
> > > Are you paid by the line?
> > > This all seems ridiculously overcomplicated.
> > > Look at (first example I found) kgdbwait:
> > >
> > The example you provided doesn't seem to support the kernel cmd-line ?
> >
> > > static int __init opt_kgdb_wait(char *str)
> > > {
> > >         kgdb_break_asap =3D 1;
> > >
> > >         kdb_init(KDB_INIT_EARLY);
> > >         if (kgdb_io_module_registered &&
> > >             IS_ENABLED(CONFIG_ARCH_HAS_EARLY_DEBUG))
> > >                 kgdb_initial_breakpoint();
> > >
> > >         return 0;
> > > }
> > > early_param("kgdbwait", opt_kgdb_wait);
> > >
> > There is an existing pattern of supporting kernel cmd line + KCONFIG
> > which I followed [1],
> > IMO, this fits this user-case really well, if you have a better
> > example, I'm happy to look.
> >
> > [1] https://lore.kernel.org/lkml/20240802080225.89408-1-adrian.ratiu@co=
llabora.com/
> >
> > > I don't understand why you've created a new 'exec' namespace, and why
> > > this feature fits in 'exec'.  That seems like an implementation detai=
l.
> > > I'd lose the "exec." prefix.
> >
> > I would prefer some prefix to group these types of features.
> > vdso/vvar are sealed during the execve() call, so I choose "exec".
> > The next work I'm planning is sealing the NX stack, it would start
> > with the same prefix.
> >
> >  If exec is not an intuitive prefix, I'm also happy with "process." pre=
fix.
>
> If we HAVE to have a prefix, I'd prefer "mseal.". 'Seal' is horribly
> overloaded and I'd prefer to group these operations together.
>
mseal.seal_system_mappings seems to contain duplicate info.

If the norm is against prefix in kernel cmd line, I will drop the prefix an=
d use
mseal_system_mappings

> >
> > Thanks for reviewing
> >
> > -Jeff