From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D7C5C021A4 for ; Mon, 24 Feb 2025 21:08:25 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0815B28000A; Mon, 24 Feb 2025 16:08:25 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0312A280002; Mon, 24 Feb 2025 16:08:24 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E3B1D28000A; Mon, 24 Feb 2025 16:08:24 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id C7253280002 for ; Mon, 24 Feb 2025 16:08:24 -0500 (EST) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 7BF4247B76 for ; Mon, 24 Feb 2025 21:08:24 +0000 (UTC) X-FDA: 83156076528.26.3D4F0C4 Received: from mail-oi1-f178.google.com (mail-oi1-f178.google.com [209.85.167.178]) by imf13.hostedemail.com (Postfix) with ESMTP id A91332000D for ; Mon, 24 Feb 2025 21:08:22 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=MbYGqUoQ; spf=pass (imf13.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.178 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1740431302; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=LqwUM7z/MlyrwkKgNvJiV6cUle8dIMYryU69NwoTdgI=; b=z6NrqQfsPEJsuJL0Gdt1fJvPUlIuG9fN+Unx0BJuNyIkK/SF66hHGTzN23K4sQdpJwrV1X Qko4CgThqPbzpu5s44Y3Flu/K7fAmp5pneZ42uT1P6/9EiO10Ln5sYVYlx3UbR493+P+Lz QYE8vnNoidXYTrVJkuLoWtW+Y0SrzEU= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=MbYGqUoQ; spf=pass (imf13.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.178 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740431302; a=rsa-sha256; cv=none; b=kVGEdi6q+XAGFAKk862bC1OUJNkp9t/nFl1Vq79BzSG0yhb0KhtRz5uYQC6SL0dg9kpQx1 1HRCrVLwtkuNqwXloaWCcZhDnptsNbctstcK8npT7WQnVX1WxzvaWdfpGvmIzZAv4oMci2 nrqbKiZ0GKpwXF7b58tovp73PD/gVF0= Received: by mail-oi1-f178.google.com with SMTP id 5614622812f47-3f409ca7c14so100288b6e.3 for ; Mon, 24 Feb 2025 13:08:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1740431302; x=1741036102; darn=kvack.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=LqwUM7z/MlyrwkKgNvJiV6cUle8dIMYryU69NwoTdgI=; b=MbYGqUoQpJB4NozVEkXt5RM5CbNiZqZiQqq9iVkp6D+OGGVLnr1EXWdsOclft4Urjz 1onE66Pg/3KfEuQ/R+XHKqYvq6+65nrwPmZhJJ684OXSm4Vt4bkUF0U2spKhs52ta0je PqHmuuDGd7uNO4CZuelyYgRHT038nrb8cqb3Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740431302; x=1741036102; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LqwUM7z/MlyrwkKgNvJiV6cUle8dIMYryU69NwoTdgI=; b=pxst8IGLWsgo8uhe37XZSLgg3GUA8E7gnNheAQoSxBUyuJg9DM9kznRos6QdS16lR1 i6NUIx2IsccDWvUacMMfX0crCX8u/GtC/AtR0YqgHmgj9DsrC5x3dk3uCQfTsym6Xatq N9ieTP6QZvFOENjxolkDsOgGeyIptu/cbilRMsJdybxmBPruA0KKWMdCWwp46MueWgJG DtX0IANpOhRXlOma2qN9Osa5fYxA+CR4ErJHW9HTeufm35RRy9wtMakCjQaOK4nbCOmM V3UsKtaZWrrJsYxPgPexpfbU90Div+82xbcBuLIEH2LpvQ7ayabu6r30vUMxdMDJhUJr wmaw== X-Forwarded-Encrypted: i=1; AJvYcCVgFhPpRY5aLWyEfgL1loMJJ/40yQjokdJNEzLzQUUwj6N6E+QU/soxl4QscI8FxlVp/rQXT1u99A==@kvack.org X-Gm-Message-State: AOJu0Yz6aFzyRlC9EtlE1m6Pm7/z0a5a773rfIaT5QQI6OuZujaBrkNv areck9zucfHMn92Wsk1mwsxYofm9EtRZTVa3FZ5MHgnTLZa6ch5InsLkZLCKFXURbuixoUMTpL8 5jI60yXQKSLfqXrxafxds/ys+2qOBC9f6NyjA X-Gm-Gg: ASbGnctYD/PfykslyAv7M6e/KDFyPvk0+sh2gdmPcfa8Y53pmqsO58nHQHyhBEiqKkA zLbvZWvtLG5ItYcaYHfS1+u75R8y6GbN6Azq3iBs841QB3pORt6Z+D5JDECX6POcThBAxWK/rdp jP+Q7wYiCz56MUqWyPi7vUD0gPhI7Vuc/Aenso X-Google-Smtp-Source: AGHT+IEyLdD3QO29qr9sIDUjsytjn1KwgsoakcrCoJ1Ge7lYHKGmGvOWBLOc9ojbyxwW1LykKldxYU6ZYSJ+uRm5UBo= X-Received: by 2002:a05:6808:1598:b0:3f3:ffde:7718 with SMTP id 5614622812f47-3f42479a661mr4694342b6e.4.1740431301718; Mon, 24 Feb 2025 13:08:21 -0800 (PST) MIME-Version: 1.0 References: <20250224174513.3600914-1-jeffxu@google.com> <20250224174513.3600914-2-jeffxu@google.com> <443992d7-f694-4e46-b120-545350a5d598@intel.com> <3nxcy7zshqxmjia7y6cyajeoclcxizkrhhsitji5ujbafbvhlu@7hqs6uodor56> <202502241123.D398A24@keescook> In-Reply-To: From: Jeff Xu Date: Mon, 24 Feb 2025 13:08:10 -0800 X-Gm-Features: AWEUYZkeA9uH_WH28esMZG2-V_Fo4Bt7LyXoWGFWIzH4LgxhwR4_Q7Am0Wxgglw Message-ID: Subject: Re: [PATCH v6 1/7] mseal, system mappings: kernel config and header change To: "Liam R. Howlett" , Jeff Xu , Kees Cook , Dave Hansen , akpm@linux-foundation.org, jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, hch@lst.de, ojeda@kernel.org, thomas.weissschuh@linutronix.de, adobriyan@gmail.com, johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: A91332000D X-Stat-Signature: 5dg997ke5onour3nqttbmy8e9iq5t5f5 X-HE-Tag: 1740431302-468791 X-HE-Meta: U2FsdGVkX19Fi9GaBl9AVsCCH7HA36ZujjCCS1XTpdZ28S7iY8DWvTxqUDiR0zZXyz2WnZDGzU0ctG6R8br3Ba26euZdQ07sTdRPQN+bA6tEevEuT5myiFJ/XkFgBH516yG7jnuYEg8BpHmIEyZ0y0PL7A3CYVPswAHfuiZPDwRFsRSi0+hxKvX6zz7/E1bOi3QM2LK5NYa1gxXZIJljc+oS8LuieqUMKBEnMCvbYqptRamuIWe+r/d9O+Im9Jedz5QtpDwuAKThaHIxIorYDZk4YBwfB0GCd8B3Wid8M6SlAs0a8HTphjDb7MiEZC2nrR8KzvYqXrdUwMVpevaWfWSjQkjjQZq1T2V0RrTvBcOxQl9D+yvT4dFsx9mJJIOwNn983vldg8ef1ZOj7Kmw2kBuOXBaD8oybZ5JY/XbyBLly4ef8DhfFL7mYY/1FvZGtENGA82VruYcb9cN5yobY6kqobIk0J8obfoC8Wc3Tnx5gUIMnAJEHCR+Yw59DMno6r+kewrpxwP8PZzXNDhepwd7/TUV6qcTv1s2XVnuabFyHFE50rwGDQoiNkRgtdPKwemCvNZmFHOX02jcPdjBO4LhKkVY3V563q7VIHwyRl3EAFuWJdoYhO4/zd2zqd/4PJSadYNWQv2dGfnP+BRDOXdUldbPSKsLPkg/cf86+juY5BwVcgaLIjW6YiqRHxl6tIRxkHeqUdWrsFfApZWQ0VL8kTZoNP3Yvp6gU1Qhs1ykD2eZcO/AJD/g7ILS+BAf7qh6WOD7qgyL709i5XqKMFSlI/u8LwdsbekPZpndPY0OVdUmDgfyac/0k0B2Gsp2BgDf5hSBBaqH1kXwArycbiQbTmbtMteV5Ch+/NUDVODy4rMYxZOkuSVRuJ6/GON+2ArOmVdUtQCDnqFD5T/LGDFA0zcPYLCuOJgFxOniOGwRn90nApta2NHuMZiomh+51bwn5N4Dhkikkr2xMJy tFnA6ex6 E9k8+182HxKjqI9HRbId9LMHpBPYyPXggV6znQRl+kSsu9+37N0t5Truyv+WBCJIaym/RYAj0efR83Q+77i1NYyoq0qsUHCDXA/H0yweK/dlI8cujHle3NdfwBRfwirDpJykNEchX6R0UYkTEVPdv4ye6Rls1reEnSX5XTSovMFTLGeF4vO+lOdDNiX1J1CKqY+mXt0+bTrwDou0IBUoUjLE1yVakJdZWBImYdr60R0HyKQkY2Ldzpdxttf5Mus/RlbmlCMZGFqlY5qhye9L3Q1SR/VJuPrxH/w0y39ba4EwYerSpFUEy6reCuOodRuvWcs0g9624dnmFzBgHRhoL7nmC9vJKvLLjd4p2aXovccITUhs= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000038, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Feb 24, 2025 at 12:13=E2=80=AFPM Liam R. Howlett wrote: > > * Jeff Xu [250224 14:42]: > > On Mon, Feb 24, 2025 at 11:25=E2=80=AFAM Kees Cook wr= ote: > > > > > > On Mon, Feb 24, 2025 at 11:10:22AM -0800, Jeff Xu wrote: > > > > On Mon, Feb 24, 2025 at 11:03=E2=80=AFAM Liam R. Howlett > > > > wrote: > > > > > > > > > > * Jeff Xu [250224 13:44]: > > > > > > On Mon, Feb 24, 2025 at 10:21=E2=80=AFAM Dave Hansen wrote: > > > > > > > > > > > > > > On 2/24/25 09:45, jeffxu@chromium.org wrote: > > > > > > > > +/* > > > > > > > > + * mseal of userspace process's system mappings. > > > > > > > > + */ > > > > > > > > +#ifdef CONFIG_MSEAL_SYSTEM_MAPPINGS > > > > > > > > +#define MSEAL_SYSTEM_MAPPINGS_VM_FLAG VM_SEALED > > > > > > > > +#else > > > > > > > > +#define MSEAL_SYSTEM_MAPPINGS_VM_FLAG VM_NONE > > > > > > > > +#endif > > > > > > > > > > > > > > This ends up looking pretty wonky in practice: > > > > > > > > > > > > > > > + vm_flags =3D VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_= PFNMAP; > > > > > > > > + vm_flags |=3D MSEAL_SYSTEM_MAPPINGS_VM_FLAG; > > > > > > > > > > > > > > because MSEAL_SYSTEM_MAPPINGS_VM_FLAG is so much different fr= om the > > > > > > > other ones. > > > > > > > > > > > > > > Would it really hurt to have > > > > > > > > > > > > > > #ifdef CONFIG_64BIT > > > > > > > /* VM is sealed, in vm_flags */ > > > > > > > #define VM_SEALED _BITUL(63) > > > > > > > +#else > > > > > > > +#define VM_SEALED VM_NONE > > > > > > > #endif > > > > > > > > > > > > > > ? > > > > > > > > > > > > > VM_SEALED isn't defined in 32-bit systems, and mseal.c isn't pa= rt of > > > > > > the build. This is intentional. Any 32-bit code trying to use t= he > > > > > > sealing function or the VM_SEALED flag will immediately fail > > > > > > compilation. This makes it easier to identify incorrect usage. > > > > > > > > > > > > > > > > The reason that two #defines are needed is because you can have m= seal > > > > > enabled while not sealing system mappings, so for this to be clea= n we > > > > > need two defines. > > > > > > > > > > However MSEAL_SYSTEM_MAPPINGS_VM_FLAG, is _way_ too long, in my o= pinion. > > > > > Keeping with "VM_SEALED" I'd suggest "VM_SYSTEM_SEALED". > > > > > > > > > How about MSEAL_SYSTME_MAPPINGS as Kees suggested ? > > > > > > > > The VM_SYSTEM_SEALED doesn't have the MSEAL key or the MAPPING, so = it > > > > might take longer for the new reader to understand what it is. > > > > > > I think to address Dave's concern, it should start with "VM_". We use > > > "SEAL" already with VM_SEALED, so the "M" in "MSEAL" may be redundant= , > > > and to clarify the system mapping, how avout VM_SEAL_SYSMAP ? That > > > capture's, hopefully, Dave, Liam, and your thoughts about the naming? > > > > > Liam had a comment in the previous version, asking everything related > > with mseal() to have the MSEAL keyword, that is why KCONFIG change has > > MSEAL. > > > > How about VM_MSEAL_SYSMAP ? > > I don't recall if it was this set or previous ones, but seal is becoming > overloaded and having mseal would have been good for this one. > > VM_MSEAL does gain more greping, but since we have VM_SEALED, > VM_SEAL_SYSMAP is going to show up on VM_SEAL grep, but not VM_SEALED > greps. Maybe VM_SEALED_SYSMAP would be better for searching. > OK, I will change to VM_SEALED_SYSMAP -Jeff > Thanks, > Liam > >