From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 50855C4828D
	for <linux-mm@archiver.kernel.org>; Fri,  2 Feb 2024 03:24:18 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id D05B26B0082; Thu,  1 Feb 2024 22:24:17 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C8EB46B0083; Thu,  1 Feb 2024 22:24:17 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B567A6B0085; Thu,  1 Feb 2024 22:24:17 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id A5CEC6B0082
	for <linux-mm@kvack.org>; Thu,  1 Feb 2024 22:24:17 -0500 (EST)
Received: from smtpin02.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay05.hostedemail.com (Postfix) with ESMTP id 77409406C2
	for <linux-mm@kvack.org>; Fri,  2 Feb 2024 03:24:17 +0000 (UTC)
X-FDA: 81745420554.02.2D5E953
Received: from mail-oa1-f51.google.com (mail-oa1-f51.google.com [209.85.160.51])
	by imf11.hostedemail.com (Postfix) with ESMTP id B98894000B
	for <linux-mm@kvack.org>; Fri,  2 Feb 2024 03:24:15 +0000 (UTC)
Authentication-Results: imf11.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=MaDH2KIs;
	dmarc=pass (policy=none) header.from=chromium.org;
	spf=pass (imf11.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.51 as permitted sender) smtp.mailfrom=jeffxu@chromium.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706844255; a=rsa-sha256;
	cv=none;
	b=k8GVrAcnZJWZgjAEV2YKPQXK6yENHpRJQwzip37wOY1E2eLM5Hy32Ow8RR15rTgHk4PsN4
	wAsEH/2Rpms+V5rhfpdUB3zxfoKL5hH/aiNG+MvAF8+OKfgCfLrBnVpMrx223SAZz6BwZY
	Nr0qhT/51tHs/vMw0Lu4StH466NKlfw=
ARC-Authentication-Results: i=1;
	imf11.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=MaDH2KIs;
	dmarc=pass (policy=none) header.from=chromium.org;
	spf=pass (imf11.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.51 as permitted sender) smtp.mailfrom=jeffxu@chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1706844255;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=SC8wVnR3b9FYoU326Hexqhd8UbKzrj1qBSp3p+CBSZw=;
	b=4yXpWRykOtXxM5Q1YBxaPi8vUX8hZmMpDn4tyMGVE0drfl7TOyjSOEft6O7Ve2ls0eJDQ1
	lhu0Exn2f/SNBXylnyPJmSNkUVd/LGqwx+ykDyY8DrQG4fnLlBL4OHFYnnlkRdLDbzQ7qb
	AoF9jdizLrrIPDacDv13M75IWRMavmc=
Received: by mail-oa1-f51.google.com with SMTP id 586e51a60fabf-21428d99395so1220184fac.1
        for <linux-mm@kvack.org>; Thu, 01 Feb 2024 19:24:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1706844255; x=1707449055; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=SC8wVnR3b9FYoU326Hexqhd8UbKzrj1qBSp3p+CBSZw=;
        b=MaDH2KIswiDdgAbqKpgpsV76Iw25vGTjJDUuz5WhuI8OuE9quq9LhzXiWAXjbMrVos
         MtiwR3ch1/ny8HnBEfHjqAKzV5baUHoibyLjj9xuWSGd83Srge8WCnpVzUM7crvGjDwB
         ET8nexgZsHk9Ze+mMV9BY1dX7Fhv6zyyQ7SgQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1706844255; x=1707449055;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=SC8wVnR3b9FYoU326Hexqhd8UbKzrj1qBSp3p+CBSZw=;
        b=QuWoEZ6hUG0Da9REFLB++kJkwFbuf2vABsWeB9lx9G1ujpHh95fXOW1KCqcytUd/DC
         abXPeLFgoiwpgHX65xtCjjUaAXRVRfrxYNBwhZklIK4Ts0V8azzfuR9WGq57a82PJ513
         YgNXPHTBDK4wVSuHN7iDPrXIxCTAEsW4AQQpvNS7bE5HCT4a8nwGID2eziA6MO2HzT8x
         JWh5YLcb/5dVFjRwnIs89Rk3TsQlLnvNr0Mq0oM203jlV5/JI23Kgblm1Ptz32bRuqZp
         6ID6MxG25PNzUKBSuP8rq5gUO0cM2OfmmnhJi2MgLDIA26JDwFusq728KmtowPpvAxap
         l2iw==
X-Gm-Message-State: AOJu0YwmMs+6HNU/Ry2BKcZP62/6WNFB5pm+AlJtGuCDrqxPeNXli7AC
	g2wgBe0fFFNcyEVp+Sf84dSNA+V2l9RWfYM1eQqb64TC3o1vjHWYfayRTnNcXkN9g5UZ3CaUzXM
	gz1hjF45oZuDWQlBMKhoEFvWnauyP3rZXrAhr
X-Google-Smtp-Source: AGHT+IFVtEYMlNn1ZPZd/WSM3dio26Xfg8lvB4X5Uex93ZbRv/CK5G/PNTz+uV80oEs86/m1pkKQAtE0anCQk5ztgRg=
X-Received: by 2002:a05:6870:b49f:b0:219:1f9d:e0d9 with SMTP id
 y31-20020a056870b49f00b002191f9de0d9mr161830oap.29.1706844254829; Thu, 01 Feb
 2024 19:24:14 -0800 (PST)
MIME-Version: 1.0
References: <20240131175027.3287009-1-jeffxu@chromium.org> <20240131193411.opisg5yoyxkwoyil@revolver>
 <CABi2SkXOX4SRMs0y8FYccoj+XrEiPCJk2seqT+sgO7Na7NWwLg@mail.gmail.com>
 <20240201204512.ht3e33yj77kkxi4q@revolver> <60731.1706826280@cvs.openbsd.org> <2024020137-hacking-tightwad-a485@gregkh>
In-Reply-To: <2024020137-hacking-tightwad-a485@gregkh>
From: Jeff Xu <jeffxu@chromium.org>
Date: Thu, 1 Feb 2024 19:24:02 -0800
Message-ID: <CABi2SkVb1goM95FT5v2K18NHbaLitLpK6fL+wE6Y47z8yvW0Nw@mail.gmail.com>
Subject: Re: [PATCH v8 0/4] Introduce mseal
To: Greg KH <gregkh@linuxfoundation.org>
Cc: "Liam R. Howlett" <Liam.Howlett@oracle.com>, Jonathan Corbet <corbet@lwn.net>, akpm@linux-foundation.org, 
	keescook@chromium.org, jannh@google.com, sroettger@google.com, 
	willy@infradead.org, torvalds@linux-foundation.org, usama.anjum@collabora.com, 
	rdunlap@infradead.org, jeffxu@google.com, jorgelo@chromium.org, 
	groeck@chromium.org, linux-kernel@vger.kernel.org, 
	linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, 
	dave.hansen@intel.com, linux-hardening@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspam-User: 
X-Rspamd-Server: rspam06
X-Rspamd-Queue-Id: B98894000B
X-Stat-Signature: 9rf99f8rbiis5yp9d6am6cyoa87nukr8
X-HE-Tag: 1706844255-56124
X-HE-Meta: U2FsdGVkX19DkNIZHT+Uct/eEsjp9Oq3c8oB4X9ZF/SGNThtWt6XCbULU+pCwJnCGGtWsPJC9uJ/n3v3alF9RSo15NImWp97/8fXO52WD5nWmMq2SZfHQqp4XjandqCy1lRtuuzODngvZ+crFJqmSEbnrNhLFJNwRdqQKSJvQozN96R8rIvsNVV52XLkQjhBS0eIj6LlM/98K2NTdexNSNHz2TP0BJmglCd7A7parjq9zIp8R4ul8Q2jXnv/jOmm7ne72RIz37KBzcpCDeW58LVCG4QmczKGKG4lnrop9oniBwfAAp4yz1thoRYh0a3R0/AEPsabX7x3t/KMii7sK4l6rH9P6AweHtUsbAg60hbZD55kyYnZ0MByqQSUpiYnCEykwhiA4iBRvs+S18lXwu41jaH+1bWu67C4D0kWC4n7MEMeZqdmFcRnQFJyZvO+M7xJjuEFc+h6zjXCTbpGFCBhP/dUDMhqTMy5Bxwj6a1eoefYHLPhYYljYAVodLS6zLkXjLLJiNxbK9QTZKIiQrWTkj0s1Fgb1Wzw3ENXf0Lp7DIk/O2tPdVzJiOfRc5SSPVdy6RtU5pVTjXuuJZ9tMBmJm1rrAJjPJClgS9dMnCPqoP2kszKWHAPPPERVqjok0Azww+THasCX86HAN6yTLM9sUvBXO7lyiNaYttCgJetE2cX0nlfI12yfDTZTFhgA3H8QeNQMEHtUSeL1zly2pBRG1rbmAr05Hml0T/KE6eNgsRlSjkTHyqlYf3KdosJMf5A8TT4TyR9KNTpPXsa42hJwBzmCcZEfoTH5Ho1RBgQnJdsvzxlvQdPzn1FjgOyW2dO6GzoFqkhIWtxFxLH1XKZTuDiZLHNbDLE+jOHLbyguNemSiFDdKk/QlV8m4cb3635pa5y0WV+S7nWS7TF6jaQgHury3WlQyxN6mm6Rt2atmq8hD0OnBd+KshOts9WLcLNK2Feh7KGCegt6Mx
 FSdTB2G4
 dVlCI2HNG5Rcx0WdGMFdo+qqmyJbnimnZsr9piFQm7zOcZPb+M7SoMLm9Hp0VLqep3DPUa3l3VufoKCQNvGNySVZbkqRaQWAgK99s5j/Y9vFpEv0MD0zuZRjD2afDLgvrn3hJvsOTF+L30eMCQjDoHL6di+WMiqUMPKY5NBuABLyO/WBOGCeE9T41Kp98KJ8SNiRXy4cCoGX28atnMhFHY/pMrdi2rGajn/340bfvFZfZqkZNqE+dH2L/l5SSRqsNmPMi48ZKnO32kpRVq5vtW2M3ve8KuKL4TCy25sYLSBh8jmFuuSDvPeRU0o1pdmiTtF2M366aTCsUTwC3jaH13rdbUOFEf+L9YsHsRDTJB+yKFUw=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000002, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Thu, Feb 1, 2024 at 5:06=E2=80=AFPM Greg KH <gregkh@linuxfoundation.org>=
 wrote:
>
> On Thu, Feb 01, 2024 at 03:24:40PM -0700, Theo de Raadt wrote:
> > As an outsider, Linux development is really strange:
> >
> > Two sub-features are being pushed very hard, and the primary developer
> > doesn't have code which uses either of them.  And once it goes in, it
> > cannot be changed.
> >
> > It's very different from my world, where the absolutely minimal
> > interface was written to apply to a whole operating system plus 10,000+
> > applications, and then took months of testing before it was approved fo=
r
> > inclusion.  And if it was subtly wrong, we would be able to change it.
>
> No, it's this "feature" submission that is strange to think that we
> don't need that.  We do need, and will require, an actual working
> userspace something to use it, otherwise as you say, there's no way to
> actually know if it works properly or not and we can't change it once we
> accept it.
>
> So along those lines, Jeff, do you have a pointer to the Chrome patches,
> or glibc patches, that use this new interface that proves that it
> actually works?  Those would be great to see to at least verify it's
> been tested in a real-world situation and actually works for your use
> case.
>
The MAP_SEALABLE is raised because of other concerns not related to libc.

The patch Stephan developed was based on V1 of the patch, IIRC, which
is really ancient, and it is not based on MAP_SEALABLE, which is a
more recent development entirely from me.

I don't see unresolvable problems  with glibc though,  E.g. For the
elf case (binfmt_elf.c), there are two places I need to add
MAP_SEALABLE, then the memory  to user space is marked with sealable.
There might be cases where glibc needs to add MAP_SEALABLE it uses
mmap(FIXED) to split the memory.

If the decision of MAP_SELABLE depends on the glibc case being able to
use it, we can develop such a patch, but it will take a while, say a
few weeks to months, due to vacation, work load, etc.

Best Regards,
-Jeff

> thanks,
>
> greg k-h