From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0CBEAE77188 for ; Tue, 14 Jan 2025 23:41:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 73F7B280002; Tue, 14 Jan 2025 18:41:16 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 6EF2A280001; Tue, 14 Jan 2025 18:41:16 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5B6C4280002; Tue, 14 Jan 2025 18:41:16 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 38254280001 for ; Tue, 14 Jan 2025 18:41:16 -0500 (EST) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id D561B1A05B4 for ; Tue, 14 Jan 2025 23:41:15 +0000 (UTC) X-FDA: 83007680910.22.86FC18C Received: from mail-ot1-f52.google.com (mail-ot1-f52.google.com [209.85.210.52]) by imf05.hostedemail.com (Postfix) with ESMTP id D1B9710000A for ; Tue, 14 Jan 2025 23:41:13 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bd5nIYon; spf=pass (imf05.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.52 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736898073; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3B8j00eSEg37fEaAXzPpRwW6KIITIMSCXjNxb2TcjAI=; b=1s07uWsejU1v/KFCAX6pEXakzpXvNJ1GvNPzELMxwExKQ89bxnawLc4wpHukzeXM8bBRzo 8mieFdaNr7zTknJfF7m6oMvpQIX/aCHAvS6ja2J6mTy8duOMETHUYPp0k2ytC8DU3KvfOd aZlvHAPTdVkV8VGeUyFM3tFoR3enZk0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736898073; a=rsa-sha256; cv=none; b=N3Rf9JiZFLk1zUSdsmhZBUwoFKWYW6hQBdt8w+WrRtxTdRqRIojXa0iQVpHxLD1J91qPX9 lHvazjXQvRw2TIkc804gcwMC2pltQlce/B0rOQBJKdN1DZ9fOm3qNdpQ4EFcjjeNx5o5r6 O8Ea+ZZCNzINBJaQbvFuMx9VfYAYdvI= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=bd5nIYon; spf=pass (imf05.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.52 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-ot1-f52.google.com with SMTP id 46e09a7af769-71e2ddb6fc1so350274a34.3 for ; Tue, 14 Jan 2025 15:41:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1736898073; x=1737502873; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=3B8j00eSEg37fEaAXzPpRwW6KIITIMSCXjNxb2TcjAI=; b=bd5nIYong1beILOPr3S42svJwvZbhU1obpzzBsGoug7caHMhK2TcxKgbHwvpU6W18Z cEmao9b0+kbkiQ6RIAqLaNDPCbDMb8zmJMtpvckmzOnKszzF3k1cgz0+Nyf3OuEF1BBF sxZDiZzigYYfGx1o5/1l9UW5/FzqWdJXXr2dk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736898073; x=1737502873; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3B8j00eSEg37fEaAXzPpRwW6KIITIMSCXjNxb2TcjAI=; b=pFlP892vKziYig4qFhXu+MQy83tVitVGG2WZt/JlbFQaH78yjmu0D+Abtwl+0pCBRC 3YCEYKf2/+pPf40+rZxqLhw/HpcUz3vaIhrRDvJL5QNwgqjp8C8c+9Jrysyjv1U7Lel0 7SlSkHofGWgSZg7giGS5ZpshVPikv6RDBNAmiqnnEQ0ocLU7a/UJLdEDrxEqI+TgH0pq +EOnmTAS450yKE63QqeHsyxtlHjKM8ylgbFg7oIqnQ+SveeWvuOVQ0mmxs8ue5QT5jRb hHhV0kMX6K+fYkemC9Xz4CUZ+KNfCD9+Bw2M+iXcGhkQdGq9GUPLeDr1+ksTXxlX9Xvd FeTg== X-Forwarded-Encrypted: i=1; AJvYcCV9yKB/tys9DfbhL8xG+9glbWThVp7afPf8+ExkIq2eHOuVhbdkETYpEo23YPgeNuKEQ/cbkHYv7w==@kvack.org X-Gm-Message-State: AOJu0YzdEnhYknpli3nw4GUNU/gZUQTHVob9OxX9xyoiuKQolCPpFCz3 6c032xVa/yjRamEkWa5/N9GgvojTsBHRvk0RIjlrVgU94Q9ue8W2XNOUIpJcqeQAbfFb4dpCupd nBVfakq6O9AdNiev1knla3BM7xNsutLJGcnAC X-Gm-Gg: ASbGncv+RCET6Cy4X9GPSqnejPyHIwPC1+SjogpnSoHSxuhvKn+cHGxhvmTAhPWcIbt ni0a7IPGd+GMxP/yZTC9pFEhlSqEN1w5WdicmySY7Ih69Qer7FLc/qP0F/Td0sXDKM5I= X-Google-Smtp-Source: AGHT+IFsxdxAj5uDDfRMODfRkctmdNwKPiaPnxX0N+8IXey09stJ81ZQL9rOFw9h/m9QU/FLiQYhIIqpyweJHxf243E= X-Received: by 2002:a05:6870:2a43:b0:296:8deb:d14c with SMTP id 586e51a60fabf-2aa068070f2mr5322435fac.8.1736898072710; Tue, 14 Jan 2025 15:41:12 -0800 (PST) MIME-Version: 1.0 References: <20241206010930.3871336-1-isaacmanjarres@google.com> <20241206010930.3871336-2-isaacmanjarres@google.com> <0ff1c9d9-85f0-489e-a3f7-fa4cef5bb7e5@lucifer.local> <202501061643.986D9453@keescook> <202501141326.E81023D@keescook> In-Reply-To: From: Jeff Xu Date: Tue, 14 Jan 2025 15:41:00 -0800 X-Gm-Features: AbW1kvaFU3ktWHZsWot8W04v-eF2GY_9VBvBnGe5wzGI_v6Sbb1GKmM0Ti_6fT0 Message-ID: Subject: Re: [RFC PATCH v1 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd To: Isaac Manjarres Cc: Kees Cook , Lorenzo Stoakes , Jann Horn , Andrew Morton , Jeff Layton , Chuck Lever , Alexander Aring , "Liam R. Howlett" , Vlastimil Babka , Shuah Khan , kernel-team@android.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org, Suren Baghdasaryan , Kalesh Singh , John Stultz Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: D1B9710000A X-Stat-Signature: 1yhbjikdun9km6i94dfgu9cfg7cj5g5p X-Rspam-User: X-HE-Tag: 1736898073-849737 X-HE-Meta: U2FsdGVkX19IVZYXIVLmGyrB+KNO50xJp8hQplIMIdlY1yhk0zHz4lG/vgGIzOEoQz50CX92Dg6ovnY3WEb8ziwggKAdUomg+Rz3001EM4sTuP7NBfE+stEpRmpc3Yfk0/OuuFQ+lNtCzkDVraRzjLY4ZZD058P8nWuq/UFfZFgF8MT7tCD7GqJGb1Cn7LolULG9g5HYgV4ALD8Ir0MwNmdm9lzR5U3CQvB+4DZYHkUWnE6SbvdwCKkP7Cu4Jx30s0atblGx98arGJOr1GCA79pXH6n2O8rM0K/I/mjSIpOpkhGPsWAJMQqOAZywGWjO4VVLR7/nUIiLU3/UxTGCwerWl14niR+dx/oWmJfEM44VMbonWoFI2Fte/IGw93upn/90yZGHZEfLjyPDB074mZoGB3olfSRR2/tg+Jk4sWOe9JP7+W8IZh7JBAMRtNfS8hGuQpcW0pltePFSZgAlytimO5IMrHhcwLoPa2W9ZL91Cz3gkowoX4gmZ+CpbhFmbmfB+NJ078vDX7GxU4vcQcvwuGhI87bmTxQ8w2J2FnPyKSNj6EKX2oGeyjxfpdKlwbivKTJXUpcJRzEge8FT4liBq6bTFzJ9+4yWJ+ykiXB2r75QpyJW6ZfSe7kN1vHWnB2xCmF1QwPAjxTYnJ6ShxpOfl3X7VC+OR7c4WvRbLOMO73yIF+GkbAUIsv0DKWszGu1LBgcOVDcOgj3l5utzIpnyQpJrDJlbzP93f/3VGa6U6NmvsdpTaFeqnNO4VW+GNg0igsCWf3l6Dkvy3H5NdPP2tDf3OrzpP7cr0IzQIoXXee5rAG97sQE+g4I6dAxCx+edl8LLcR/AX6UlgG9JD8eKGE0GRe+nat9gRhwfLvrF0GHvlldXzCtUTWfKyEi0g/09Kv6n5L+98ZkOMKVf08lrEAx3XfRLNxnbMK6hJMJDAbivIdojq/9WKVA9yxSbtHeUufOAOvslpPM7Fm yXIhEB2H EC9Fo1bJ1LJEec0c7p6n4O1KL/fP7c3d1kFzsKgA30EbnKsZTDiMWrJst6RyxXzF9MnEczXsCXkwSeXmAxA9wFtsfeBylhB/nLr/AqxtOOhcThK1zlwM2VtD9DHIsT3xmpEHqMJHjxKKEhmQtL/E2+uvH8Da5difFYF7lSfLEm9A/TRFtW5FlDw5bjrTjkyXrUJpb8gG9unjp48ntH0kWIe/ifJunyeC+dU6y2l8DI6tK5alZqMd9LQmgso5UARWDTSzK8xMFrfYU9JkY4X193QYLMmxF3wD5PLEF/YBPpQ7qBYIM6c+jPZC1ijpHz4BGglkZF32ao25FICOE9fQNns4rKQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.449443, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jan 14, 2025 at 2:42=E2=80=AFPM Isaac Manjarres wrote: > > On Tue, Jan 14, 2025 at 01:29:44PM -0800, Kees Cook wrote: > > On Tue, Jan 14, 2025 at 12:02:28PM -0800, Isaac Manjarres wrote: > Alternatively, MFD_NOEXEC_SEAL could be extended > to prevent executable mappings, and MEMFD_NOEXEC_SCOPE_NOEXEC_ENFORCED > could be enabled, but that type of system would prevent memfd buffers > from being used for execution for legitimate usecases (e.g. JIT), which > may not be desirable. > The JIT case doesn't use execve(memfd), right ? > --Isaac