From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF5E9E7717F for ; Mon, 16 Dec 2024 20:20:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5A4986B00AF; Mon, 16 Dec 2024 15:20:46 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 553726B00B1; Mon, 16 Dec 2024 15:20:46 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3F3CF6B00B2; Mon, 16 Dec 2024 15:20:46 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 20F556B00AF for ; Mon, 16 Dec 2024 15:20:46 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id A6A66B088E for ; Mon, 16 Dec 2024 20:20:45 +0000 (UTC) X-FDA: 82901939820.18.DE888EE Received: from mail-ot1-f53.google.com (mail-ot1-f53.google.com [209.85.210.53]) by imf13.hostedemail.com (Postfix) with ESMTP id C5E0020016 for ; Mon, 16 Dec 2024 20:20:14 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Nwr0yErT; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf13.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.53 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734380429; a=rsa-sha256; cv=none; b=1roFKWyqObAfSWrRbDv+booFmA1lk+jr7O4np+261GasAyz6/wXrsW/0Z74xBMJtGgBq4N C+HyOy69oXiOBgKipEzMrqJd4RjGvrd39IIfdu/hGeOIu3d0ZlqYfNLS8hjQsJ2S9SuF8G FoAZGDYBGso9iDQ2a8C6pfd5VW4vLHU= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=Nwr0yErT; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf13.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.53 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1734380429; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=v0nUfHmf9d9Ek70SiUd7v65urIcv6PcXEuQBmXQvaC4=; b=DzxQU/rmPH2+ncYS44izrBmDImAVPRZvKL7Whibhtj66msAtcOktKgtXG5P2jmRwmF6Uc6 +RmMGxqZgJxr9zer9gQhHoSVWdptoGaUIJjSzmJT9LD+bjBH1LVz1aVkjoq8RuwbyM80Tu YeU/HmwIEr/b8D6F/Apqq/KFwP0WQaM= Received: by mail-ot1-f53.google.com with SMTP id 46e09a7af769-71e4b10421aso211228a34.0 for ; Mon, 16 Dec 2024 12:20:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1734380442; x=1734985242; darn=kvack.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=v0nUfHmf9d9Ek70SiUd7v65urIcv6PcXEuQBmXQvaC4=; b=Nwr0yErTWlWpZH3KCoig/r1vIRSnh7oR+XtzZ8Btt4QCbsxc6Jh2CDt99tppzYKoJa a46J4JTlwc2PJGigWb0IZ25tVtHp3XPrZhurbLD1o9rCHEzhYkGuS1s5PBkuzhKEufm/ PwLBQDVc3ncwHfOM5NvstEf5XV7KhJjSIY0so= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734380442; x=1734985242; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v0nUfHmf9d9Ek70SiUd7v65urIcv6PcXEuQBmXQvaC4=; b=iM8Wn4h+saLn0ordLqS30yUzC7hhp0QxGURfvLFf2J1dabsWOA3tyTE+kyg8/zJACk Wl1SGz3OBjaWYXruruDnfnktcRnC3fIu1i8cKcFWsy01sTATMiaFastuF2qBFjgZwtFu XdHETGT4d86CPzGzYmqbDOn+KvmO+pmjdqkEYNLFPusoGTPvxkTpMc2ctDhlXnwoXE6B RFOsh+TuM1n0BFqPhCtdiQEfFamz1KNr4waV6Iy82zsbwc/kL1Jy/5wQN+r4oadXOWyF A0djFbkTwN7bVjnrd5xWp1h2YGeeQhRMUtSahZlybUCf4b7Ia4MwqyHyA1p4fTqQN/dZ qZpw== X-Forwarded-Encrypted: i=1; AJvYcCXFLom9LRvqTFqW1VZyVK8vqGFVnwrMjLAJl3LDzvoquZIh6fyTpL7Zg5yv4yNxV/sO9/8qtw8tVQ==@kvack.org X-Gm-Message-State: AOJu0YyEGu3n5FxJcr9FIwmBmPT6ym0E0dbGywoXNiDLaFMCU3TU/9Dq 3/Gsa0eQrYJ/mlHhVEc9WQc/OxPt6h7HVDLjKoKA2SbNQpu8pple8XFQog3EV4H8t5iyWTOa9j1 sQzclv/dUR81S3lFif823xCj89lxcC2y+sg/+ X-Gm-Gg: ASbGncug9aulBqfT5nUGgGdp/09OzGd2+RdzlNvq3GZFyN6G1LZqsT0X65ydC4QdJVE 91jDqIR/30iEZMXoH5Xk2M5iTCrT6yTJ1Q1RRYwe+vLLRM8ZNJyi+gG+8Id2xiY+08wY= X-Google-Smtp-Source: AGHT+IEjHTjhzXjZlpe/m/rtb9hWJfMNlEaPN9aXabHQU461PGl4HmQjfQb2jncDSkIp+HsSDH3UHYdHeepnpUDUxOw= X-Received: by 2002:a05:6870:5688:b0:29e:99e5:c623 with SMTP id 586e51a60fabf-2a3ac8c6446mr2803836fac.14.1734380442586; Mon, 16 Dec 2024 12:20:42 -0800 (PST) MIME-Version: 1.0 References: <20241125202021.3684919-1-jeffxu@google.com> <20241125202021.3684919-2-jeffxu@google.com> In-Reply-To: From: Jeff Xu Date: Mon, 16 Dec 2024 12:20:30 -0800 Message-ID: Subject: Re: [PATCH v4 1/1] exec: seal system mappings To: "Liam R. Howlett" , Jeff Xu , Andrei Vagin , akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, adhemerval.zanella@linaro.org, oleg@redhat.com, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, ojeda@kernel.org, adobriyan@gmail.com, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, hch@lst.de, peterx@redhat.com, hca@linux.ibm.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, Dmitry Safonov <0x7f454c46@gmail.com>, Mike Rapoport , Alexander Mikhalitsyn , Andrei Vagin Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Rspamd-Server: rspam03 X-Rspamd-Queue-Id: C5E0020016 X-Stat-Signature: w55nippb7dm1e4mbixmqksjnn91c3c3y X-HE-Tag: 1734380414-549753 X-HE-Meta: U2FsdGVkX19kYHsN5XfdxpWXG9RFcUL9Xe80X9nBVbXH51JXop1G4zolFpOnmwCwVeMtak0JAp12k9FLLpB1lGvtzJagxeRUghj8eZM+XE33H8wFGyrRGBaVWiLoaCqCQhP0nlLAtWSy6asz+ukE+cCtdDVRumJYGbEVGLM2nDj4gaChuUxdWY+Ms7vfo8VU3c13h55iSG1IzMT5ULsB9myLEgD5AGERx1JsyNrSjNBgR1DCXIGDEmk9jJcWRO3AJ0YyT/Bl2q/EmKh9JrseJLef/xq2fCsFdUv7scRKpCWPdAuBhfLqZYpldmR1aYor7R2vdNkRdBAd6u/vdPwjtRUZNeDS0Ns4zZXQwL/0IcrGVRiS/7PMaimW8jo5Mx8A/Rb3ymPuZblSVOKuLg3pyTc7R2BEs+FLXTZRl671wUWQFaozMMSuZfe6nIQL94Jt3B8R2WYpW1EGAMi+yXg2JjdgpLbowrOKB5GUCterNp7iMq+trhNoO8tfrNH5Wkceq2QbFBDt2pQqmDjMNkUR2b8BqzvKGRzm/XVDtcvTNvi/VslHhEmgJ+uvkE/9hSnT6YpAxQqcn3n3WKw/hCbnC5Kd92ppqvzFFLajRjW1HfbDvJEif8N5yulrZvSgiiINwZSxR6cDHw3USD3LjaRmd1H8cXCh6KUmNUTVx/vIrliJTIV4vGyEWMXhpyHvBjYGIFJIURu3ZSfVkpBzul21Jtgo7kU/iy3ptzRDhpHKK9TS4YUEDB7l+seYvK2BIIjmBvKJAg++PjR1ueaUlnqbwgz9F/wIXLpvJFVQdYe/lsQHvIZsg9+/gQpBJZhQANB9r6SXMrED/ol29rq5p1DNZPVkiYr4ljpDfzC4Y+Y2mBFosglYg0xXXZZXlBrCqL99l8i2Gl8BCxF7Df24leFhnyAebS340d3gPIHWsd8CfSDCetgvpM+GoTQVe0NxzOhmpojztykTZj0YHaz2cgo 84uyhRT5 ZdRihbgoSD9pyfW6KitLPNVJyMzZbYP77PyjIc6MIG6mlS+J2DOpoZJ7Wnx0KpwnCiNgyZAGgAL0Yp6DdX2np/xd8s+vTEpyxVe5/wIwcW1nSGP4msHIRTUYRzy94a9ztOfWA1kGescC25KrI3lDlGCwY+dr9m3fwCI1PnelBxhqrKO2F7Rgm8hPnOdImV8P0pCwLrhNjub1V6f4aGwMscrABNJe6R48qTec2Gd5A2RHSrEpnrBGnRVw9La3lSJmmnjgplVvB0+OFkuwMUe3arwOKybzGnhCJxjtNfcjsgqyOXR+MZRXzTU5RtgoGmslBQ8LcpPaYBGC/vsyEiDaQ/hXY0w== X-Bogosity: Ham, tests=bogofilter, spamicity=0.405952, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi Liam On Mon, Dec 16, 2024 at 10:56=E2=80=AFAM Liam R. Howlett wrote: > > * Jeff Xu [241216 13:35]: > > ... > > > > > > > I like the idea and I think the opt-out solution should work for CRIU= . > > > CRIU will be able to call this prctl and re-execute itself. > > > > > Great! Let's iterate on the opt-out solution then. > > > > This patch set has been NACK'ed. > > Please rework your solution and address all the concerns raised. It > will not be accepted in the current form. > Thanks for reminding me. I'm still considering Lorenzo's feedback about kernel cmd line [1], if that is what you are referring to. This thread was initiated from Andrei, and is a separate topic for CRIU, which I'm gathering input for a solution. I would like to gather all feedback and consider them before the next version of this series. [1] https://lore.kernel.org/all/4e7088eb-b017-4d8b-8e0f-5cb409b112cb@lucife= r.local/ Thanks -Jeff > ... > > Thanks, > Liam