From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96B9FC4828D for ; Fri, 2 Feb 2024 03:30:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2CE186B0088; Thu, 1 Feb 2024 22:30:45 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 27E316B0089; Thu, 1 Feb 2024 22:30:45 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 146D36B008A; Thu, 1 Feb 2024 22:30:45 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 0532E6B0088 for ; Thu, 1 Feb 2024 22:30:45 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id E2465C051E for ; Fri, 2 Feb 2024 03:30:43 +0000 (UTC) X-FDA: 81745436766.10.637CB60 Received: from mail-oa1-f52.google.com (mail-oa1-f52.google.com [209.85.160.52]) by imf27.hostedemail.com (Postfix) with ESMTP id 2148640014 for ; Fri, 2 Feb 2024 03:30:41 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=CCuXmnFx; spf=pass (imf27.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.52 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706844642; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NDdYwb6bms529iTi0p0xaIF4DMRKf1eH479RkB5tVc0=; b=QDqOqzwRHLcRz01Qr4JmfthiDoWhLiU0JTute2BXIq531EFauUKlySdfpF5obJyJNPsIRP Y7+ftXxHRBONMcwoE/XuMQZqkStZqzyVA9zgiQWAniCs/1U8MR7XopRq6RECfjT3kHAChP bd+DswuA6UWlGx/6F3iDLnp9jO3KXH8= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706844642; a=rsa-sha256; cv=none; b=G0abeJSGWbA9uc2MamUbGMtWPsUK82z5+DYZVSGD+Os/IifbFshx0yi165gEdG8mLyhyuv 6zf9Mr/KggVDCVN3XRJNHKytuIULiAVSXTpn53TNr4be8tdAKyOOyxxmlyaiJj6OzVpohu vVGoTs2OVRYJEG65t8BpwOh8b3fsrB0= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=CCuXmnFx; spf=pass (imf27.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.160.52 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-oa1-f52.google.com with SMTP id 586e51a60fabf-210dec2442eso957495fac.2 for ; Thu, 01 Feb 2024 19:30:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1706844641; x=1707449441; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=NDdYwb6bms529iTi0p0xaIF4DMRKf1eH479RkB5tVc0=; b=CCuXmnFxF0V5LyUJx14DYyvA0Tiu1tYZGrtoP5cS392NTL/OUyYsJh3N28Lx2spPZp utuj/8Mbxo4U9fd7ExRFlM4xDzYu6BCYewv8yfNmD0IVKOxTs/5IMPnpnI/ndPw03AJY d2q/1aQ+N1yszX4ZC1omfr3zLLKpVuU82qjiE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706844641; x=1707449441; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NDdYwb6bms529iTi0p0xaIF4DMRKf1eH479RkB5tVc0=; b=seD5IwK7ulKdNIJa4yBAVQLCA1volNMZ/inSK0BTtnNtuvvEBe4V02uze4SFzciTgq ahR92WUEbVMuiWs9BAmRCCtTP/0fr4lKC+qDJsC+1nxe7U5MtK1cuj3z1itvOCXstp7C yJTs1LxTw9ntWI97REy+qB72P4VFf58KKnKaFy0a19p1Z8B0zKXhhUJe/0/2q1xJ1nzm x5d39oLWIwZ0MDK7VKTxDVXhF9WZnQhlYrObgRANJnHY/2K/Mevs1WTFSobqMZcQ912J XmCmhW1vdBZJ0cH0dReWRTiPRZMhh3r3FDRhpdnmFdFZT6cC9/y/Qc5SzWaV5F1XnqSL 2oug== X-Gm-Message-State: AOJu0YxYCQTIogNUqea3rOts2lij64UejcSmB4IK9fpMrpYYn49500wE c4hYIg7mn39YgwLQNxs3CTD9dA1UtW3y/dZPVvvl3sLlC66OUuts0CUm6+2XAwZjQcWJBozopxc GnKYQo3d89H3XzCIF2Me2RAdcBmKolkmkOasolo2lPZuit88TKw== X-Google-Smtp-Source: AGHT+IF/r05G9r4pqnUYufTxyrklaLY34VPoujkR9dH8bcGKq2ZHmLdBhM1/R7dkd0o8lqJL0U36sbeOMj+cQAyiOs0= X-Received: by 2002:a05:6871:7584:b0:219:2219:29d7 with SMTP id nz4-20020a056871758400b00219221929d7mr203072oac.48.1706844641233; Thu, 01 Feb 2024 19:30:41 -0800 (PST) MIME-Version: 1.0 References: <20240131175027.3287009-1-jeffxu@chromium.org> <20240131175027.3287009-3-jeffxu@chromium.org> <20240201231151.GA41472@sol.localdomain> In-Reply-To: <20240201231151.GA41472@sol.localdomain> From: Jeff Xu Date: Thu, 1 Feb 2024 19:30:29 -0800 Message-ID: Subject: Re: [PATCH v8 2/4] mseal: add mseal syscall To: Eric Biggers Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, sroettger@google.com, willy@infradead.org, gregkh@linuxfoundation.org, torvalds@linux-foundation.org, usama.anjum@collabora.com, rdunlap@infradead.org, jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, dave.hansen@intel.com, linux-hardening@vger.kernel.org, deraadt@openbsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: gy7o1j1qhdi49thnqjzu4tcqnyfqa9jz X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: 2148640014 X-Rspam-User: X-HE-Tag: 1706844641-221256 X-HE-Meta: U2FsdGVkX18HI1Q+nRxAcGUdEDNjKVCtUSom4ruLHcQylxDA/o2QrSa/ksYC6DWCKtZZ816IIfL0beThgMDzxl7A1ZtAlM9vSGMKlVSRub+jhR3VZEld+/9Gnnexz4K59yHM+VSt4IqV0fi2luMddnxGlZoCEMCjmd6dtMGL6K6HZWd6tdHP5LBpaRYTfTtgYPJcFkmiya2G3FFQqBeUZXcKCdONaXsoLeQ1IstNU+AfuG9509MFwN0YdyJKBYLqsQoGAmt9uee1YJ17sbsZInhvMvHjkCykznAfpU1l9J+G89gBLtDwlu579XxaEUmAnLhtj4nfFqmWj35fJOSaBjBjVNO1odCyIQ0UbbFtB4dk1vAlsQ3S+yTy6g1lNjVsWpUg3pxM2qoEAjROwl1bMF7g0kpYCAkxg/1Dm7yyJNCPHCUZky7s+Y3YP4BGx1BBliHhFsqGfBn/2Io7N7FQXQuqWYH49hpBvSbWuWjJbIxP8JqIyZ7nOR77XgvwvzWOT6q9cH9H8fH1egyK+7oNw4j8PS/0K7cWTNlU030P0xIjnoRUe3gs77E5yEb136uVz3N3/qRQq0rZ5v3wop8BN/VDbm1pd/7tp67vxbYAXAeAZn8FOO9BG2p6rxcT51biZZVRKIsWw5jXWZKDrL06icsroHw+c7/yEhxfkHaSze7MjtJ0I2z8/W/wQLKlW0i2TRcP7yARgb89eWl6thuMrTnBz5KETLQw5svlXxn9pfgmDtMzWIGj/cgN0jQv9iCPxb69q+C3kZK3/KOkJ5t6C5UgRG1N4oXkpOnmKTSIMyyfIjLEfEgeGObOBny+NZ0jbvScT0V7ssF43oFrWdx4eD3Jj/D7Gg5wpu66NtFywMq6MsoCAqnrMBTG5v9Zeezwsk6S0zK6EwGWu+rDRbCXz9Inudj53GmcXwx1t/myZZYCKGmUnKGSTSO+cL4aAzcOPGo9f1UgyHCnDJzckia vwmjScRF jqWZ2xWGYzRKOIA0DSEz9a4O8uv0K2P/AvTRbXS5fsy+VjXL8J1Azj4eJJX+7cc0369UonNDskfz1cz4vNovdVcYpsvyd4ZGEmRv7d1ONWXB6AjBAMS+ybuwQec02eZKxOFvHmVV35OvQ1oOmX34Jr8V03Odn1GY+BSuLIAOp3Ljelwe5rDYxiqwqg6gOVZNYW+gMYM1PU8D6tzXazHhar+HHURGvc+Ua7BGZFhBx4sCmtczvkO4XVi3ToBUpHGfBQ29H+OtloWSpYVnnMrpjlRpE8sPsFaGdMPWLVn2g1/oquE0c7mEuB2YsrcQv9XooW/MjDY/WWu6Y1LBRIkFzshEatgU/M4uccUANERGKO190GvUkcSakCNgP56B37oe53jA+w0h9O9TQ+707I9FeRcgBD5OPdKFs21Nc X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Thu, Feb 1, 2024 at 3:11=E2=80=AFPM Eric Biggers w= rote: > > On Wed, Jan 31, 2024 at 05:50:24PM +0000, jeffxu@chromium.org wrote: > > [PATCH v8 2/4] mseal: add mseal syscall > [...] > > +/* > > + * The PROT_SEAL defines memory sealing in the prot argument of mmap()= . > > + */ > > +#define PROT_SEAL 0x04000000 /* _BITUL(26) */ > > + > > /* 0x01 - 0x03 are defined in linux/mman.h */ > > #define MAP_TYPE 0x0f /* Mask for type of mapping */ > > #define MAP_FIXED 0x10 /* Interpret addr exactly */ > > @@ -33,6 +38,9 @@ > > #define MAP_UNINITIALIZED 0x4000000 /* For anonymous mmap, memory cou= ld be > > * uninitialized */ > > > > +/* map is sealable */ > > +#define MAP_SEALABLE 0x8000000 /* _BITUL(27) */ > > IMO this patch is misleading, as it claims to just be adding a new syscal= l, but > it actually adds three new UAPIs, only one of which is the new syscall. = The > other two new UAPIs are new flags to the mmap syscall. > The description does include all three. I could update the patch title. > Based on recent discussions, it seems the usefulness of the new mmap flag= s has > not yet been established. Note also that there are only a limited number= of > mmap flags remaining, so we should be careful about allocating them. > > Therefore, why not start by just adding the mseal syscall, without the ne= w mmap > flags alongside it? > > I'll also note that the existing PROT_* flags seem to be conventionally u= sed for > the CPU page protections, as opposed to kernel-specific properties of the= VMA > object. As such, PROT_SEAL feels a bit out of place anyway. If it's add= ed at > all it perhaps should be a MAP_* flag, not PROT_*. I'm not sure this asp= ect has > been properly discussed yet, seeing as the patchset is presented as just = adding > sys_mseal(). Some reviewers may not have noticed or considered the new f= lags. > MAP_ flags is more used for type of mapping, such as MAP_FIXED_NOREPLACE. The PROT_SEAL might make more sense because sealing the protection bit is the main functionality of the sealing at this moment. Thanks -Jeff > - Eric