From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 596BEE77199 for ; Wed, 8 Jan 2025 16:44:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C96C16B007B; Wed, 8 Jan 2025 11:44:11 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id C46F26B0082; Wed, 8 Jan 2025 11:44:11 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AE7EA6B0083; Wed, 8 Jan 2025 11:44:11 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 8DD1B6B007B for ; Wed, 8 Jan 2025 11:44:11 -0500 (EST) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 051F4812AB for ; Wed, 8 Jan 2025 16:34:58 +0000 (UTC) X-FDA: 82984833918.05.1543626 Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) by imf14.hostedemail.com (Postfix) with ESMTP id 00EA610000B for ; Wed, 8 Jan 2025 16:34:15 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=hvqxQqsq; spf=pass (imf14.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.181 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736354056; a=rsa-sha256; cv=none; b=jlSSAQNSXh6ieK5j5tcRieK7FldVCrd6B7MiXghKPQuzD1zJIgLxSBvunVWftAm4SMwaon XU3s+uukL+srNTZsOyT7PCnJNPNaCdQ0Og+lwbdhuipChpPR4UcifLh4iMQg5wqUEPRAAC xRqsJcD3qlKjqZScRBQAQpT0ikeDptc= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=hvqxQqsq; spf=pass (imf14.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.167.181 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736354056; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=nRN1UZXW+9y9bwtzVbAgnIz/GGI8nLUdXC+YXanAzl4=; b=a6tddUe/Y50e2RuiDnZoWjJOxloghjOQRsuMVMXsF/k+9YwLjtgtGmSg7gigRiMM0CVdcn UHjEauOt1oYJViVtU0KEbkKP+Law8Ehldfs9g2FEsfz3E3IW0aEq7UOl+FliMZyMCG5A6E KDu0JRQn0M51UyDi5dFgccR7B5PQ6Sk= Received: by mail-oi1-f181.google.com with SMTP id 5614622812f47-3eb9b58fbb5so1148137b6e.2 for ; Wed, 08 Jan 2025 08:34:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1736354055; x=1736958855; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=nRN1UZXW+9y9bwtzVbAgnIz/GGI8nLUdXC+YXanAzl4=; b=hvqxQqsqRCe7tl4uzluwVDc5CAaPyzSThu84ORkEBZDk5sYBZxLSqhyNJSogYHGQBv OXp8WoUexRy0gpzibuLy8QfpndxLYTs07eLWBsT0Vp7vrBgjL04bcBoFUpMqOZI+GtoE im1tkTW6Nmuh16krrsKOimm5EQTpW21mhHLX8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736354055; x=1736958855; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nRN1UZXW+9y9bwtzVbAgnIz/GGI8nLUdXC+YXanAzl4=; b=dCJSVMNUG8N2AtsXnwYGQEvsNqws2VAx6ME1PqXBEynR+UkMOxprkM3+38ow7O8Eij hZJgFnGsHaBcUEY2pnr7zPeYhYdnErriV1VzDPuQV1NHLj2p/mQ7WwvT2UAqLnFFtSZ+ Dk5MMzzOAVUae8dln+y+x102mwAadHc67epHcTTkyA2uAwZOC8O9JRG2MxTCETACDNwO l4j+2oV7ZbhrzRgVvhE0MDjBzpD16HFuBSf81JI2+2O3NqpeEI+paYQXsHGlndNi0LWh YJPtLaEqgdemsEWJlZfbL+YNYMSN81vbH+gIH4NS07Wt8cEQp08M3Be66/jJzIYrIaMa Nlyg== X-Forwarded-Encrypted: i=1; AJvYcCV2TVZe8EuwZnJWJmvJZbHU0N4XKSynoM2n8Td0vbS25kKrAmtiL50ei3NYzPtKii6n6gg/sbviLg==@kvack.org X-Gm-Message-State: AOJu0YxUtao+/eyyZBaRqAIX/uViQ4YvUMAj+qJaYCzwiINHsdcvj+xh GGWAbbI0gWc7l14160prC0DXHHkSX3Z0+lVpD9bHSpaHtMtPIw0Hy6uR4Jl5moWASeUPDFeamFQ wqdvhLHl9LHCMyZKyxUZPnzDgtpRd8HKawCSL X-Gm-Gg: ASbGncvet46V9aa7GBX1RJLADFeTj8zuKoow1caYG4WRU0tCEbUV13//HzyewIUZj6u dPYmjm03TTnL6WJ6HKR4BXsACMHr6MW3eR2qRM7PlZ+GDqSnKtBkbDDP9H+bGfyDJQ8GLEDY= X-Google-Smtp-Source: AGHT+IGvmvYmHZlOKCsOlXjEJdILvND0Wn/bJ5GVMojqs1mv3cAEAWLd7eHHRza+Uj4LBSfncn8YTrDkHdIwKCYXuok= X-Received: by 2002:a05:6871:67c6:b0:29e:79ce:933a with SMTP id 586e51a60fabf-2aa069741bamr674062fac.12.1736354054648; Wed, 08 Jan 2025 08:34:14 -0800 (PST) MIME-Version: 1.0 References: <20250102233255.1180524-1-isaacmanjarres@google.com> <20250102233255.1180524-2-isaacmanjarres@google.com> In-Reply-To: From: Jeff Xu Date: Wed, 8 Jan 2025 08:34:03 -0800 X-Gm-Features: AbW1kvbIBhyW0pAreSQi_woM5Mu2LF0rK-L1LSYwv4FWA4jHvElknhVchu7Sv_o Message-ID: Subject: Re: [RFC PATCH RESEND v2 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd To: Alice Ryhl Cc: Isaac Manjarres , Jann Horn , Kees Cook , lorenzo.stoakes@oracle.com, Jeff Layton , Chuck Lever , Alexander Aring , Andrew Morton , Shuah Khan , surenb@google.com, kaleshsingh@google.com, jstultz@google.com, jeffxu@google.com, kees@kernel.org, kernel-team@android.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 00EA610000B X-Stat-Signature: 5djfidagox81b3otmnzn5nh4b9h1jj78 X-Rspam-User: X-Rspamd-Server: rspam09 X-HE-Tag: 1736354055-716038 X-HE-Meta: U2FsdGVkX19dBTOslRZkbUHRdBtFO1xPQ17mdT0Jerb20zEVZtKqGYCRQjdwPzZN04cz1aFJJbRtVzEvR4U9vjJev2h7t8WnkO3e//RAHrEICWlrtyTAMzRlUH6OqTSKFZ6kwWKs9ZgpJqs2TD9WavibCbeBmYvjmy9qz59vfiljUovSXdJzPcmA7R+MCSttZM+WomxMDbKJOSR0JF6H0YANC5HhVXh/8dt8ycEhCfJGC2hAG9Z0ypZiBWs0WxwFQuNNQmArD/qZseCllhT4t7P2Fc+wky7u6L4vgIBeppGywGt87b1n3lY1bG8uIRZshb/iw39ujQhzy7+sq1i4T0QDh4DlSrBtuVDS7bO7Ks9IcCGFvoHr83QlK0MTXGCsaICatFH8/8xUDq+WK5EgzmSPNy95Mhy41/taysRm71f4B750z2ak9prWY8GQoc6Wti6oKOdETR1ZaYS9o27Ky4p5hP3e8N3Ksj2MeWXBoXSyWHEeBRSD1A5ANZoQgGewLWN8MGJ7fNJPbWHFRGCWDDXWmpqSuRuHKSHgf2ucg/QB8d+nDZofS/r1WKBMKpKIPxHUm2iD7k+lBwtRi6eAJjIf8d1Y9RLyovxUfDePsdmWI52WjIznduE8vYY0T0dQpZXNTBmyGoNTUL0a7Lw6NehZ96vKIhfURaF4NGPGBjGHbCdHQMHQR0cHg3gt6KJ5Yocc/4GM989klMDvpJ7AutBWJTHZ4RWQ3NDhxdfQb9PewlMzZ/UgCbScogIlYigeiDsMg8UzPb37FiGvTWiAVifdKL7BfBc568ON5ZpbHgR6NjW8ezhe4ksLsmJL9xCjJq4wXrnjRstA4b80ZiDGnZwmsSenq4VoG5Nfv69BEUffcLy+f6yAwALJrU70pOe/mcxfjeIlM7mp2dTymthGYkv5WqNtRacFWgHrJ94b0mNAjqjEH4l1CIYwdGor4WG+J8dIM7IWxXoTVNW4hSV 3B8+U2M4 GQj9RaDR9TWqpqcuQe8P+gEy0wyYfVuJb3+hpGbRtp00PBnGflYtiOHmQ0ZPHNyaJsDuSaEDjFD8DMO6DrAPLGZBuD6CzjEX+ip+oU5WMbK4wPQoKqwFAHLBsc+pJySLsZ/wXX0udQCrGtX1LbNahEYxcZzonyHHu1gQjokNt/X3lzJbea+X15eEltqHZ8hqWaYQLHjelj4x62qxINpdgq7T6/8IiMsmf3gASvBgwGc9KWlBUtEBX64r0K3gB738Oh9KzqmyHEcnLhyPwTURPbCu7kVzCYYV2IRn6PDiPNYqQxf2pUpY8KQj274444pHj7ef83Vh2lw0xTaZ711NYduYBwWaTa0eHjZnp1av5IqLGzsY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.048443, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Jan 8, 2025 at 5:57=E2=80=AFAM Alice Ryhl wr= ote: > > On Tue, Jan 7, 2025 at 6:21=E2=80=AFAM Jeff Xu wrot= e: > > Do you know which code checks for VM_MAYEXEC flag in the mprotect code > > path ? it isn't obvious to me, i.e. when I grep the VM_MAYEXEC inside > > mm path, it only shows one place in mprotect and that doesn't do the > > work. > > > > ~/mm/mm$ grep VM_MAYEXEC * > > mmap.c: mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; > > mmap.c: vm_flags &=3D ~VM_MAYEXEC; > > mprotect.c: if (rier && (vma->vm_flags & VM_MAYEXEC)) > > nommu.c: vm_flags |=3D VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; > > nommu.c: vm_flags |=3D VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; > > The check happens here: > > /* newflags >> 4 shift VM_MAY% in place of VM_% */ > if ((newflags & ~(newflags >> 4)) & VM_ACCESS_FLAGS) { > error =3D -EACCES; > break; > } Thanks for helping ! -Jeff > > Alice