From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 45232C197BF
	for <linux-mm@archiver.kernel.org>; Thu, 27 Feb 2025 21:44:50 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id CEFB1280001; Thu, 27 Feb 2025 16:44:49 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C9FAD6B0085; Thu, 27 Feb 2025 16:44:49 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id B677D280001; Thu, 27 Feb 2025 16:44:49 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 978816B0083
	for <linux-mm@kvack.org>; Thu, 27 Feb 2025 16:44:49 -0500 (EST)
Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 00CC3161D36
	for <linux-mm@kvack.org>; Thu, 27 Feb 2025 21:44:48 +0000 (UTC)
X-FDA: 83167054698.14.56E2517
Received: from mail-oo1-f43.google.com (mail-oo1-f43.google.com [209.85.161.43])
	by imf25.hostedemail.com (Postfix) with ESMTP id 5B419A0009
	for <linux-mm@kvack.org>; Thu, 27 Feb 2025 21:44:46 +0000 (UTC)
Authentication-Results: imf25.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=n9VOE7J9;
	dmarc=pass (policy=none) header.from=chromium.org;
	spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.43 as permitted sender) smtp.mailfrom=jeffxu@chromium.org
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1740692686; a=rsa-sha256;
	cv=none;
	b=Na+gLiGCuHF0bYC042FRsxrke81UpHZc/rUtpZJFGJTtG1PI9uTggAQVbGeVB6D75gikOA
	S52jK/lSbehr1LDT7YNqBLbFSnmdq26sYNnFCL+E8A+vHnJfE0FA4xQQMFJQK6b0pM+u+d
	y2ibP7nhQn5KGu+jc1NUlugYpaOYluM=
ARC-Authentication-Results: i=1;
	imf25.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b=n9VOE7J9;
	dmarc=pass (policy=none) header.from=chromium.org;
	spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.43 as permitted sender) smtp.mailfrom=jeffxu@chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1740692686;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=41P9T7rAOn5C903KcslM4I+TaCE2v2OwMWOr2r9y6yc=;
	b=3DnLpUZZMQitOnBGDCZWdhnsRzsBjFKWQ09/kq05Gwrbxvd4rMbIspwma5ObUNeWAWvOQg
	UrEXKNlHI2B7Yz8XkccPOfSBTsr/qe7Ma6dg/CoP3mysT6vaswChtC3isbkNBK53+27/FN
	1lrnVMwEnsIvK+LHXUUeC17d0t3xno4=
Received: by mail-oo1-f43.google.com with SMTP id 006d021491bc7-5fcf5697f9aso125228eaf.2
        for <linux-mm@kvack.org>; Thu, 27 Feb 2025 13:44:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1740692685; x=1741297485; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=41P9T7rAOn5C903KcslM4I+TaCE2v2OwMWOr2r9y6yc=;
        b=n9VOE7J95q878FTA6abKsrfDjcOYgAYEASJnbQVcF0kfBma0MaYghXqGWs9DIWw9IM
         34XWU3AwS6m4RiVWuip3vBOxy/4NssC8B4n5yF2bJ4L2p+aVFwSQaDW78xt5mBgPkUHh
         Aj8Lkup9F+qZs6rp3WKKS+45dhR+erPfbFBvc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1740692685; x=1741297485;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=41P9T7rAOn5C903KcslM4I+TaCE2v2OwMWOr2r9y6yc=;
        b=qnj3Rdt0Qt5NicHOn+cyByuE4gBAJYYTeXRQP/1McWRHbad2gM0NjQrqHoaipcYyjT
         WO5dX6rQGhS4U74WVh38gWYxi/CAYxOcjX+01u3+ilptSRhiVrQGSB9tqIMo6j29W+YS
         nVuZqNicQAXbQBSMzv68Rh8gQOWAwz4/1+sYPY4GMKYgxOO3SEeGeFjzeI9xK6/lKQBi
         T1WCdk4D6Em694U9TH9sqW6tuEoPkWOVnW/LvLqLT5TB4pZAkERrB11qjh+S7OEEQEFo
         0sSH1TdDb4Obf28MUp+u5vfdFDR/oVkJ6INMlZCosmC2xVInoXzH/SEhlJmhMRI1W3EY
         eK9Q==
X-Forwarded-Encrypted: i=1; AJvYcCXZ+UO/qBTylK3lLhUVkbFOGf/MoWQ3MQlhz90HlZK3NjxkYn39uHhvGyw6nbgRW3Vo+ckrSJkWzg==@kvack.org
X-Gm-Message-State: AOJu0YzuwPD+Q3Do5fYQw/asXapBQcnQ2SusXVKym4yizDw1OKGHSNkW
	K2/3CcIP+Ms4idnrXd4ZPrOB9rpuOcLF42/qfi+5+S1UEXyYu0R7XJEflTP9DKsPILrAuSNFKef
	FQBLrbyAM5uY/hlJeUZVOyJonvEr1/AFQs45r
X-Gm-Gg: ASbGncuS0LDQCJjGLK5UbM6n/YCxvJ5G3L6QUADes6bZxC1SWuXHCBbI2ArXP0UZJlr
	H4orRHupxRFk1RlDZTnANIGbF9Q+yBjg+7/5bIOxQRZklpI6TQ+PwAVesGQNUkJ+nlklzn85wCE
	38jzdUPuEoeQJThkB2TXri1RcSDVudNcPUrgWN
X-Google-Smtp-Source: AGHT+IFughb8ucHe5DsofFLYJInuUUcNg3DNnlqCne5qRA9aKO1ulCgbX8TUXLDOT+muClmgGU9fnGmggYJ9ApqcZz8=
X-Received: by 2002:a05:6870:d8d0:b0:2b7:c7b4:7df7 with SMTP id
 586e51a60fabf-2c178712c5cmr176343fac.11.1740692685142; Thu, 27 Feb 2025
 13:44:45 -0800 (PST)
MIME-Version: 1.0
References: <20250224225246.3712295-1-jeffxu@google.com> <20250224225246.3712295-4-jeffxu@google.com>
 <20250225085728-24167715-8562-45a8-86cd-0ea503e4bc73@linutronix.de>
 <CABi2SkUwETzrBSYm0QV9+eoeo0kgA+r2JM4QaFpQqeTiidFEDA@mail.gmail.com> <20250226082701-9057b348-b074-488f-9aca-49ffbc78237f@linutronix.de>
In-Reply-To: <20250226082701-9057b348-b074-488f-9aca-49ffbc78237f@linutronix.de>
From: Jeff Xu <jeffxu@chromium.org>
Date: Thu, 27 Feb 2025 13:44:33 -0800
X-Gm-Features: AQ5f1Jr2cfmQo_Z39J7t8YiLBoePGb9dDRH-76W5jrebQ_aLePoCE7SzRjIwf7A
Message-ID: <CABi2SkXwaJ=s3XqHKu1aFVfcacgxpQ5Ji1_BqaN+ch2i_RnA9Q@mail.gmail.com>
Subject: Re: [PATCH v7 3/7] mseal, system mappings: enable x86-64
To: =?UTF-8?Q?Thomas_Wei=C3=9Fschuh?= <thomas.weissschuh@linutronix.de>
Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, 
	torvalds@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, 
	Liam.Howlett@oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, 
	avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, 
	linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, 
	sroettger@google.com, hch@lst.de, ojeda@kernel.org, adobriyan@gmail.com, 
	johannes@sipsolutions.net, pedro.falcato@gmail.com, hca@linux.ibm.com, 
	willy@infradead.org, anna-maria@linutronix.de, mark.rutland@arm.com, 
	linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, 
	rdunlap@infradead.org, davem@davemloft.net, peterx@redhat.com, 
	f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, 
	mingo@kernel.org, ardb@kernel.org, mhocko@suse.com, 42.hyeyoo@gmail.com, 
	peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, 
	groeck@chromium.org, mpe@ellerman.id.au, aleksandr.mikhalitsyn@canonical.com, 
	mike.rapoport@gmail.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspam-User: 
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: 5B419A0009
X-Stat-Signature: txwra6iqaup367bfn1utf6q9g3cip11j
X-HE-Tag: 1740692686-358205
X-HE-Meta: U2FsdGVkX18pOKM34yCqEOosv3ZidEsRGg9EQ6DynjjiY4TUcwo2O7QPJBcP1XQvzKZlAXHgKDLbbuKjxE893ougK1ct8Uhc8c8eahDGr/aQSDEsMq4l31aWZmUZiSULhL44h/aLF84ziDnBK9/SAfXtipASO/FOeZDlZwL9Svb0S9aDpz97Ei7vTlD5h+yHYCqGqfY1+oNULQq44QyOvhiEWc/GolKwfP8OaRxLIGkEwa60Csv/EWOoIY1EjoTWCf4epLIBMgD0eZT8T5Ea43I2A0lGveDTDk/ht8JT6qbT3JYgsH3fCNoM5MAIYV7MqLQkxxpR7nDw+0KHkqGKXFt0JlPW6lu2alK6BoKAfeC5EzQ91iJ3q8MMiHQu53BtSAPk638Pf9HEQKARj/3tml9WoE5ak4FynHUojPjTXCIf91pvAuISSl0y/dCWxkRc/xiX9rfxZIIHDJ31gvkOPlxLt0+0x894nFVjcsmVK6NBXHqMhTtxhKZq5Q8fI/xY6MFv3bMJgSNw74gtvhZ7Io2hkZgV4+VwsYnPuAKD9w2JccaPZUQqRfMf/oftbIQhWftPx/3RsJPjJSvKf6ZWUz4uRqtZFwNJbVQvL9LBfFENZoEdbafWru72TG75pNc/xGfQ11FHflKrc+cDfMgW1MzAjbmMcmQFoQlYkkQ83awqg/G6/vBFYQqfN8h7el8e3TDfHo071jUrNaQOUke9nykqprjxMGWM+KEbofOpUpIXoNlnWmTff9/pw7ZobnbTvW8o9rduk3wU3dohpMScxfE57dh6WN65xI4fJRbKc4QEb1uUUeNDXsCTCy2PwiP1XTHiMxU1Y7AsXf1KwmiguhqHtMcvl5sNkVZwQFymkQNJw5S8Kj7Y3xZhkhc/5rYMaAI6rXljTOGNTf0mSOlhObk8mR8pFmDBAdApNhcIDb6SNOp2kr7+6KQy5eSxvo4v7Hxax6h51a5iTLkAdxN
 HnEBluNP
 dha3DOzIE2AbX17eoWcRUg9L8zHgplzGrOsKLzL/V8Bl8tSBGVM158C/tOkYvtkyNtgHJ78QF6hrab8mQRKemO8NHufxaXJOPdZUxDkIVcXv8DC+1xhK1Yw/+LSB/lzxuPXXJH0SWP5olLMehQkTxF/lOXtzBY+No3+pKwXkNgq6/mllcep1O7TAaG+6UmsWhAp3A12wQIkpbYMC+grzOtK1nBxdh20WEjF6rYNlx9IYv3QhHjRbaLGmAFMbqUyXuU36FVF4NwezZvNU6HxRb34jZmjI8L+Q7z7lRqCh92+u+Vifs3RERala2OxV3Lutc8qBu
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Hi Thomas

On Tue, Feb 25, 2025 at 11:35=E2=80=AFPM Thomas Wei=C3=9Fschuh
<thomas.weissschuh@linutronix.de> wrote:
>
> On Tue, Feb 25, 2025 at 04:48:47PM -0800, Jeff Xu wrote:
> > On Tue, Feb 25, 2025 at 12:08=E2=80=AFAM Thomas Wei=C3=9Fschuh
> > <thomas.weissschuh@linutronix.de> wrote:
> > > On Mon, Feb 24, 2025 at 10:52:42PM +0000, jeffxu@chromium.org wrote:
> > > > From: Jeff Xu <jeffxu@chromium.org>
> > > >
> > > > Provide support for CONFIG_MSEAL_SYSTEM_MAPPINGS on x86-64,
> > > > covering the vdso, vvar, vvar_vclock.
> > > >
> > > > Production release testing passes on Android and Chrome OS.
> > > >
> > > > Signed-off-by: Jeff Xu <jeffxu@chromium.org>
> > > > ---
> > > >  arch/x86/Kconfig          |  1 +
> > > >  arch/x86/entry/vdso/vma.c | 16 ++++++++++------
> > > >  2 files changed, 11 insertions(+), 6 deletions(-)
> > > >
> > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> > > > index 87198d957e2f..8fa17032ca46 100644
> > > > --- a/arch/x86/Kconfig
> > > > +++ b/arch/x86/Kconfig
> > > > @@ -26,6 +26,7 @@ config X86_64
> > > >       depends on 64BIT
> > > >       # Options that are inherently 64-bit kernel only:
> > > >       select ARCH_HAS_GIGANTIC_PAGE
> > > > +     select ARCH_HAS_MSEAL_SYSTEM_MAPPINGS
> > > >       select ARCH_SUPPORTS_INT128 if CC_HAS_INT128
> > > >       select ARCH_SUPPORTS_PER_VMA_LOCK
> > > >       select ARCH_SUPPORTS_HUGE_PFNMAP if TRANSPARENT_HUGEPAGE
> > > > diff --git a/arch/x86/entry/vdso/vma.c b/arch/x86/entry/vdso/vma.c
> > > > index 39e6efc1a9ca..1b1c009f20a8 100644
> > > > --- a/arch/x86/entry/vdso/vma.c
> > > > +++ b/arch/x86/entry/vdso/vma.c
> > > > @@ -247,6 +247,7 @@ static int map_vdso(const struct vdso_image *im=
age, unsigned long addr)
> > > >       struct mm_struct *mm =3D current->mm;
> > > >       struct vm_area_struct *vma;
> > > >       unsigned long text_start;
> > > > +     unsigned long vm_flags;
> > > >       int ret =3D 0;
> > > >
> > > >       if (mmap_write_lock_killable(mm))
> > > > @@ -264,11 +265,12 @@ static int map_vdso(const struct vdso_image *=
image, unsigned long addr)
> > > >       /*
> > > >        * MAYWRITE to allow gdb to COW and set breakpoints
> > > >        */
> > > > +     vm_flags =3D VM_READ|VM_EXEC|VM_MAYREAD|VM_MAYWRITE|VM_MAYEXE=
C;
> > > > +     vm_flags |=3D VM_SEALED_SYSMAP;
> > > >       vma =3D _install_special_mapping(mm,
> > > >                                      text_start,
> > > >                                      image->size,
> > > > -                                    VM_READ|VM_EXEC|
> > > > -                                    VM_MAYREAD|VM_MAYWRITE|VM_MAYE=
XEC,
> > > > +                                    vm_flags,
> > > >                                      &vdso_mapping);
> > > >
> > > >       if (IS_ERR(vma)) {
> > > > @@ -276,11 +278,12 @@ static int map_vdso(const struct vdso_image *=
image, unsigned long addr)
> > > >               goto up_fail;
> > > >       }
> > > >
> > > > +     vm_flags =3D VM_READ|VM_MAYREAD|VM_IO|VM_DONTDUMP|VM_PFNMAP;
> > > > +     vm_flags |=3D VM_SEALED_SYSMAP;
> > > >       vma =3D _install_special_mapping(mm,
> > > >                                      addr,
> > > >                                      (__VVAR_PAGES - VDSO_NR_VCLOCK=
_PAGES) * PAGE_SIZE,
> > > > -                                    VM_READ|VM_MAYREAD|VM_IO|VM_DO=
NTDUMP|
> > > > -                                    VM_PFNMAP,
> > > > +                                    vm_flags,
> > > >                                      &vvar_mapping);
> > >
> > > This hunk (and the vvar mapping in the arm64 patch) will conflict wit=
h my
> > > "Generic vDSO datapage" series.
> > > That series is already part of the tip tree (branch timers/vdso) and =
scheduled
> > > for the next merge window.
> > >
> > > https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/log/?h=3D=
timers/vdso
> > >
> > > The conflict resolution is fairly easy:
> > > Move the new flag logic into lib/vdso/datastore.c
> > >
> > Thank you for bringing this to my attention.
> >
> > In your change,  it seems lib/vdso/datastore.c implements a
> > vdso_install_vvar_mapping(), then all the architectures call this
> > function.
>
> Correct.
>
> At least all the architectures using the generic vDSO infrastructure,
> which are the ones you care about.
> Sparc for example has its own implementation.
>
> > So merging conflict won't be as straightforward.
>
> Wouldn't it be enough to unconditionally use VM_SEALED_SYSMAP in
> vdso_install_vvar_mapping()?
> The symbol is a noop on architectures or configurations where the new
> functionality is not available or enabled.
>
Yes. That will work.

> > Maybe a better
> > approach is that I continue resolving all the comments, based on the
> > latest main. Then wait for your change to be merged and submit another
> > version.
>
> That would work, too. As you prefer.
Great !

Thanks
-Jeff