From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA73BE77188 for ; Wed, 8 Jan 2025 13:57:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 678EF6B0083; Wed, 8 Jan 2025 08:57:36 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 628D26B0088; Wed, 8 Jan 2025 08:57:36 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4C91D6B008A; Wed, 8 Jan 2025 08:57:36 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 2F0776B0083 for ; Wed, 8 Jan 2025 08:57:36 -0500 (EST) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id B65B21211E5 for ; Wed, 8 Jan 2025 13:57:35 +0000 (UTC) X-FDA: 82984437270.28.3B30510 Received: from mail-wr1-f43.google.com (mail-wr1-f43.google.com [209.85.221.43]) by imf22.hostedemail.com (Postfix) with ESMTP id B9C48C000A for ; Wed, 8 Jan 2025 13:57:33 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ZSmjZ83U; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf22.hostedemail.com: domain of aliceryhl@google.com designates 209.85.221.43 as permitted sender) smtp.mailfrom=aliceryhl@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736344653; a=rsa-sha256; cv=none; b=X8fAMUFB33oHVjPymSXFIanMYXGLUUmrFfbtX/4tv7QjCMk8TE4B61Wc+k/D2QUeSxmYxQ Wbx9h8sAqMdsAq5kou9uW/nCbTOBGjD7b23tc6dCnsP4RW0pJma7u/JdWneMQI/2N5zmyV tZ2Oe6zpHiIfXWztIF66Rsn41OMH2xY= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ZSmjZ83U; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf22.hostedemail.com: domain of aliceryhl@google.com designates 209.85.221.43 as permitted sender) smtp.mailfrom=aliceryhl@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736344653; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=t5B1ydPn1hV3ArUDgLdqy3/MqqbLWzy4ewiJvBc3c68=; b=rFGeGpigUVDt9rOMXz7+WbuHyFH6PF76G4K9ReuYL1Xl7cXspaiR27T3sWQ883/+6YvTwc /1wjRju8/cVgw71jxyve5xlXH25vMk6lWStCh6vRA76cNMdGZw8ALyhJ6IrRhsRQKY1tm0 H3tvFBTD1uGkeUFYFAks20xH7sTs+qk= Received: by mail-wr1-f43.google.com with SMTP id ffacd0b85a97d-385de9f789cso12453443f8f.2 for ; Wed, 08 Jan 2025 05:57:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736344652; x=1736949452; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=t5B1ydPn1hV3ArUDgLdqy3/MqqbLWzy4ewiJvBc3c68=; b=ZSmjZ83Un+42B4OqS1c6RUSQ/v3C8kzzT+imN1WsZwjYGjKVwbd8vokO002xqxqz7E j7g5DayFRMiaO173UE5ACH7Oz1YaXJ1XYCfSvZccsqsy22kJldTCg38e0UFm8/6VAsLO 4iFY+nuddwhGqRLlaiB2o0onoq1UEXjuuOKYELW1DS7gu0G0HjFAIXnNcZyBID9jBTwv ySSBXter2EU4SGrcZQovWbLRXnnp5qo2QzW5cJvAizyM0vfRbENaPN4zEuHv9xtV+l+H yDwPWMD8JOgmEA/ZCU0/RY5Uc7dqh6LIOv+LwVgrFS6FaO/nhh7+qjd/yxoNrnH4M47l QxFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736344652; x=1736949452; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=t5B1ydPn1hV3ArUDgLdqy3/MqqbLWzy4ewiJvBc3c68=; b=eTGtCGvrLd0lSGOXQ2Syz/f0ZvdQnhnbNdE0S2ZOq+99ytPfPHXZX+VJ90LY60H/J8 K5uQQLl6oOSmpWsNPhxbKTHY7+mYavI4pt0I47vG+V+FndK5w0SQ5AEQPmCXuC2F8BGv 16mAxACRbDrySQf+nafLHLITBG/yMDg63Qv7X9t+CY9LmoywIMdOE09cg0SEVXRTcmiR r924L2AtbYpTn2jdR74EPC2hxnfLjXhnFOVLykj0cR8n6nB//bq/QyBcrbPuxDiSodND lQYk1aQOwRH74yBd3J3EhD2et/Az9PAhy7i5vg9qzkdhQLgUldsY8nK927DKPmFfx7n1 TziQ== X-Forwarded-Encrypted: i=1; AJvYcCWzhTcvK9XIo/86i6s2fVll95UIthmR9VBMVD6827y6Er12y3ChfxSZJURDHtrmBNbCNDrNvMrrRQ==@kvack.org X-Gm-Message-State: AOJu0YxctC/KSlcWneXORKrbro2qEdNNa70NisacmPaIk6bK8dSJgX9K aiBLqL2HmcOvx5El7Ix5PPzDFdyBAoynKVVH3plvj5jHpD4Au+gY5lnx2q3Pn+KpzjBxF32jlE7 POyQsFnANrCmehjtT5UAXxU7ys/WBh+fbQcJW X-Gm-Gg: ASbGncvYxW0zWs31pxGZvbuYWr6Wt+9TbJ8vGfBRM6w7YLl0vGa1OT8+mHdEcGXsWjr unAESTMZrRHngtPQ3abvkt5gIn2XEnPLw43pRu9Bq8EMJW1WfxgVW0PbRkcMbDbcPKwNl X-Google-Smtp-Source: AGHT+IEbxWyWurE8CBh3IUVDWpET7t97VubFNt7QnZxqoAd00egoZstT/6eGB5ZCUYPhA9IrcxcejzbYE8OgtZydtHA= X-Received: by 2002:a05:6000:1566:b0:385:faf5:eba6 with SMTP id ffacd0b85a97d-38a872d0036mr2333764f8f.1.1736344652169; Wed, 08 Jan 2025 05:57:32 -0800 (PST) MIME-Version: 1.0 References: <20250102233255.1180524-1-isaacmanjarres@google.com> <20250102233255.1180524-2-isaacmanjarres@google.com> In-Reply-To: From: Alice Ryhl Date: Wed, 8 Jan 2025 14:57:20 +0100 X-Gm-Features: AbW1kvZK81B_6i49g17DQcxkAvGR13mzhcf-r8yMEkygG2O8r-hDv9HAwxfltY0 Message-ID: Subject: Re: [RFC PATCH RESEND v2 1/2] mm/memfd: Add support for F_SEAL_FUTURE_EXEC to memfd To: Jeff Xu Cc: Isaac Manjarres , Jann Horn , Kees Cook , lorenzo.stoakes@oracle.com, Jeff Layton , Chuck Lever , Alexander Aring , Andrew Morton , Shuah Khan , surenb@google.com, kaleshsingh@google.com, jstultz@google.com, jeffxu@google.com, kees@kernel.org, kernel-team@android.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Stat-Signature: w1kywo1ojfuut36iwy7zn6gzsa36jpah X-Rspam-User: X-Rspamd-Queue-Id: B9C48C000A X-Rspamd-Server: rspam08 X-HE-Tag: 1736344653-186051 X-HE-Meta: U2FsdGVkX19kniRjKqam8iIaSC9UKtJraCl8PeWCIgPOURWoZLzTV1GTqXY127UXsxDo/kFue5jeCS1M5gCq1UopWItR7dyUgoZ5ws300pw9IPi/B4krCU9mTRm2tGFMUEkrVcid1eAnvRraYwMs3dghtsltUhVd+Ma0iabepXx8p+YBCubViibInmF3YesqJm6DVLQn1DesXbmStYFFg7fUJB8CxUcv8P+FIaM8ucPSkL1mitM0auIscRka9rrDKW5G0JIzo9OVN2ylnwjv9mn/Mm3WEXGpf1IG8MeysOmkzhI6vt1sAkL3HQUQUJneULqXayqG+qkKN0u10c5Aj3/JfOz3PknripvkvpDONK/BeR4wMT+Q05QGW52qATrMDqvxJQYE8r+6O01mRbjMz84qvCHa21eCOlq7e2QKsm+ylACUN4Hqs6R3GxSmSP5FmxuAZdFG+dLE4YH7+HWQKgafYq23eQeE/Uq2mi1JzcGGMyNIMI4xl/W/EiCneyfSt6UMDVjL8CZCQbEO67Zl9qFA3W/HNkCdp+JXBkeHULmI2nkqU5DiiqDmfR385Hc+XuUt1VD5U38cg2UTOvX+BV90XmCM8vh7ipjmorfnXmpek22mmi6xGWaphJlRc4B/FyrUebdRk8hcHlxg/4tFToNjKdE1niLn9qClCRGE8qjZULki8ylKk5yfqvUfuLIjFXtFKu0Q2Dc27boj4nXvg7YbrCWTH9Ye8+h4zIGW8ifV1LovFtXU0miKAdsKO66VQTYNJqVqIl0Zng5QEEwpYxijgfoILrN0CWbJJoBUPS2ldH6eANh2ozRpLVyaoYBz2obsjL52Fmr1mmnCWuAMNIaU7PgmBBWYie/oWeu0TZs+JbB7ViHver8mFjeXivC71+NBwLGTuISb1Wv4zwZTkwaNlhPWdBJ9W0jmIlfE4YETWxcQOiARAcw0FwLL8SL3yZm+5ZKhUV5KQv1CCHA amaWojjP g1PuBIeOkSqQyZd4+rbWCW8/7798/SVhNr7LUvzxGk0vG5HMQfpLLIGAt6K4MDW8+KZKBCIz0VlupUrUSZaVo2zqlxLFQqfvKdEsFDbk0DG7KtVDDV8RpgOzqBKwZnQDIr3cTHqAZUcpIO2dGagf6eO+6gpGCN4dz+CBFuxPIVvEuR0A1CENSLGnYG+bodxpJ5QbE5Jn3JQ+rFLUIRfEFRWTjii5cysQaqfBECFmJj4JjrBMvKVtPTBt7AiJvNLYHQJQ8fXeOSzsazHphYhJm48Hb/RyK5P8b57li4CKpzubEZVeEMjP8Z3vwy5b6Y3zZ6XX/CYWypU3o39GAmOci0TQ20Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.119192, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Jan 7, 2025 at 6:21=E2=80=AFAM Jeff Xu wrote: > Do you know which code checks for VM_MAYEXEC flag in the mprotect code > path ? it isn't obvious to me, i.e. when I grep the VM_MAYEXEC inside > mm path, it only shows one place in mprotect and that doesn't do the > work. > > ~/mm/mm$ grep VM_MAYEXEC * > mmap.c: mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; > mmap.c: vm_flags &=3D ~VM_MAYEXEC; > mprotect.c: if (rier && (vma->vm_flags & VM_MAYEXEC)) > nommu.c: vm_flags |=3D VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; > nommu.c: vm_flags |=3D VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; The check happens here: /* newflags >> 4 shift VM_MAY% in place of VM_% */ if ((newflags & ~(newflags >> 4)) & VM_ACCESS_FLAGS) { error =3D -EACCES; break; } Alice