From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 22920C25B75 for ; Wed, 15 May 2024 04:15:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 92D6D6B0173; Wed, 15 May 2024 00:15:20 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8DC986B0179; Wed, 15 May 2024 00:15:20 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7A5A78D004F; Wed, 15 May 2024 00:15:20 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 5DB116B03C0 for ; Wed, 15 May 2024 00:15:20 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id D4711161358 for ; Wed, 15 May 2024 04:15:19 +0000 (UTC) X-FDA: 82119315558.11.73C787C Received: from mail-lf1-f54.google.com (mail-lf1-f54.google.com [209.85.167.54]) by imf02.hostedemail.com (Postfix) with ESMTP id C02E980013 for ; Wed, 15 May 2024 04:15:17 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=g842ZK1M; dmarc=none; spf=pass (imf02.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.54 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1715746518; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=r4cKs65r0Vn5NjWdK37SwLqUt+S38IkvifOxEI5Gn60=; b=nDiySyAleaUuitXB6kZRHvkS2y/gYNiDTRVocmaB7c/uLpalgURtyapC9Eio76jR/LYoEp tWyTyLAtWzwQ38Eg0R91UxMDl2VYeIItDBX8XuJ54SYvu1jT1QYKPW+w9msaLrIWlHDsDu 8PXFvUTsiHmVCxRx6/WjlOTMUqi6r0U= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1715746518; a=rsa-sha256; cv=none; b=Zv6fW5+9Gx3RkIJzK+XAQzQ72ZtzA3Er6ZiL5JG6z/BIeRDtktuT0ZgIp77/mU5toiXCEp MTTe5SZpvN5E5m50w0IT/o5a3ie80Sd2Y6VywhY8R0hX+WnUdGkYVHkHaytBpVKmTPliXw q9KOxGUNDnjoEpyAOKt7Fi04iosYJMk= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=g842ZK1M; dmarc=none; spf=pass (imf02.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.54 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org Received: by mail-lf1-f54.google.com with SMTP id 2adb3069b0e04-51f45104ef0so6970266e87.3 for ; Tue, 14 May 2024 21:15:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1715746516; x=1716351316; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=r4cKs65r0Vn5NjWdK37SwLqUt+S38IkvifOxEI5Gn60=; b=g842ZK1Mjt4SR3aBlTXhkVEGMkGSy8j8YpoMzptNALbg/6o+ZJ3XaKh1NftQxEDsEO rrdNyL8o1+iATEj1bfeM/l9Mn5bbiHu0OmvMpbENaS8D8swM/dexgnPBookeoUMI92od KSDz3YL+HCnP57yV1/NAUz1lp9donhdCi0UWk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715746516; x=1716351316; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=r4cKs65r0Vn5NjWdK37SwLqUt+S38IkvifOxEI5Gn60=; b=nEhWPz2zCNcOU6797yM+XXPSDpqQLWZIm9istOgQctSDINaousFf611FqDO4+Kh5xJ rIds0GPY6L+nXOgPONovyFQ5GS3ge7dPt/kWLqYvKrVu5cbYHRNB8C8IN73gISPz/Vjj +ati13pHmuZr04nWPQC06ELxnTK6DFy8/+I2UfPcUdY50PsHPQpEIhntHHq7OmlrHZP5 QJQtj/jukUFs0E/N+UjW7MK1cK/r7RyktrtAMFzzzh+t3adBilGc7Jc5ebIVQRuWgL7k v6rd6w9EMkBb0acDKn/LsF3bM2hRZ1Gx9ZY3VrTIXwitHi6vaf0mswlN/svMrby3ChIj ty9Q== X-Forwarded-Encrypted: i=1; AJvYcCXanyhU4S1ZernL0AVC65gby5eVGgpT1BsQAy479msaXY7EkgbmqNs6UZZGuycftEui3PXEJSOaXTQa0ybxaGpnNJc= X-Gm-Message-State: AOJu0YxJ9RfMVphIBpWM21w7yI6IwmL6G6aXkw4uiECid/Tv5nmyRzt5 QhF/7zWmlI/DC1qtrkt3041ivpJiIc9eDiN08tpfCXqZatlRZDavrA6bV2AiUuC87oghKABkeMR hHJJhUg== X-Google-Smtp-Source: AGHT+IGRFcAXFcIOoaFalOsIp4NnqTdJ0IbmUbFNkIqH+nppimMbKYohJFAOaP6wINI9rBUMVRX2Yw== X-Received: by 2002:a19:5206:0:b0:51b:6296:8d1a with SMTP id 2adb3069b0e04-5220fb773e4mr8422649e87.29.1715746515777; Tue, 14 May 2024 21:15:15 -0700 (PDT) Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com. [209.85.208.53]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a5a1781d532sm812680966b.18.2024.05.14.21.15.15 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 14 May 2024 21:15:15 -0700 (PDT) Received: by mail-ed1-f53.google.com with SMTP id 4fb4d7f45d1cf-574d1a1c36aso1100552a12.3 for ; Tue, 14 May 2024 21:15:15 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCX0NTKL0BYxB6oby4KKsHvFjQjl7OeLm201ZP6dPgF4CrhVRF8CNKG9oDdeuH+MsZNL7OpYJhNTzA8yhtXYiN8vY/U= X-Received: by 2002:a17:906:dac3:b0:a59:b6a8:4d74 with SMTP id a640c23a62f3a-a5a2d3bebeemr1157374666b.0.1715746493951; Tue, 14 May 2024 21:14:53 -0700 (PDT) MIME-Version: 1.0 References: <20240415163527.626541-1-jeffxu@chromium.org> <20240514104646.e6af4292f19b834777ec1e32@linux-foundation.org> <871q646rea.fsf@meer.lwn.net> <56001.1715726927@cvs.openbsd.org> <20240514160150.3ed0fda8af5cbd2f17c625e6@linux-foundation.org> <92453.1715730450@cvs.openbsd.org> <20240515025811.GA1232@1wt.eu> In-Reply-To: From: Linus Torvalds Date: Tue, 14 May 2024 21:14:37 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v10 0/5] Introduce mseal To: Willy Tarreau Cc: Theo de Raadt , Andrew Morton , Matthew Wilcox , Jonathan Corbet , jeffxu@chromium.org, keescook@chromium.org, jannh@google.com, sroettger@google.com, gregkh@linuxfoundation.org, usama.anjum@collabora.com, Liam.Howlett@oracle.com, surenb@google.com, merimus@google.com, rdunlap@infradead.org, jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, dave.hansen@intel.com, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Stat-Signature: b4ufysi8popro4xk3c8xcijh515bup4m X-Rspamd-Queue-Id: C02E980013 X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1715746517-233321 X-HE-Meta: U2FsdGVkX19R47pAcljFiPFpawJOqu3FqFGvFWFouhI9E4qJuwsMH2BD/6vOht22uOC4kARo2p0BGHnupWRpjdUQNqrLv5TyutNgK8tEkkoD77D8JvRgMlYRQcs6fRh7p8L+wRmOmrkPZuykiRDQUDQHtqatmsHYEsDI4J4uujd9P4LyhrgsLVG2DjK+EOx/tkJvcY+vOOUD3BblQoFYAjtrpKCaXR3aDKb6aLWHtkp7oeVqr8KSkWwrQ/pllTpk8QdEeV/IpEtcgWhrPFuz4ckaGt42blBWca9BxaL42GBnuQ43C6bf7LbSm/XfNfpVs90cDAx6PB7ae0U9OlAN8sfQ4WGtDy2BTJnOceigX832ckUDzCqevvyan+DFMO7cqBvPESvfw/C45dD1+uNuLYYXUYAMwsM049vgoXNo5WtV7xZApio3hHU2i/3fbMeiaN+k9h0wN5gBC04OIcNTVb7kYnlHK8lCK3VrTmTTnW5UtF0v0JD/xeg62z1dNsN12sNc5h6SqLHNReZBcKGIaCt4R5kfReGV6U1ouq3M3LwYwo3xhsDiYQNds8UVOulZxS5VXDPG28/q35L6OC16wBNPWjM3VUxRbmhghDIhpGM7g8dadl+tqJPNk9O4BLGotTKL/kOkQMUHeZ1yiBHrzvOjBVTwS3u9BpIaZoLiHlDsBioWJJwMhSxOd2jBDnHizofzWTnnNT7NQJ0I3847d2Uy63S5b3Yc1+cb0ycYTzhp2Ml6NUBFSuDgO6iMo6YvIMgxpR2W8sR7Ee1kBvKxm9QAFr7kGnH7u974KaQrbMrvF8W1+B16/2B4o6aGBDjuopzJjtUSwmYsQPC2he8Fp0KJ2cw+/QxiwHoU5TVFa/5NjjhgRZ28LOsBsNso9s4+UV137hO6tdHvWaTfmOKT0EMXeeWGkDjmqfu+T4+BtEk6RdntnuzTnRUaF//i6i/zm5zAFNoD6Ez8nzQjtqC X6uLMijF 52aMXVIwq8nYRF8xVmHY0aLfn1wn+zN3TTZbgisFPW6o3F0bIwKz+VC4sPvT98la6c9rdNxZQvjPyjsSlIzWGcF3pauetC9wPoTDvZcr/0N5/pm4H6iN4dUMIEt0rPakuD6Bchs9Jch9HZinpKKY2i1uvOdh6jm4IfJ+wnGGGZMuMcd1GncsqJwgY7qLuZ/jpFFbhW084sO/QndrhofnCHrFxEXNVZSYaIJgdh8dTWJcAkYy25HtEbjZ92RF8VT3WSQcVCvpVE073PjFIecWe6sG2i1Whg2u8N1K61tNpl2DhT/cNB9i5lQISJ1lkDRuk+YCtSHPKL9lyvhgOIOXzcN1HpPJvtsHLXRPvdCVdoV7ZWOWOxa3SAXMDehQ/4CvHpSQa49wvYPueOsHOOB7KnPp1UAqRmYCS7tQxX33D4WS0U0fgX9eRV/287Eq9Y2YCMKHP0VZHBpWgm7XGUetiO4wExACVP9XLazam5P56RNmCKqkk72DRLQfitDuZvilCbwQ3lYvEKzDcUZenJDPxfaS0DmZx1msDzqpF4XCoIwsMoqHXQll4zJQ/yQFHJ+T0No6gcKGza/Qd5yjhFf9vbDRXGTrdmXA+rKxrcWNhZ27I8TbpXtcnTYvUViCZFNRd22BfnHN5PKKseZnqHoEtbjzkwpu3dFZo0OYcMERKa2VaRSGfKRwB0rAQOcMH4xHUQsVWnowaJp+T12WtXg8azlPLgA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 14 May 2024 at 20:36, Linus Torvalds wrote: > > Guys, if you let untrusted code execute random system calls, the whole > "look, now unmap() acts oddly" IS THE LEAST OF YOUR ISSUES. Side note: it doesn't even help to make things "atomic". munmap() acts oddly whether it fals completely or whether it fails partially, and if the user doesn't check the result, neither case is great. If you want to have some "hardened mseal()", you make any attempt to change a mseal'ed memory area be a fatal error. The whole "atomic or not" is a complete red herring. I'd certainly be ok with that. If the point of mseal is "you can't change this mapping", then anybody who tries to change it is obviously untrustworthy, and killing the whole thing sounds perfectly sane to me. Maybe that's a first valid use-case for the flags argument. Linus