From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=kFMd=NF=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C7A27C4338F
	for <linux-mm@archiver.kernel.org>; Sat, 14 Aug 2021 00:32:19 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 56724610F7
	for <linux-mm@archiver.kernel.org>; Sat, 14 Aug 2021 00:32:19 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 56724610F7
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id 9177B6B006C; Fri, 13 Aug 2021 20:32:18 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 8A0158D0001; Fri, 13 Aug 2021 20:32:18 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 740B46B0072; Fri, 13 Aug 2021 20:32:18 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0167.hostedemail.com [216.40.44.167])
	by kanga.kvack.org (Postfix) with ESMTP id 566616B006C
	for <linux-mm@kvack.org>; Fri, 13 Aug 2021 20:32:18 -0400 (EDT)
Received: from smtpin26.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id 0517B1F355
	for <linux-mm@kvack.org>; Sat, 14 Aug 2021 00:32:18 +0000 (UTC)
X-FDA: 78471809556.26.AF8F92D
Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53])
	by imf17.hostedemail.com (Postfix) with ESMTP id BC529F000796
	for <linux-mm@kvack.org>; Sat, 14 Aug 2021 00:32:17 +0000 (UTC)
Received: by mail-lf1-f53.google.com with SMTP id n17so22995370lft.13
        for <linux-mm@kvack.org>; Fri, 13 Aug 2021 17:32:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=IjaD5q8QKwN+jVDLQ1RW7mDtRCj+6oZDCsHq9KfG01Y=;
        b=YpOsIIGWVbrxvz1V+JMlOsSqwlXM3DAd2BzbAfkLqR4kAf3OBmXelOKWLmXLhmfuGJ
         GCgWpJKZXGVCvc3L1o2SMTScR6NM9a1dV9DxbX2yx8cNWio3lx9uqdF+TNZfvO08YgDr
         +4aalKdiJdLNJEYdvsumzmmrrfihiRB2cpXmE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=IjaD5q8QKwN+jVDLQ1RW7mDtRCj+6oZDCsHq9KfG01Y=;
        b=S3ctze0MXwSQzbEiDFBWQeLNvOkXIYWUYesWQh3Opbbqt5sofmWd9aqZOUhVINFDYI
         oIY/qXE5/To1QVbkL05bVc4Y5iZE+0lQMvqsu17tM0RHcMEeQRN87m8/gYD0NyOJhRfw
         kuv1LKbh00TAsAqlPG7dgSWTMn8JwxMk74KcGOrGeZUmFLzNN0Ibxrc5MZqTjaPDyuoX
         02c8xtZMRfl/kxP4nwhiQ12IoVPXHPdI7RHjmd4t3qvrbBwqddnVpCIFZRw7KOLkrX1D
         MwSf2U10AmEOyHYexY4fMVYu89T2vRc3m96JnWkQoaIl50tfFz/nENJlPyZRAkjnt8ed
         AzvA==
X-Gm-Message-State: AOAM531yRk/X5M2siQMI2CCpaRSA0m1ln5xaOo8bBzD1wlqlvdIB9QG9
	quewF0yDDag4cKqENjG6N8cuLwa9+O6CTE6DZBY=
X-Google-Smtp-Source: ABdhPJxE79ABRRYKzfanU+dLaaTV2MDpWOJkUCYdqBiXzjqA4M0oix0oRA7Itvwr3zNxTN/37+D5kg==
X-Received: by 2002:ac2:5192:: with SMTP id u18mr3430606lfi.527.1628901135809;
        Fri, 13 Aug 2021 17:32:15 -0700 (PDT)
Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com. [209.85.208.179])
        by smtp.gmail.com with ESMTPSA id g5sm316760ljn.78.2021.08.13.17.32.14
        for <linux-mm@kvack.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 13 Aug 2021 17:32:15 -0700 (PDT)
Received: by mail-lj1-f179.google.com with SMTP id n6so18088151ljp.9
        for <linux-mm@kvack.org>; Fri, 13 Aug 2021 17:32:14 -0700 (PDT)
X-Received: by 2002:a05:6512:1290:: with SMTP id u16mr3294932lfs.487.1628901124175;
 Fri, 13 Aug 2021 17:32:04 -0700 (PDT)
MIME-Version: 1.0
References: <20210812084348.6521-1-david@redhat.com> <87o8a2d0wf.fsf@disp2133>
 <60db2e61-6b00-44fa-b718-e4361fcc238c@www.fastmail.com> <87lf56bllc.fsf@disp2133>
 <CAHk-=wgru1UAm3kAKSOdnbewPXQMOxYkq9PnAsRadAC6pXCCMQ@mail.gmail.com>
 <87eeay8pqx.fsf@disp2133> <5b0d7c1e73ca43ef9ce6665fec6c4d7e@AcuMS.aculab.com> <87h7ft2j68.fsf@disp2133>
In-Reply-To: <87h7ft2j68.fsf@disp2133>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Fri, 13 Aug 2021 14:31:46 -1000
X-Gmail-Original-Message-ID: <CAHk-=whmXTiGUzVrTP=mOPQrg-XOi3R-45hC4dQOqW4JmZdFUQ@mail.gmail.com>
Message-ID: <CAHk-=whmXTiGUzVrTP=mOPQrg-XOi3R-45hC4dQOqW4JmZdFUQ@mail.gmail.com>
Subject: Re: [PATCH v1 0/7] Remove in-tree usage of MAP_DENYWRITE
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: David Laight <David.Laight@aculab.com>, Andy Lutomirski <luto@kernel.org>, 
	David Hildenbrand <david@redhat.com>, Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, 
	Andrew Morton <akpm@linux-foundation.org>, Thomas Gleixner <tglx@linutronix.de>, 
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, "H. Peter Anvin" <hpa@zytor.com>, 
	Al Viro <viro@zeniv.linux.org.uk>, Alexey Dobriyan <adobriyan@gmail.com>, 
	Steven Rostedt <rostedt@goodmis.org>, "Peter Zijlstra (Intel)" <peterz@infradead.org>, 
	Arnaldo Carvalho de Melo <acme@kernel.org>, Mark Rutland <mark.rutland@arm.com>, 
	Alexander Shishkin <alexander.shishkin@linux.intel.com>, Jiri Olsa <jolsa@redhat.com>, 
	Namhyung Kim <namhyung@kernel.org>, Petr Mladek <pmladek@suse.com>, 
	Sergey Senozhatsky <sergey.senozhatsky@gmail.com>, 
	Andy Shevchenko <andriy.shevchenko@linux.intel.com>, 
	Rasmus Villemoes <linux@rasmusvillemoes.dk>, Kees Cook <keescook@chromium.org>, 
	Greg Ungerer <gerg@linux-m68k.org>, Geert Uytterhoeven <geert@linux-m68k.org>, 
	Mike Rapoport <rppt@kernel.org>, Vlastimil Babka <vbabka@suse.cz>, 
	Vincenzo Frascino <vincenzo.frascino@arm.com>, Chinwen Chang <chinwen.chang@mediatek.com>, 
	Michel Lespinasse <walken@google.com>, Catalin Marinas <catalin.marinas@arm.com>, 
	"Matthew Wilcox (Oracle)" <willy@infradead.org>, Huang Ying <ying.huang@intel.com>, Jann Horn <jannh@google.com>, 
	Feng Tang <feng.tang@intel.com>, Kevin Brodsky <Kevin.Brodsky@arm.com>, 
	Michael Ellerman <mpe@ellerman.id.au>, Shawn Anastasio <shawn@anastas.io>, 
	Steven Price <steven.price@arm.com>, Nicholas Piggin <npiggin@gmail.com>, 
	Christian Brauner <christian.brauner@ubuntu.com>, Jens Axboe <axboe@kernel.dk>, 
	Gabriel Krisman Bertazi <krisman@collabora.com>, Peter Xu <peterx@redhat.com>, 
	Suren Baghdasaryan <surenb@google.com>, Shakeel Butt <shakeelb@google.com>, Marco Elver <elver@google.com>, 
	Daniel Jordan <daniel.m.jordan@oracle.com>, Nicolas Viennot <Nicolas.Viennot@twosigma.com>, 
	Thomas Cedeno <thomascedeno@google.com>, Collin Fijalkovich <cfijalkovich@google.com>, 
	Michal Hocko <mhocko@suse.com>, Miklos Szeredi <miklos@szeredi.hu>, 
	Chengguang Xu <cgxu519@mykernel.net>, 
	=?UTF-8?Q?Christian_K=C3=B6nig?= <ckoenig.leichtzumerken@gmail.com>, 
	"linux-unionfs@vger.kernel.org" <linux-unionfs@vger.kernel.org>, Linux API <linux-api@vger.kernel.org>, 
	"the arch/x86 maintainers" <x86@kernel.org>, 
	"<linux-fsdevel@vger.kernel.org>" <linux-fsdevel@vger.kernel.org>, Linux-MM <linux-mm@kvack.org>, 
	Florian Weimer <fweimer@redhat.com>, "Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: BC529F000796
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=google header.b=YpOsIIGW;
	dmarc=none;
	spf=pass (imf17.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.53 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org
X-Rspamd-Server: rspam04
X-Stat-Signature: 47ricq13c8ewdihnpdobkxfd4uyrqmst
X-HE-Tag: 1628901137-777999
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Aug 13, 2021 at 10:18 AM Eric W. Biederman
<ebiederm@xmission.com> wrote:
>
> Florian Weimer, would it be possible to get glibc's ld.so implementation to use
> MAP_SHARED?  Just so people reading the code know what to expect of the
> kernel?  As far as I can tell there is not a practical difference
> between a read-only MAP_PRIVATE and a read-only MAP_SHARED.

There's a huge difference.

For one, you actually don't necessarily want read-only. Doing COW on
library images is quite common for things like relocation etc (you'd
_hope_ everything is PC-relative, but no)

So no. Never EVER use MAP_SHARED unless you literally expect to have
two different mappings that need to be kept in sync and one writes the
other.

I'll just repeat: stop arguing about this case. If somebody writes to
a busy library, THAT IS A FUNDAMENTAL BUG, and nobody sane should care
at all about it apart from the "you get what you deserve".

What's next? Do you think glibc should also map every byte in the user
address space so that user programs don't get SIGSEGV when they have
wild pointers?

Again - that's a user BUG and trying to "work around" a wild pointer
is a worse fix than the problem it tries to fix.

The exact same thing is true for shared library (or executable)
mappings. Trying to work around people writing to them is *worse* than
the bug of doing so.

Stop this completely inane discussion already.

                  Linus