From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BF22CDB474 for ; Tue, 17 Oct 2023 17:22:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D9F3B8004B; Tue, 17 Oct 2023 13:22:38 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D4FFE80045; Tue, 17 Oct 2023 13:22:38 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C17C48004B; Tue, 17 Oct 2023 13:22:38 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id B170380045 for ; Tue, 17 Oct 2023 13:22:38 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 8A45580E22 for ; Tue, 17 Oct 2023 17:22:38 +0000 (UTC) X-FDA: 81355622796.10.C4CFA6E Received: from mail-lf1-f45.google.com (mail-lf1-f45.google.com [209.85.167.45]) by imf06.hostedemail.com (Postfix) with ESMTP id 7FA7A18000B for ; Tue, 17 Oct 2023 17:22:36 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=OmKBJJbK; spf=pass (imf06.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.45 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697563356; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pYYZG7yAyFfJYvTA6jWgYrv4Zal/uQTaztc6Ctmxivo=; b=dgwf4CBjCh49nrk9VymsjOhelkZCpGesrSOcxv6gBfd79cXn4XkDeovrfyFiEzHRSwFesb CioHPGL3NXpa8IvIdhraIYynLWh4KMMqJ525XYgPsn8uk29T297h0sfrKInz9nFBqgfTtl Wx0gAByhtgnIwgzlcuGn93/CmUNWbwM= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=OmKBJJbK; spf=pass (imf06.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.45 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697563356; a=rsa-sha256; cv=none; b=ZKSmZrgrGa20s0WhKFmaE/mLp6Td1aom+1WvnZuqJb9NpNRaTHl1G2oKG8q/dy3EiYCkqm aVP441LucRJMDLjtilcK27d+TDUxi5UgAOrc9XHJYs2rj6laxmv12OPjZ2vj/2Jqh16Uz9 U2CCYVRxELe1H96vf+HYq6n4rEyOGDo= Received: by mail-lf1-f45.google.com with SMTP id 2adb3069b0e04-5041d6d8b10so7859226e87.2 for ; Tue, 17 Oct 2023 10:22:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1697563354; x=1698168154; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pYYZG7yAyFfJYvTA6jWgYrv4Zal/uQTaztc6Ctmxivo=; b=OmKBJJbKm7tzQHCP9qIpQKB1GkypFVzub1BU9tujs9/ErtpGxgblQl1Wg4NegHPOfx 7yATFlj3UXCKU1HRYJvQbWHja6McEqttazmjMRG9YLS66tnQ1SNYlDZKb5mplsKHNUAo 7B4X/sSTjvqvuu1pr3YpY7TX4hpOEVkMESDt0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697563354; x=1698168154; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pYYZG7yAyFfJYvTA6jWgYrv4Zal/uQTaztc6Ctmxivo=; b=W7JYLKVx0iDegCoiLQiAEbTU8AgmW3GvK8j5JUoliQYJM8qT1s/w9/mF0/o8FXgExO kzCs/Ajiz3a27WujlBKx8KtnnlRDAKsoiHfLsRVJOpHDbFZeSyVpiWu/nzD8XVfd/b5s 97cims8j4LyU9nKkcvJKDbWT6AemdY/rdJbrvEeZKQw9xsLanLuS1bRvEr5FoxvCjlRy B6W8IlF1Hmgd1ZoipdIdPm4zWjibDYq7hhXepQg2EFLqmAvnGbiacSPtvhS6iWIc/LXt 8Z8erujWzLrkKhraykV/taVe6wv8/uMnMlgRme5je/Hlgnsqa1d6TSHOP3lGyaUSaJyC BWkA== X-Gm-Message-State: AOJu0Yzj8oangBZiEEAo7wJe7gBCuA7R06u52sFu/nDH6NPX7mDqol3N 6GM7Og7N6Lx9S5nzFfZwNQrRmkZyiAO62LA2CymFLUVv X-Google-Smtp-Source: AGHT+IHsoXCMEUEKaJXT5md4TGGVBZ14xz1v38Bq8R/JM+qF/NGlb6UGNZim+J8kbKX8bZTc7f96/g== X-Received: by 2002:ac2:43d0:0:b0:507:96e7:c08d with SMTP id u16-20020ac243d0000000b0050796e7c08dmr2196518lfl.61.1697563354396; Tue, 17 Oct 2023 10:22:34 -0700 (PDT) Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com. [209.85.218.51]) by smtp.gmail.com with ESMTPSA id bq14-20020a056402214e00b00537963f692esm1536669edb.0.2023.10.17.10.22.33 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Oct 2023 10:22:33 -0700 (PDT) Received: by mail-ej1-f51.google.com with SMTP id a640c23a62f3a-99c3c8adb27so937788366b.1 for ; Tue, 17 Oct 2023 10:22:33 -0700 (PDT) X-Received: by 2002:a17:907:c08:b0:9bd:e017:370e with SMTP id ga8-20020a1709070c0800b009bde017370emr2539597ejc.54.1697563353335; Tue, 17 Oct 2023 10:22:33 -0700 (PDT) MIME-Version: 1.0 References: <20231016143828.647848-1-jeffxu@chromium.org> In-Reply-To: From: Linus Torvalds Date: Tue, 17 Oct 2023 10:22:16 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v1 0/8] Introduce mseal() syscall To: Jeff Xu Cc: jeffxu@chromium.org, akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 7FA7A18000B X-Rspam-User: X-Stat-Signature: 9w734rxm9bsyh8ntngg7syczfctjnzsi X-Rspamd-Server: rspam01 X-HE-Tag: 1697563356-452354 X-HE-Meta: U2FsdGVkX1+2FLS372/zl5gaSorQ85fD7NkoMvhbesxzAb4aFGqh5leRevv62tMuIPnNnC9R25e4pWA0/rqcPRE8/Ur/7PS/uKU3BVE0XObTcfnfI3Tln7lrUvOQUPb1wTDMjUtW8bNMbdVDE2ZzZ84zqr1WYP1yTr6lkdA2VBSUyKuerR5bqdaAnVXvRPAPOuFy0HPlCgwdWbcZf6BNCcfpUsKUQj+Do9lH0bjFPaTg7SdZ+TCYCkhQbCtfgCxPJoRRgTAlT1zXUVVqAqgATjUVxNXBXusBdAOYXqV4mrZDzDazah3fJVl/uLSr5FsjHm1tVTdYXiSStPvDGUWs80gA9vfx3zJ+mp47tfiArVhIcKbxdwl/ez7ZTj6qXxEFvkHmi9/RD4GH3oIMV6rk/6RIz7X3jDvKMmJY1yQVgn0AOWMM6fDyRYTNDoYTf2UmrvCf4z6fo4xZZqz4EC/uvqTvCtnKpOFqtgyw4wrIkm4D+8BqmHozTEpLvEfg9v8Qw2Lb/Q9bmsHPy+M+ME+k3AJeY6GykZEmmgrUw3HUDUAirf6OBRI9DyTQE0HMIHmWCYNzA1rx95zYMDhqDkABD8bV1KDPF6QT7MruqxidRfsn4Ge+gLr1m7rToxkeyR9XdBuQVkcWXW8g5RODv7BrEZt+Mu0lr3k5YeKkUIX1EAvBVT6wpfhxBO3MZSQreWc2WbZDqvU5a2xlrmHyKkgCK4HA/tzWEU5LsBBV0tKje/DGn8T6Mhe3nd6Afz8IWZFyIZnWTzsodEkC/mQDAz7yi0CJ4m4roHqJo33iimSPVhaE2kw93i7r+xijFccaXVz4/Shs8MPitWQ6lzACTlf2n9KKR57hAQrN56urIqh65QwPKcdwee5EYAe4mMyJprtfwA82SdoojT0fzhs5zlSrWaraFx06h7N7lDJUdME4h3fafq3mdl5c4C7rO8JgQbS4AV77+VyPGveXB7UxJyz LXJ3DCrH agdX5ONMoDUkeMMp9ZNs6Bw1ka121Nap1kpq1vELhlAKneUFgly2TGAhtaZ3ZeVf2KrUrQPSA54BWgOIZW2fxksMAZXOE5zgNRFtSvHKDRbvk7My2tT/bF7UMBihKeAgdHLD+Syx+hw8U3RxdcsTJD09lGmGDVSaE4RJ821IjfXD/a8kLdu0K7WDv+dxeQS7IZCcTB1h4nQgmNQI/zZn/DUcjbm+YEIHrU5pBscElMX5O8h8R7hDP+If29Z/SYCgkNCDSj2/dpTBn7iFLnviRsS70xlxiHhgMgoRtQ+/h0BwVA0qnlP+tGSQZffSkUf8dhA/F+mMq3ybGEIX4sKbSxTIpDJurYwkqEZhIibxA58vIDA7q4N1u+yQdrkLq6r+VEGeClFRM9Bi0kn5Rb8kGZVIcGSM2qoDnybFmdOByxxzJgH96f2oMSfvkhK4Q+QZpSBkup8+M96WfsAuT00Oy/MImuvAXWbDS4hEsCTTTRJvfcvH8SnVBpDerE0xCPLY4rsamaWfpEoF3nlY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, 17 Oct 2023 at 02:08, Jeff Xu wrote: > > It is probably worth noting that I choose to check one and only > one sealing type per syscall. i.e. munmap(2) checks > MM_SEAL_MUNMAP only. Yeah, this is wrong. It's wrong exactly because other system calls will unmap things too. Using mmap() to over-map something will unmap the old one. Same goes for mremap() to move over an existing mapping. So the whole "do things by the name of the system call" is not workable. All that matters is what the system calls *do*, not what their name is. And mmap() will fundamentally munmap() as part of the action. This is why I absolutely hated the old "ON_BEHALF_OF_xyz" flag, and why I still absolutely hate the "randomly pass different sealing flags fto do_munmap()". You should *not* be passing any flags at all to do_munmap(). Because *regardless* of who calls it, and regardless of which system call started the action, do_munmap() unmaps a virtual memory area. See what I'm saying? Linus