From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F952C04FFE for ; Wed, 15 May 2024 02:29:17 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AFF6E6B02C9; Tue, 14 May 2024 22:29:16 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AAF4E6B02CA; Tue, 14 May 2024 22:29:16 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 950056B02CB; Tue, 14 May 2024 22:29:16 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 77D416B02C9 for ; Tue, 14 May 2024 22:29:16 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id ED8E21C19A5 for ; Wed, 15 May 2024 02:29:15 +0000 (UTC) X-FDA: 82119048270.07.26055FE Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com [209.85.167.48]) by imf22.hostedemail.com (Postfix) with ESMTP id D9DE3C0003 for ; Wed, 15 May 2024 02:29:13 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=PmSWQaJQ; spf=pass (imf22.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.48 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1715740154; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=HhWK/QjBhcq/4T9972QoRB3M6/JeMKBp9jipg24+Woc=; b=OuiqW8ZiALOryOmkYgFfClj2cyUJ7eiRuKbRknXGHVKMulBaI0DzRFWObc1iOf7UwUsyY0 6y+ujDZhOMFNZaoLTBZOjEvHB8yjksdx1EAJvE4UMDM1SUElEjvcKRBC0tXJrTJf40rQGz ISzyQRFJtZ24O6tykryrTw32STwWSck= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=PmSWQaJQ; spf=pass (imf22.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.167.48 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1715740154; a=rsa-sha256; cv=none; b=Q00nfLiSQs7nfTxvp6rtj8atjvShbgeNb94ny6GhjSa6EUQ/29AfCS0EDgmjT9d3x04iTo 1m+CHS5Ku2YyL1jtL4kbQS3VOQKtuncoQNYMzdUc/Y6m6NA8gEWyC2FcZYWEPx5aLpLNe8 T44bZ31z+wSlOlaS0QpJ6iwtMbR3Gs4= Received: by mail-lf1-f48.google.com with SMTP id 2adb3069b0e04-51f12ccff5eso8678507e87.1 for ; Tue, 14 May 2024 19:29:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1715740152; x=1716344952; darn=kvack.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=HhWK/QjBhcq/4T9972QoRB3M6/JeMKBp9jipg24+Woc=; b=PmSWQaJQCYfUvXbp4tEZqICFkFUHyQCbJLMd1PCHFZ7CI3ugbKXf8gEAKgrUQSSuY0 n0vmsHBuUsEISpWa7OWOfq0mGEX74h769mk7qspYfKXTgMsqr/ydzX9Q6z10qOqWfkYr +IDBgPBWWhxCFzkFyRZG9dtqObGvk0AV/6hTo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715740152; x=1716344952; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=HhWK/QjBhcq/4T9972QoRB3M6/JeMKBp9jipg24+Woc=; b=ltvFMp7lpmDXQrT7I05YLm25mtj5u6KbXJRwR+WFzmoQ+k+u44sXfI4A52+0shsGXp OeF5sXQ35YAoHwASCcvjdTlI+L8YZ0vEBoxA2EgrJItxF3nrqSPJpm703BDiQNeA0T9p lw9tWDVOBS1oXCK1hcjns+j00WJ+TivXc7lOpV2TDDSTfWIQanlCJf0Ksslyqdrj/Fz2 2p8QR8jFq4Qc/5gkZycM/p6EFWLT/vw95iuRSGYWLjeRi9fVn8CtTrDFJlItJ7On+GJE 908OhYQbAXjwoPXKCai8sFwvMTQCt/GupVryWgyokE5lUMQoLzgtROCQUF9GMKo7Hij4 ieCA== X-Forwarded-Encrypted: i=1; AJvYcCXL//U8iB3IoO2wf8XOWRPvilnQoULVlNiHw0u9ElFy/HkB9i6W7ARZncAP9Cy/DDcLdfIOKRSWB2vPZWvnXoume3Q= X-Gm-Message-State: AOJu0Yy2JlubHtlhVErhZ/z/2VaH1MzyMY5pWDEV/xnPvIMcDk+Cnm2T 3+VI3+cXRv4ZogXfxFPQagODEmqBnyouyfUQCx9QA5Q3qyOUl3R3a4snh+WxHSamWEadmItDlIg v232W2Q== X-Google-Smtp-Source: AGHT+IGbH7ojIDC2+UEyU3Gxi33iUJkPi++KzzlFQJNxR0UQ+RTgV53Uwt6DBOM+boQ5jAc2EdkNzA== X-Received: by 2002:ac2:4883:0:b0:523:899f:c63d with SMTP id 2adb3069b0e04-523899fc757mr839095e87.47.1715740151983; Tue, 14 May 2024 19:29:11 -0700 (PDT) Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com. [209.85.218.48]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a5a1789247csm786780666b.82.2024.05.14.19.29.10 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 14 May 2024 19:29:11 -0700 (PDT) Received: by mail-ej1-f48.google.com with SMTP id a640c23a62f3a-a5a2d0d8644so116212166b.1 for ; Tue, 14 May 2024 19:29:10 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCULmOXvRN6osMzWHy/fvPlAjsG44ykXV/Qs59Yc5Y0ygGCwrVgYEd7vnst93I3yHZOyTu1jFf0s30MJpENclstEQag= X-Received: by 2002:a17:907:7f08:b0:a5a:63bf:5175 with SMTP id a640c23a62f3a-a5a63bf5227mr784689766b.10.1715740150546; Tue, 14 May 2024 19:29:10 -0700 (PDT) MIME-Version: 1.0 References: <20240415163527.626541-1-jeffxu@chromium.org> <20240514104646.e6af4292f19b834777ec1e32@linux-foundation.org> <871q646rea.fsf@meer.lwn.net> <56001.1715726927@cvs.openbsd.org> <16982.1715734632@cvs.openbsd.org> <84192.1715737666@cvs.openbsd.org> In-Reply-To: <84192.1715737666@cvs.openbsd.org> From: Linus Torvalds Date: Tue, 14 May 2024 19:28:54 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v10 0/5] Introduce mseal To: Theo de Raadt Cc: Matthew Wilcox , Jonathan Corbet , Andrew Morton , jeffxu@chromium.org, keescook@chromium.org, jannh@google.com, sroettger@google.com, gregkh@linuxfoundation.org, usama.anjum@collabora.com, Liam.Howlett@oracle.com, surenb@google.com, merimus@google.com, rdunlap@infradead.org, jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, dave.hansen@intel.com, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Rspam-User: X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: D9DE3C0003 X-Stat-Signature: jmu8zfmsas7u91fbys6f987kq8tae46f X-HE-Tag: 1715740153-193848 X-HE-Meta: U2FsdGVkX18qpzC/0aSlU+ujHmpAV4SKHVlDYRtv8MsiHcowXTxgtKSqJ27iuXD40y6nUCNDJaBCRU/VHeiV9zh169z5JqO2t1J50d8q63cVcQm6goXc7YtRqUhRmP3SBLsDYxyY3/f80LJVia1CRcyfnF0mOSuUQ7Ch66LHOc82ZtlPCnxFz5PWMfv+tAaY+a0YMtwxyV2OXnvLKGd/Newg+HG6uxWCVnRMYY/WcQXViCj3IDjssnUS+BRyLXM9OutiinESRMpnYBa5UW01dK2jcGY5s5VbwjSVqCkkGB80bwh3sdea6zsfr9sTVFFPLuBx3hRi382vYv9O2TiRsMaXr9txwZoQcmnH1V9k3TmpLmTEunl4GipebCjp1+0NCGjYM/ME3k0OHwzm7hvYRmeCdYi2rSEWKpVL8zHL0ZuXBxCM3JNcy8g0TiO5nQ2IGEnZ+wZImnXN8mRiNDbcHKYeDgNQ8WyMPyWUD1UjgoTBgq/HUobK6wKL6pG5I43lQbzC0xiMPXwajszhihsJrUBsqvbegnUkDKWF+jKPq0Z7plAAW64NxppbJ7/Cby2EzzyYDMPcRMt8KshYDcD0Kj7rVOw7A+eYcx1KvQiEIFF+bhoWuVToqXNzhz9er70K5Y4LdYMEWK/RVQz12kkCDmMa3h8bvexHxmiwuRa3FRWSO5b0uk2y1uS90sYIPdOUM2cQeQLgPu3zPMJ3Lf+gSvDz0LLpqEPeVXI7H9vzCMV1SyXxVHlzhHKlYoINNXU4J3PX4nh0IGJ8uoumyuoosUMbGLjn1bjPHWcsyPUM2mTTPrTyF/Jz6wawEBYHf1Gr2uVAd6Qx8UHPu7Ubril+p/VOLT5z6NwkfOzVIIqZjg2J20v9+kYzCiwU9FdlO3xAHs66OD1g7c6iXiINuSUH+dUnlM/hGQhDt4ZzjpJzpirHZwgoXG81rYnXB46QmCi65ltC4tMLmTxFsGZzm5w +r4yCF7r qupDX0ca7sKIG0CHmAm3gpUnd9FJYSPJYOKNbExUZuCVsp935s4neTXvziUVdeMYRqTG8v2Gy+YMbmeslT8WRD1SL3Q99IjuONk/AR1UQp86L5Q3UPfvSnOMMufCMK69q1Da/dZIr3PcGUCB01ysDkt01DBpJ5wLG3TmLuVezx2CsiYBLFzffk4jcbyOtoLzEIVAx30Ww7ov0SaB51Lbr83YjR1hD7cDGPECsCQkcEDOgKP1EdQuV+J/M7UJV0hSqCpMIR7YXyYbuXp7hWpbJXNrA2SJm12iw+u6/q89r4v3A4I+/cazNaUfEz/hg4BldniupPfTmp4Glf5qaomTVOaDqLYAPOP3oApG9ZSsChsWYG4w04gKIHKT5VU9TOgjc+1omNZ60ix1HfH2MQvazXv1apDVl+rA1fxLNJcPIVKaVQk8BPw9xvPw+tyXGx42JljKYA49zoIGhP5yELEBd/i+knqd4MD+BuC07xHEGFaosPWUlNuxd5akLtVgERU+vlMF6iczo0/t2+OJmyblxETh2EvJ7jjoHOrbf7XI9iQppbJsl3UBtjKhAaG9ycAt+bV9hOf/yyydUXXKPx6LHCAmYto8YvaxrHkEZNZRJcNwPmBoMnbnCXDeK1Jx+youdNtO3t4g/0qB3hlCvUmtxExNtOLvxK4x7z0HAU/PC/WK7sj2L62rgqpCBYobLjMDn+kfLN4ma/jhLm0BHllMBQZmOwEEZablnCl4K X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, 14 May 2024 at 18:47, Theo de Raadt wrote: > > Linus Torvalds wrote: > > Regarding mprotect(), POSIX also says: > > An implementation may permit accesses other than those specified by > prot; however, no implementation shall permit a write to succeed where > PROT_WRITE has not been set or shall permit any access where PROT_NONE > alone has been set. Why do you quote entirely irrelevant issues? If the mprotect didn't succeed, then clearly the above is irrelevant. > When sealed memory is encountered in the middle of a range, an error > will be returned (which almost noone looks at). Memory after the sealed > region will not be fixed to follow this rule. > > It may retain higher permission. This is not in any way specific to mseal(). Theo, you're making shit up. You claim that this is somehow new behavior: > The other previous errors have been transient system effects, like ENOMEM. but that's simply NOT TRUE. Try this: #include #include int main(int argc, char **argv) { /* Just three pages for VM space allocation */ void *a = mmap(NULL, 3*4096, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); /* Make the second page a shared read mapping of stdin */ mmap(a+4096, 4096, PROT_READ, MAP_FIXED | MAP_SHARED, 0, 0); /* Turn them all PROT_WRITE */ mprotect(a, 3*4096, PROT_WRITE); fprintf(stderr, "Write to first page\n"); *(int *) (a+0) = 0; fprintf(stderr, "Write to second page\n"); *(int *) (a+4096) = 0; fprintf(stderr, "Write to third page\n"); *(int *) (a+2*4096) = 0; } and what you will get (under Linux) is $ ./a.out < ./a.out Write to first page Write to second page Segmentation fault (core dumped) because that mprotect() will have returned EACCES on the shared mapping, but will have successfully made the first one writable. End result: this whole "transient system effects" is just not true. And "mseal()" isn't somethign new. If somebody makes random mprotect() calls, and doesn't check the result, they get exactly what they deserve. And mseal() isn't the issue - bad programming is. Anyway, you're just making things up for your nonexistent arguments. I'm done. Linus