From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3F58EC021A0
	for <linux-mm@archiver.kernel.org>; Wed, 12 Feb 2025 12:38:07 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 8EDA36B0085; Wed, 12 Feb 2025 07:38:06 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 87608280002; Wed, 12 Feb 2025 07:38:06 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6F06B280001; Wed, 12 Feb 2025 07:38:06 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 529486B0085
	for <linux-mm@kvack.org>; Wed, 12 Feb 2025 07:38:06 -0500 (EST)
Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 09E7F81908
	for <linux-mm@kvack.org>; Wed, 12 Feb 2025 12:38:06 +0000 (UTC)
X-FDA: 83111244972.13.61B574B
Received: from mail-vs1-f53.google.com (mail-vs1-f53.google.com [209.85.217.53])
	by imf17.hostedemail.com (Postfix) with ESMTP id 2DEAD4000B
	for <linux-mm@kvack.org>; Wed, 12 Feb 2025 12:38:03 +0000 (UTC)
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=GuikW9+c;
	spf=pass (imf17.hostedemail.com: domain of pedro.falcato@gmail.com designates 209.85.217.53 as permitted sender) smtp.mailfrom=pedro.falcato@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1739363884;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=/MhxCCG8L68ap4Fb8sC1sFWzMKosheiocSWTxAlfbUw=;
	b=azM/5P6Wkai56m8od9YRlmn7WawQ5h2o2pk4sxsK3zkvC2EuKg/xeea9T852fGqV+2/gAY
	gKkE+s3t4B7pfXT4ZD9wGjSCJUFGWB2ntYFVGWGtkhGMvbxPoRagOFKu9cy4TN0vrWypqq
	XvJMFOYwE0ZM34BNPkqLV0rD6vRm/o0=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739363884; a=rsa-sha256;
	cv=none;
	b=c7U4aikKOilx2pyZRg2Rt7EHDxlDndvNo9j3Aeb7VmB76tGevYnWTT3iPB24CJBbvQDVlV
	Kh5wyrCbAnv5zxG2pq/rtz3dHSPeIAFE2pmO5qEVNeHNifVQ/tMo0+BgvhMTZ019j1lYC4
	NjH2iWDeX9RA3Xx0O5GWKhd+IBcQAn8=
ARC-Authentication-Results: i=1;
	imf17.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=GuikW9+c;
	spf=pass (imf17.hostedemail.com: domain of pedro.falcato@gmail.com designates 209.85.217.53 as permitted sender) smtp.mailfrom=pedro.falcato@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
Received: by mail-vs1-f53.google.com with SMTP id ada2fe7eead31-4bbc406499fso972726137.1
        for <linux-mm@kvack.org>; Wed, 12 Feb 2025 04:38:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1739363883; x=1739968683; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=/MhxCCG8L68ap4Fb8sC1sFWzMKosheiocSWTxAlfbUw=;
        b=GuikW9+cTsZal+yQ4n1Yi1sCwIpUkDGpyBH0tmYh0lplwWC+FDlQIaSHViiZTjvjGz
         yLpuzgy2Yv1q1qBJzGwrZ4+bZfFfpNIBd22+5QrQBxKtuqGttvjY3waInEgvN2mAttQP
         1GayhB5MEzV6+fa6rGwz1CaN80fWRdeX7zchZ8t0jMoIuYVfu4DA+Nqkcqm9xJD/GhNp
         JZLEoJNd8YxQlDBLUkPySdQTnbtxe8wyOJyRH3LI/2u/VX7QXjIrQODvsnqtWlV/aacE
         MEIhn/WP8zNFbK2z+MLvkFs8i2RpSWwH+j1eOevR0MVhiBzb+fgZjW1SDyAX/C9wNG7T
         xniQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1739363883; x=1739968683;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/MhxCCG8L68ap4Fb8sC1sFWzMKosheiocSWTxAlfbUw=;
        b=pJL6eAbJIMnzKDGWLZ3Wn0/AQccp8zbUJzkRhxRw+pQoddyzsKymZtTFGo/atC11Bl
         p4QzVoIeIMY2MnHH3pJdY4rT47+rLip6Aly0Vlzg+FaNWCG+3HLT0+YGvRJmsk0JGW3D
         km3My/Ak3kqluA+aTFBViSau+ri99biSN2pAjWnjijLVZGjRQZMO43SV6WP14X7tp/Ty
         J+R2l1M+LqF/nBXD4eyEwkpjoZue9HZNe1lq29eohCwsaPPPf9QJF8zUbren2RZaFacQ
         jIumb8tZsvGsxcLLWSx474MNgv6bLBDbRy83xrM1QmhgyU6AzsgvDgTzXU/zokA2qeP0
         DC4Q==
X-Forwarded-Encrypted: i=1; AJvYcCVDwCD1wWOPQs6PWcLYlchnX1+uf0gN5nT80IEuKb8bJ5Kfxu8BmmgoAo7Rr3i1OGmVdD6glsY+Jw==@kvack.org
X-Gm-Message-State: AOJu0YzeyVe5t/RqV2mup9SmQyZFn1bTgg+Q8Zo33zPk8egTcHhQHDDT
	Gb/NsnJkERZxbtRoa6MTXw9EG+Cd+1Ef4SQ2/T8NBsi8MytC27eJJY5sIZ33YJKk6Ka4MTW1Xov
	PP72YTpZuJUVcSQl4YGvr21Jmy0A=
X-Gm-Gg: ASbGncs7imszcMupxz6TcFH7EJkr/hORKRh9oSRRqtjA7dj6qkqDo4ajBZMFuKqrVNg
	Oo3vCu1Mn5aDwN/5s5e8bY8iqJdc5GGsvTp2qbZKyiyJ4eSbj/DVxiEHkjMt0YSev0Z1IyB8shK
	+r2tS4XYPjeTOb6KaLO7WRHU1tkiWi
X-Google-Smtp-Source: AGHT+IHxyI5V68yTiQpSCeRuL0DAoHMUWm5WYwDLhddhFWBZhhZWrHpYNg+VdgNISZba43fqOAs1Dgr3VTvCPaVwAd0=
X-Received: by 2002:a05:6102:26d2:b0:4b6:d600:a35f with SMTP id
 ada2fe7eead31-4bbf5494ef9mr1382286137.4.1739363883129; Wed, 12 Feb 2025
 04:38:03 -0800 (PST)
MIME-Version: 1.0
References: <20250212032155.1276806-1-jeffxu@google.com> <b114f48a-a485-4ebd-9278-6c62a1f33d9c@lucifer.local>
In-Reply-To: <b114f48a-a485-4ebd-9278-6c62a1f33d9c@lucifer.local>
From: Pedro Falcato <pedro.falcato@gmail.com>
Date: Wed, 12 Feb 2025 12:37:50 +0000
X-Gm-Features: AWEUYZkK5vY4SQpUupnNrhKNiAtngdUasab79fM1w6vCVdGz__atvD0Ojr1vOwU
Message-ID: <CAKbZUD0TAX8F9kDCEEvGSbcegDD4GLyra3ewtxncBbs45WJZ3g@mail.gmail.com>
Subject: Re: [RFC PATCH v5 0/7] mseal system mappings
To: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Cc: jeffxu@chromium.org, akpm@linux-foundation.org, keescook@chromium.org, 
	jannh@google.com, torvalds@linux-foundation.org, vbabka@suse.cz, 
	Liam.Howlett@oracle.com, adhemerval.zanella@linaro.org, oleg@redhat.com, 
	avagin@gmail.com, benjamin@sipsolutions.net, linux-kernel@vger.kernel.org, 
	linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, 
	sroettger@google.com, hch@lst.de, ojeda@kernel.org, 
	thomas.weissschuh@linutronix.de, adobriyan@gmail.com, 
	johannes@sipsolutions.net, hca@linux.ibm.com, willy@infradead.org, 
	anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, 
	Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, 
	peterx@redhat.com, f.fainelli@gmail.com, gerg@kernel.org, 
	dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, 
	mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, 
	enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au, 
	aleksandr.mikhalitsyn@canonical.com, mike.rapoport@gmail.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspam-User: 
X-Rspamd-Queue-Id: 2DEAD4000B
X-Rspamd-Server: rspam07
X-Stat-Signature: m9tbzc7y81531f4zm5d6b43bupg5aquq
X-HE-Tag: 1739363883-405207
X-HE-Meta: U2FsdGVkX19btFTCngZt9omtXx19Fystg1SkX6w5jyiZ/4U9ZT+sFvZK+CrJI1O20GgELYvj5BmC1e/ECLwPmDzXilOntVIluMijgK7q/r77cNbs4dhqA2gV27mSD1hwEIsRvjZ97XP/E1jGUUXEHWopgfoa8ZogONdNKPKNlTuT1X/HcbnML7EFrcuhpeayPnFswR+rnJlHWTemDrqhwxd3pxCY+zbTj+90cW5c9S6xPaczlExvumr6OHYdz9a0Vy9mgC1i4RA8gsSS+h06v5GwdNtKeX/KhCYoh/eGtD69rxykurLb2WrWL8nfxEfDfTbrISrUg0g3gnR9Fmfx+TH6DRQvaJKO1/HWwFe6aCmPrLb5hR1o3CSzb+POJqVYEWx3Ps/qo3WkUtb3KMzzyET3C8gROoK7nH2ysSgNoV5ytsAX57c/Ud439B6aIgqr7ddwyf3zRd9L3GA8DkK8qX7IhDCIXhiVn5qudcW7zgjO+SkQfBUpXSVzhM/J5iJri29JKLF/swK0tm1TRRIvOIeEg84HMPFiiz/WVDYGl/jZXG0Ah7gpWne+9oc5niZj27V5N+xS+sjMwspgIXyHodIzlO2/7vqRPBUQgm8AEUonr6ivMThDn50CKprae3fyE7G0NozpadhppRvPufgGUDcK4e8LzHQY6lxtom20DdDeXQtSit3GFPgZKTTJSaJvI+SJ2Cl0o7ZPVUbC7zJ04RSeknJTnadSDZsRWU6Ez7UwI1S9Zty2ElbosgNSIvyR6NOS9AUnKS7VzZKCd10CUQmlgQM8xLbJZ2518oB9oD9Dkh8SC8/l/3kddasLCFxI1ESOvXYUU5gopLsQ86FRrBeCzPDWN5R/iRiDakUmscl0qKg2t9bYJ0MyNgDJDSofbV+wGt/FUkGQJB1Ahdj8C6WWV6hc8j84sUU6Vh5PX4kHT80F4oT0ywyF0uqtB54PhD80rN9ImJQn9Aft0qS
 CEwLICBr
 idZN1VBdn4rjaNuDYBZRlrEGPxD2JLy3ODSecDzQ3tMy8k76g2Jik/tEymY4ANX2eH5I5PfkKoR9PtQakyL5wnC6kxZIazBO9EDN8G+VTRkaUwMp43RFpEQjnEbRruX4zcJ3YaT+EcN+emhouzbZOYaVotiNVOUHWnQTRosdywPbhyOsuxBvIIBdBa5txXzbJ7Ep6sl24UJ0h0mSNvcj6QmWpCk9w7qN4SV/K4EPnVCB/usRDASGsPNEcqb3kY3rNc9cSN9a8Tj/Buzl4/JnTIHG46ws+VYV1fZfPpmZRne1VnES4FZGmyHTl/MUrlWWP4SsQNcPEaFTbyieWLhPEmS6UkSXIAHRvfO8i5VFagE5KJwqKjQcVMcYtllyC2hkodhBbsBhhrOi7WnhTXzJ42XryS2l2WKUGypKjAkF8WuicKlqxY9KPvD5UCKh1umLlLU1hSg7MbNJLLYW9Fa7sNkreGA==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.002503, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Wed, Feb 12, 2025 at 11:25=E2=80=AFAM Lorenzo Stoakes
<lorenzo.stoakes@oracle.com> wrote:
>
> On Wed, Feb 12, 2025 at 03:21:48AM +0000, jeffxu@chromium.org wrote:
> > From: Jeff Xu <jeffxu@chromium.org>
> >
> > The commit message in the first patch contains the full description of
> > this series.
>
> Sorry to nit, but it'd be useful to reproduce in the cover letter too! Bu=
t
> this obviously isn't urgent, just be nice when we un-RFC.
>
> Thanks for sending as RFC, appreciated, keen to figure out a way forward
> with this series and this gives us space to discuss.
>
> One thing that came up recently with the LWN article (...!) was that rr i=
s
> also impacted by this [0].
>
> I think with this behind a config flag we're fine (this refers to my
> 'opt-in' comment in the reply on LWN) as my concerns about this being
> enabled in a broken way without an explicit kernel configuration are
> addressed, and actually we do expose a means by which a user can detect i=
f
> the VDSO for instance is sealed via /proc/$pid/[s]maps.
>
> So tools like rr and such can be updated to check for this. I wonder if w=
e
> ought to try to liaise with the known problematic ones?
>
> It'd be nice to update the documentation to have a list of 'known
> problematic userland software with sealed VDSO' so we make people aware.
>
> Hopefully we are acheiving the opt-in nature of the thing here, but it
> makes me wonder whether we need a prctl() interface to optionally disable
> even if the system has it enabled as a whole.

Just noting that (as we discussed off-list) doing prctl() would not
work, because that would effectively be an munseal for those vdso
regions.
Possibly something like a personality() flag (that's *not* inherited
when AT_SECURE/secureexec). But personalities have other issues...

FWIW, although it would (at the moment) be hard to pull off in the
libc, I still much prefer it to playing these weird games with CONFIG
options and kernel command line options and prctl and personality and
whatnot. It seems to me like we're trying to stick policy where it
doesn't belong.

--=20
Pedro