From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B20ABC4167B for ; Fri, 23 Dec 2022 18:07:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 05769940007; Fri, 23 Dec 2022 13:07:31 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0070B900002; Fri, 23 Dec 2022 13:07:30 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E116C940007; Fri, 23 Dec 2022 13:07:30 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id D4983900002 for ; Fri, 23 Dec 2022 13:07:30 -0500 (EST) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 91DED140F05 for ; Fri, 23 Dec 2022 18:07:30 +0000 (UTC) X-FDA: 80274353460.16.F890B01 Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by imf10.hostedemail.com (Postfix) with ESMTP id 03030C0008 for ; Fri, 23 Dec 2022 18:07:27 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=B2pQNduQ; spf=pass (imf10.hostedemail.com: domain of jeffxu@google.com designates 209.85.216.51 as permitted sender) smtp.mailfrom=jeffxu@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1671818848; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=YNX34iDEDxhm/E73u2ryfjAMjkVi+n5xnZV2QkAaR8Y=; b=OG6TI/SJSgiJB6lpaRyt1TPAFbfktG2fxak9//SrR7uBF8pilPgFmlI0dRHCj8yWWXnWgQ ew7tg3KG8uTQIxRTxKNLpcF3+RzopqYix4TG3rW5ke5mcpEZxZhqxvJJjHRwNUoDUEyNzN gFC2YAr/93g9DtS+L8n68lbuK+oKiHw= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=B2pQNduQ; spf=pass (imf10.hostedemail.com: domain of jeffxu@google.com designates 209.85.216.51 as permitted sender) smtp.mailfrom=jeffxu@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1671818848; a=rsa-sha256; cv=none; b=TPpsixy3PcF8BH6eZuPVqf+VJx9w/QZyxRl583JupVNPUnPWJhuJ2DurVA4y2/PgJJ1LZ0 /nyqdPtIL59YlbwsDf40SkwYB+wRBwJB6M+4kZx/tVgEy4oYQKUsfTqGOLEiV2GNTJlVsf UB4VANJnnCISuF0MuGMHOy+owQRft10= Received: by mail-pj1-f51.google.com with SMTP id v13-20020a17090a6b0d00b00219c3be9830so5599356pjj.4 for ; Fri, 23 Dec 2022 10:07:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YNX34iDEDxhm/E73u2ryfjAMjkVi+n5xnZV2QkAaR8Y=; b=B2pQNduQHUwfqdHCdaOSiaNR7q68ettEq3dUpGBPNb0sTtZvKsYwmkKSzUB5qdw/lV vsRPFX4RsX8ALAsgJhE8acYKHoqJvOAuPlel3zp14FztNUmVMbfVgmkeFlc40Tw/JGR6 W0UTXJ/2e9iivuwCSOdbxkpg9lITujhaGfv1Pk4lBIZRivylOuRxESQtdO8HpCTG+2Rd NxQSrit5JJ9rudyvZY5phz4kGh5CiMNDSvvZytbN61wCApficmhdGFoaiqQWGiBuH+oy zC6JSqk8dF4YljZcV3RJppACZ6ZUPatI/IOSUsjJC/3ZZpOmX0t9irb6JyUF7+k50nJQ B0Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YNX34iDEDxhm/E73u2ryfjAMjkVi+n5xnZV2QkAaR8Y=; b=ifHPlgtodYeVq00k4sAD4ctbolpX3HiEdxiYNCb2EbtCJ/GjmmV/Sw6oxNpGtFJsf1 85PR5h04jRAMOkNPfsbDTz/qjaKcp3ZE8TDYWrxiKCoU8/jLKsqiKHOHzrc+fiPU2Qbo 1stH9lRIUCJGOU1AdzbWK/pNS7vP+6J9x21U/WnZcNVhIfbb4rCg3LEC19ZFDYwt79Rd C7I9RiY5co6SaKT6ttNIvlU7+gRImSKdYUqV8fTUGLV0FoQa7/n0hWpeaz1JQYLqKOuG 9WdrKeumzAn0vD80SuVKTE7eEjGqcrP88jRzIrro6xNfNJezhcYBrNjftR/j8KUYhPbu mp8Q== X-Gm-Message-State: AFqh2kp3R6X5buduH68SEDe6iL1paqIHneKpqmFI5vbJ4APCWFTQe8PL bLFxu7Au1JJFlbgvDLq+Teo2btNoVr2+Y7MOrSZahQ== X-Google-Smtp-Source: AMrXdXskn96xRY553YKd1nrPaJh3C6uD/jtUl/8ZfvlJSCTFs8haNJjns05KLdYBkqDSQobKq75Nsy9TPJmWu3O4YIk= X-Received: by 2002:a17:902:b690:b0:174:7d26:812f with SMTP id c16-20020a170902b69000b001747d26812fmr658130pls.63.1671818846456; Fri, 23 Dec 2022 10:07:26 -0800 (PST) MIME-Version: 1.0 References: <20221207154939.2532830-1-jeffxu@google.com> <20221207154939.2532830-4-jeffxu@google.com> <202212080821.5AE7EE99@keescook> <20221216094259.bec91e4abd6cf54a05ce2813@linux-foundation.org> <202212161233.85C9783FB@keescook> <20221216140641.bf6e47b7c4f5a53f34c8cf9a@linux-foundation.org> In-Reply-To: From: Jeff Xu Date: Fri, 23 Dec 2022 10:06:49 -0800 Message-ID: Subject: Re: [PATCH v6 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC To: Shuah Khan Cc: Andrew Morton , Kees Cook , Peter Xu , jeffxu@chromium.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, hughd@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, kernel test robot Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 03030C0008 X-Rspam-User: X-Stat-Signature: 67cffqc34wu4czach9k1g6x3monsy6dt X-HE-Tag: 1671818847-621196 X-HE-Meta: U2FsdGVkX1+Hqijod3HC8wPTdPqZ7JRD8gMj21TV1oEt6ZzBJdzerKVZFQgPv9sCABWJ8Bry0QdTMd7nOB6HLxOJBXOw0JQwBuIZ3hwcyPyStL1XM1vWVz/z5cSKMsyY4pGt2Th5tkcChWCoStDZXk/upUXoXMq9za8pmF/FD4jMnohJlfYFkjo7vBeuqozqrldeK+95gjVaOgaLZvJoM1/qUQbOLK6/37Anbve5c9LMzss5gPfU9qxfF9nlmmlc9uqlFJd/xDdA0Wi3xMRQyqUNPeXRx96+1elzcwXy/ULDYDsXZ0G6k53G6NICGKU7NlF7DJyuTdQzCNjRpajfVB6GN/l+5vl+W3D/4qyCkVl896+AJpy+UI3S3Tx1ZQ/LssxoCWclCGm691qw/QRbiPQx7/Y/2Y4U0h674ySuuyP2e6ppYyIKrv9VPYsftUtusYq8CUz7cFdAdE4R26JNqOmRO+2peTQy5BusoVpyFnILMUykRzeASTvAFvQW9WjwZ/dadq39J3OknYxGUMHhxIf2rK5iMdN7VcTXCAEDWMQVIqLQAxPHrsves7sayXqLyGBDDS4cQ5GqgCtBgOHRobPDtykA5UGm6Rvhg1awLGD0vDb5Os75uq2r63K80Z364GZJHLKTldbjL0lPx41cd/TUuwH7s5MYvOgtiG2nsaJrMo2I9w8EoMiB0RRzsD8IgPv1r/ARqpAQV+lRsnzY5j4EXueGJynO0DGC89KN/PE6ns4VNEYh4V9svvtVyEYkEezaaycMdIRaG3f27/St2K4xznzPOSVlwSzOA6BTX9qVzZLeZ28pu75AiMcd62A+yF54y1ajvT89ZamDpu72TNLTbFPsuQ4Q+BgXcUhHh8bVGCH1O0DbkAAvRLPlLt5/AJ3dgzVruTpw8y89YA+xR0lxKBtzy/SqFOfyfasa3Bcm4zXFW9d7BLkMIN0hoOL4/58lUzfmG9sKxesTvVZ NYGJT5IS wXYBDRH4ZlpXCGGBFWZG6lIW2sX7i7tU1PGfWM1hKG4ESDWwQxStP9ywakZ8BljRaWNJJkayWsipayyjfb0ZYCvsSwm+mA/4ExkjyZsbq75nS5yTzKMERhzEnKPS5I6o1B4GS X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Dec 20, 2022 at 8:55 AM Shuah Khan wrote: > > On 12/16/22 16:40, Jeff Xu wrote: > > On Fri, Dec 16, 2022 at 2:06 PM Andrew Morton wrote: > >> > >> On Fri, 16 Dec 2022 13:46:58 -0800 Jeff Xu wrote: > >> > >>> On Fri, Dec 16, 2022 at 12:35 PM Kees Cook wrote: > >>>> > >>>> On Fri, Dec 16, 2022 at 10:11:44AM -0800, Jeff Xu wrote: > >>>>> Once per boot seems too little, it would be nice if we can list all processes. > >>>>> I agree ratelimited might be too much. > >>>>> There is a feature gap here for logging. > >>>>> > >>>>> Kees, what do you think ? > >>>> > >>>> I agree once per boot is kind of frustrating "I fixed the one warning, > >>>> oh, now it's coming from a different process". But ratelimit is, in > >>>> retrospect, still too often. > >>>> > >>>> Let's go with per boot -- this should be noisy "enough" to get the > >>>> changes in API into the callers without being too much of a hassle. > >>>> > >>> Agreed. Let's go with per boot. > >>> > >>> Hi Andrew, what is your preference ? I can send a patch or you > >>> directly fix it in mm-unstable ? > >> > >> Like this? > >> > > Yes. Thanks! > > > > Sorry jumping into this discussion a bit late. Is it possible to provide > a way to enable full logging as a debug option to tag more processes? > Codewise it is possible, maybe by adding a sysctl or CONFIG_, but I am not sure the best practice to do this with the kernel? Kees/Andrew, do you have suggestions ? Thanks Jeff > thanks, > -- Shuah >