From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 85D8BE7717D
	for <linux-mm@archiver.kernel.org>; Fri, 13 Dec 2024 06:33:38 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id D436B6B007B; Fri, 13 Dec 2024 01:33:37 -0500 (EST)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id CF3886B0082; Fri, 13 Dec 2024 01:33:37 -0500 (EST)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id BBA936B0083; Fri, 13 Dec 2024 01:33:37 -0500 (EST)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10])
	by kanga.kvack.org (Postfix) with ESMTP id 9E72B6B007B
	for <linux-mm@kvack.org>; Fri, 13 Dec 2024 01:33:37 -0500 (EST)
Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay04.hostedemail.com (Postfix) with ESMTP id 3DDB31A0D1C
	for <linux-mm@kvack.org>; Fri, 13 Dec 2024 06:33:37 +0000 (UTC)
X-FDA: 82888969422.14.C912062
Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177])
	by imf11.hostedemail.com (Postfix) with ESMTP id 3AB3A40003
	for <linux-mm@kvack.org>; Fri, 13 Dec 2024 06:33:11 +0000 (UTC)
Authentication-Results: imf11.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b="H/c2WG6z";
	spf=pass (imf11.hostedemail.com: domain of avagin@gmail.com designates 209.85.208.177 as permitted sender) smtp.mailfrom=avagin@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1734071598;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=xYIvsHxH7se38EeDikVXFcZrFt1/XFiLDY/jZg7BdAo=;
	b=VrHmXft8WegiWTXKRCzIiEwBhN0wSDSO0B9ubp22cnEuLASzjSuVDK8s1cnhmFPYfRv0RS
	7jO6vmV/DAARJ4R1OY+o9SX+ZoNKV3GXXubYbKaCRarHZqZq9sF+ddDl06JrEdGbnLYV7T
	MaGpA0767uVYa8bfVzS/3OwbvuxWGnw=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1734071598; a=rsa-sha256;
	cv=none;
	b=lZ/BL79BfiRibA0y7YOBUP7fqur7MPIQEC/A2DrHGiYWelSUVYaA9xlUMWOCSQ/QsdWLVe
	ZBmxWmOnmFF73wV6bg/UAfWBmUxwUqJ/GOqxLPT7FDuJ8SGmXurNcK+Yh+VUQEbLpX15/n
	KwqvcV2f02v2T65uPmpCZK4FBEP+zyk=
ARC-Authentication-Results: i=1;
	imf11.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20230601 header.b="H/c2WG6z";
	spf=pass (imf11.hostedemail.com: domain of avagin@gmail.com designates 209.85.208.177 as permitted sender) smtp.mailfrom=avagin@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
Received: by mail-lj1-f177.google.com with SMTP id 38308e7fff4ca-3023c51146cso13869591fa.1
        for <linux-mm@kvack.org>; Thu, 12 Dec 2024 22:33:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1734071613; x=1734676413; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=xYIvsHxH7se38EeDikVXFcZrFt1/XFiLDY/jZg7BdAo=;
        b=H/c2WG6z2OF90wXPd/yCxC87Hw4GFws0v2k2ph6vMlTh1LZixLQ2JyiCf1RBNa9dVF
         xvqf294s2DPqxD9kUH3RzoyxfTIWmnv7T4vU+3egKyF/3f2Vz0ZqZKXechX2UkzSiPgA
         /FsprOL7YDWYQBb6TMBEYxUZYx0vV0HAVVMQh2LLjH6A/lupZUqbcCMq8Js76LD1p8wL
         OQ9hIYly4wRAS9B0emh9tu81Kt7MugNaea1gi1yb9E33aiZB35TxbetVk8j6cw18LO2T
         wPuIyGQ3DLO+HwEJLL3VPV1Dxz555GBAsnghxDpyV7Qmb2NKGc0riw68G3FwwEkPeBGl
         nYfg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1734071613; x=1734676413;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=xYIvsHxH7se38EeDikVXFcZrFt1/XFiLDY/jZg7BdAo=;
        b=ppEuF3zS+wMoSvrvDniYcLEhHCBqXx/z1zmMMcOEmcUo5+77vnl3waPNT5CzJpzTOW
         YcwNFsKtrkt8rhKgAR0nIpo239NYOTsV/Qd6woBe9jC5NU8scDi34xAXqzCx6Cdssoox
         VY1RZq2cb1SB/wzwPxny2nxRcW4wjRXd9JJBHuFSCH0ObuBftqjPbrtHVuofv6XZo4aY
         mktDXQAmAs184Rizpo0boCanIxMq2UGKz6TJcWXH0uTmAWZ8oBMZfJS9B55f5BYznguR
         wYSZlwQ1y/07Pbk04oYEPCv9Kwt0BjhgQnq40lDIOLld4PTmubb1QQc3L6/l5GKS24H0
         z9GA==
X-Forwarded-Encrypted: i=1; AJvYcCXBttZaisR684C1azGwEFVlT9CKXqtrrov4xe90JWYIgKspn6Qrv8h0Llh9jiaAa3bsfxxkd1fIlQ==@kvack.org
X-Gm-Message-State: AOJu0Yy3JqEsSNAwhphNyPI08o+ikeff6Hdd0nL2ekZVxfnG+3mq7QL/
	+9t90prXvhNFYGJ6vGFbt6JJDy8ijcOV0eYVeB4iYQeoX6GI144uJT/ayvdbu3jbmw2mu7TB75L
	dFLAqcY8EchkJO5I9fVYINrs80hc=
X-Gm-Gg: ASbGncuXsSMZHFQO5yDE3izbbXMN2W3RGI641lxidguEWsysQZm0AckVGbpsKoaAKum
	RngWwOZ4dd/Drutuca/Li0Hm97mKVsOMWyFuhD3E=
X-Google-Smtp-Source: AGHT+IG60gjH59y1ipLf4Mpjxc9vIhcULTmWu8GwANVED51paeYo7DrLnE/DQYHZWJsxmrfq2IiddT6NWk4sSLXVVbI=
X-Received: by 2002:a05:651c:515:b0:2ff:4e4b:cbe2 with SMTP id
 38308e7fff4ca-30251c8c51fmr8337151fa.14.1734071613125; Thu, 12 Dec 2024
 22:33:33 -0800 (PST)
MIME-Version: 1.0
References: <20241125202021.3684919-1-jeffxu@google.com> <20241125202021.3684919-2-jeffxu@google.com>
 <CANaxB-wvHERPBu+17b5GP3pVv7pC8J0dkK9MUG1tSir4PQx=ZQ@mail.gmail.com> <CABi2SkXgZfTvyPX_rcb8KTKyeHxpZrL9_2Wr+vJ1q3K3_1rwoQ@mail.gmail.com>
In-Reply-To: <CABi2SkXgZfTvyPX_rcb8KTKyeHxpZrL9_2Wr+vJ1q3K3_1rwoQ@mail.gmail.com>
From: Andrei Vagin <avagin@gmail.com>
Date: Thu, 12 Dec 2024 22:33:21 -0800
Message-ID: <CANaxB-z57KoCNawGEkmpoiHV_iCaYr8YiOc2zQiTHM4fso0ABQ@mail.gmail.com>
Subject: Re: [PATCH v4 1/1] exec: seal system mappings
To: Jeff Xu <jeffxu@chromium.org>
Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, 
	torvalds@linux-foundation.org, adhemerval.zanella@linaro.org, oleg@redhat.com, 
	linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, 
	linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, 
	ojeda@kernel.org, adobriyan@gmail.com, anna-maria@linutronix.de, 
	mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, 
	deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, hch@lst.de, 
	peterx@redhat.com, hca@linux.ibm.com, f.fainelli@gmail.com, gerg@kernel.org, 
	dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, 
	Liam.Howlett@oracle.com, mhocko@suse.com, 42.hyeyoo@gmail.com, 
	peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, 
	groeck@chromium.org, mpe@ellerman.id.au, 
	Dmitry Safonov <0x7f454c46@gmail.com>, Mike Rapoport <mike.rapoport@gmail.com>, 
	Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>, Andrei Vagin <avagin@google.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: 3AB3A40003
X-Stat-Signature: tpzefwpcmsjguxzmcpkao5mdo66scbj1
X-Rspam-User: 
X-HE-Tag: 1734071591-607816
X-HE-Meta: U2FsdGVkX18LBdCvzaQbffg1b5d5YSwcuZva3JdhnHBh4fK+GYmcmJdPNXVs6i8MQMnVnfO4XgKNg0kbNM5rg8KzCdHin85ksA0vuUj5sA52OKk8DRc6CZaNjITyqFjXQgLKtfW6kjtb0qHvrTBFvCwvoKzcl/oaqf2RE7BucBdWmc5cuQyRRxEXy24FR8NEbDnak9M/7QBnV5EJTVIoE+0D+k9fxRXC9jS0aZZJl7uQZ70tkS2a0mddtYQEVmkSMblC3Z68/kx/pgat8pPL418fRy9nX3x+OD9DmFgt5qCQv+Z/MRoEzrrEi0yikV34oq9106/ROKRPkkY+wNi0W9ttha7skSnQw2GXWP5Bf/otOX8KtngxWmdPsaultMJr0/eFTVhmOQBq+Yp3CCJhQR2Vv1scz1rooxF+YTWoJaMPifaKV9/CEpKhPO6cpNUeSqepECMq13e6j6tPPhMTbrK9KMTzq8ReNLzjApUkXevHvCD5CnK01/wvxEPIvvicgGv7CPnGe9Lmr9EBm+yMP9LFAIWrovSkw9LvDvzxkS1R+wXz+PX8nrVTEoY5iBHouGzTObCsHp1C7FbXgqwB5n936yVd2xekY897SNNQoIlpCvgb2v96T6PjR7v0tLQNftzgtoBhYX1qUHNK9uyluN6eESXi3LfItpE0Gc82ZiGz61qSurjDkP7gTuyh6xq5H5eBtC10w9XE3J3IV1Ripm2lMbKrrsf5bZhjdtfQ606H3eleMOE2mP8FYtIInBTC0UOieMQRdryKHVkm6YJFX4u2MHtE//ivUzSKHfHiZt4do2G3/P3u/wMivh8B+zjwYV44+0RVkXWzhgZHn8aZ95HanH40ushlA0FcUVdp6jYZPehAxYmhfF+xhbs7EikuVJA6I9F1yxb6avep5u1pToD7sUBFn/07Tv8h5jh/Oa3qNhKc9YWvyzKidytWQOTonvR/aJ75HgFt1eO7jUh
 UoM0Qljk
 oOMSIN7cWXRFLvnvCxdUt0oudnTouNmazWfWfsWtCW+zFaP+XoSrunOEpeDn6zFQO7GUM6+BrXeJslSqLDqz6Fx5/mSJWoUrb1+xQoHc4jhs9b3nEoWUAxYbLRUu+5PI3Qyyy2Xc88d3ZnoiZI25mEeiWNFewRlu6h3fYenUg2jBbktfUlcjrlloQhvD7vmPOVkldnR9cETl8mfLp0OuwpIrIkEzi4/GWpfUjuX+JhCI+9Lp9TfYKZh19Y/HOzPbYD9Wao8z5TYi6Di/k/anp9pgrh+n8jS/Pn4+aM1nWIRo4k4avUtWFSdIj+Mplsxbq4G80ONsqm2KMAqBIvrXrcRC8XRFFjUEtu2uW2ZA2KkTmvnyQTczPm/r/xKkuQHDSia9YDqCN4MVSkHHkkDEM5YzZ/rWiY85c2or0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.383294, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Wed, Dec 11, 2024 at 2:47=E2=80=AFPM Jeff Xu <jeffxu@chromium.org> wrote=
:
>
> Hi Andrei
>
> Thanks for your email.
> I was hoping to get some feedback from CRIU devs, and happy to see you
> reaching out..
>
...
> I have been thinking of other alternatives, but those would require
> more understanding on CRIU use cases.
> One of my questions is: Would CRIU target an individual process? or
> entire systems?

It targets individual processes that have been forked from the main
CRIU process.

>
> If it is an individual process, we could use prctl to opt-in/opt-out
> certain processes. There could be two alternatives.
> 1> Opt-in solution: process must set prctl.seal_criu_mapping, this
> needs to be set before execve() because sealing is applied at execve()
> call.
> 2> opt-out solution: The system will by default seal all of the system
> mappings, but individual processes can opt-out by setting
> prctl.not_seal_criu_mappings. This also needs to be set before
> execve() call.

I like the idea and I think the opt-out solution should work for CRIU.
CRIU will be able to call this prctl and re-execute itself.

Let me give you a bit of context on how CRIU works. When CRIU restores
processes, it recreates a process tree by forking itself. Afterwards, it
restores all mappings in each process but doesn't put them to proper
addresses. After that, each process unmaps CRIU mappings from its address
space and remaps its restored mappings to the proper addresses. So CRIU sho=
uld
be able to move system mappings and seal them if they have been sealed befo=
re
dump.

BTW, It isn't just about CRIU. gVisor and maybe some other sandbox solution=
s
will be affected by this change too. gVisor uses stub-processes to represen=
t
guest address spaces. In a stub process, it unmaps all system mappings.

>
> For both cases, we will want to identify what type of mapping CRIU
> cares about, i.e. maybe CRIU doesn't care about uprobe and vsyscall ?
> and only care about vdso/vvar/sigpage ?

As for now, it handles only vdso/vvar/sigpage mappings. It doesn't care
about vsyscall because it is always mapped to the fixed address.

gVisor should be able to unmap all system mappings from a process
address space.

Thanks,
Andrei