From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F1D9BC05027 for ; Mon, 23 Jan 2023 16:22:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 421DC6B0073; Mon, 23 Jan 2023 11:22:21 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 3D2356B0075; Mon, 23 Jan 2023 11:22:21 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 29A216B0078; Mon, 23 Jan 2023 11:22:21 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 1C8E26B0073 for ; Mon, 23 Jan 2023 11:22:21 -0500 (EST) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id C9AFAC08B8 for ; Mon, 23 Jan 2023 16:22:20 +0000 (UTC) X-FDA: 80386581240.01.E6B6506 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf24.hostedemail.com (Postfix) with ESMTP id 1DCB718000F for ; Mon, 23 Jan 2023 16:22:18 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none); spf=pass (imf24.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674490939; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bi2gZ+OYSDSf1t9syUdQPLI1GTXCxvA7gXWqfAb3SSU=; b=E3JfTBYkTYsG8bRXsZfKlHZ8KoD6RuaTR8kus1dOndc7hqz+B1A2V3joaG+NsJRdmFkq4t WUiQ/qS+x+0V9cukUFUGA6wVVDZ+FXywCKJMinWbzwZGwbr/8oQ22X0zMurkz8tbOYgRAl ZP/MlcitjlKh/8bpo4trAd9OyuMiMLE= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none); spf=pass (imf24.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674490939; a=rsa-sha256; cv=none; b=StpjiEo8BmiOa9+7JcCu7CU+dZ7BckgJZsQsrLtCxGlqUBmtreV5tIhEXzwI59fNONIW7P hZmolazBCeROz5ZmT+8IFCX1EAc2v1mErZ2xl1iSfkUoWiXy7d8joAL68crAzaCqVvHrUA mN+rly+d+/28WVeHHt6t7vhEXCiL1rM= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id EE66160F6F; Mon, 23 Jan 2023 16:22:17 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 74EA8C433EF; Mon, 23 Jan 2023 16:22:14 +0000 (UTC) Date: Mon, 23 Jan 2023 16:22:11 +0000 From: Catalin Marinas To: David Hildenbrand Cc: Joey Gouly , Andrew Morton , Lennart Poettering , Zbigniew =?utf-8?Q?J=C4=99drzejewski-Szmek?= , Alexander Viro , Kees Cook , Szabolcs Nagy , Mark Brown , Jeremy Linton , Topi Miettinen , linux-mm@kvack.org, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, linux-abi-devel@lists.sourceforge.net, nd@arm.com, shuah@kernel.org Subject: Re: [PATCH v2 1/2] mm: Implement memory-deny-write-execute as a prctl Message-ID: References: <20230119160344.54358-1-joey.gouly@arm.com> <20230119160344.54358-2-joey.gouly@arm.com> <4a1faf67-178e-c9ba-0db1-cf90408b0d7d@redhat.com> <8b4e31cf-de20-703c-4b53-ad86d4282a37@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 1DCB718000F X-Stat-Signature: adaraba494u4qkt519ro84981qwer4ub X-Rspam-User: X-HE-Tag: 1674490938-667583 X-HE-Meta: U2FsdGVkX1+cHi42Z61/Jig9ZGxrPe9E26VZMBz2+2m4mF/RRxJtqNNap1nWSEDkOHrZtasXLOM+8fpKtHJnpaAqxEH/DynTBsQ7agUNwDPL7jn0GqYy4PI0zESeC6Y9DDeuzWUO48KArnNrTaUJkSlTaLWneGPTMxryiT64r+mWYuvXThhVMGte51WsqgF8tDv2AnD9YMYEaXKfGMfwVpScPVK0sKwTlRAjGtQDrosi/HmV2ZfLnHBKkkElYr/HojrCSTXCoAvP1daiPlnC7UPzF+sCerirKKJ7Xm2Y3FEmAWVfwxHgttbbFiTDw8T1rKkyS3nfkDKtUuNe+KS/OJjWblDJTAP547X8+vsATCvDnuafOv/Z9rf5iWlNN2k+4EdozfbQ8TDWF5eZVmG83uOrIv1MaoXqbFzBE/IoCOBSCmTpd60FiPnZ+8BI+sqbVeZoFsNGhPMH1YqJROsP88vj/xM7a9l0oOSBtmEi/kOWqYjrQ8tmw2Q5gMeiKa9JHwayha1FLk6rjzR01YYUVx87Lqi/9FrFPnBta1kP/hMuwCkLXtbGrijE0JQaEtj+EChb1YiMYF9OMvwGkwm/jlqQBl0XIcwjeKDD+f9cZ2XAFahTMbpMowaT/0YNj+/fCQzriVbbDYyx0sEiNteVk9JmlzKQZSLGoa5KRpzkURqancOnvW4uusw45qPgyuKh9V0D+3VPCuku8SK/rKoQo4/VpUCBdXTxnXCt5s137Qeh1Gc4Znkb+RxBz4sHgTU4VDXpGBE4nlig5CtSXVHAuRR1IFuSmGH3saqMLLQ4s2XL9a3WE8FCpoTcfjkX7LkXu2RETjGkTIpgukRVLTu6iwjSSz7pJ8no4A4uBvA6qIiSKpEUhjJQ3y9vOPmveuQYDTVcRVVnpGhLkDEgOlr8xMb4wSY/Vsjmgbr+EudnS5B4KLI89v3FJIMsmr1ptoLz09csmMHAZPaQoK/44F6 6kuWXsfT CNc4HdmFlh08zUzJ1hPb4A4nNcaiT/0xeSx4qgiy057p+QtyoXpuZck2eO9ZROecwLwbr/JqVOp8VO6n2lm3M9EBSsFDRLZQM909s5S+n9jLwGVLvGFB2MzTMOWG7sRxWJvP2KN6pzOZ6rEFsVVqMQvIC+I5xTTF/CXhbqphCXwqaUW55sTidWWKYY3r2Df0VuK06EtSqhfYWbJkdCjip2tv50M/1gmDpiOzuy7xbBLHB0b3JAAeCjPC97HkzwZmx5QAJMqcdPbnXmjLrQsdOMgqhDeNyYspK7IQnYL85q8fKWBpp/zW+3i3KNKJD9UL9JA02i8AR1IGxFpE7lxyUHIDez1mN2MC8LCUUTuj+NMG4HrpB9N1RWBFRbkG7U8ni1rWhM4oJ8mHy6DQIUv8W1q1/ew2XsMA4dQ/x1ZPVe8Y9mY+hnTTsIcpF8g== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Jan 23, 2023 at 05:10:08PM +0100, David Hildenbrand wrote: > On 23.01.23 17:04, Catalin Marinas wrote: > > On Mon, Jan 23, 2023 at 01:53:46PM +0100, David Hildenbrand wrote: > > > That at least would be then similar to how we handle mmaped files: if the > > > file is not executable, we clear VM_MAYEXEC. If the file is not writable, we > > > clear VM_MAYWRITE. > > > > We still allow VM_MAYWRITE for private mappings, though we do clear > > VM_MAYEXEC if not executable. > > > > It would be nice to use VM_MAY* flags for this logic but we can only > > emulate MDWE if we change the semantics of 'MAY': only check the 'MAY' > > flags for permissions being changed (e.g. allow PROT_EXEC if the vma is > > already VM_EXEC even if !VM_MAYEXEC). Another issue is that we end up > > with some weird combinations like having VM_EXEC without VM_MAYEXEC > > (maybe that's fine). > > No, we wouldn't want VM_EXEC if VM_MAYEXEC is not set. I don't immediately > see how that would happen. You are right, this shouldn't happen. What I had in mind was the current MDWE model where after an mmap(PROT_EXEC), any mprotect(PROT_EXEC) is denied. But this series departs slightly from this since we want to allow PROT_EXEC if already executable. -- Catalin