From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=OeGd=MA=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.0 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS
	autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 9A5B1C07E96
	for <linux-mm@archiver.kernel.org>; Thu,  8 Jul 2021 20:13:43 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 1212B61864
	for <linux-mm@archiver.kernel.org>; Thu,  8 Jul 2021 20:13:42 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1212B61864
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=jauu.net
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id AA1FC6B005D; Thu,  8 Jul 2021 16:13:42 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id A78E96B0070; Thu,  8 Jul 2021 16:13:42 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 91A0D6B0071; Thu,  8 Jul 2021 16:13:42 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0221.hostedemail.com [216.40.44.221])
	by kanga.kvack.org (Postfix) with ESMTP id 6A8436B005D
	for <linux-mm@kvack.org>; Thu,  8 Jul 2021 16:13:42 -0400 (EDT)
Received: from smtpin14.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay02.hostedemail.com (Postfix) with ESMTP id B425122876
	for <linux-mm@kvack.org>; Thu,  8 Jul 2021 20:13:41 +0000 (UTC)
X-FDA: 78340521042.14.CC12DAC
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151])
	by imf21.hostedemail.com (Postfix) with ESMTP id CF6E5D0033C6
	for <linux-mm@kvack.org>; Thu,  8 Jul 2021 20:13:39 +0000 (UTC)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4GLSCy5R6nzQjxR;
	Thu,  8 Jul 2021 22:13:34 +0200 (CEST)
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp1.mailbox.org ([80.241.60.240])
	by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030)
	with ESMTP id 8vLmEryLhLnZ; Thu,  8 Jul 2021 22:13:30 +0200 (CEST)
Date: Thu, 8 Jul 2021 22:13:23 +0200
From: Hagen Paul Pfeifer <hagen@jauu.net>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Rapoport <rppt@linux.ibm.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Arnd Bergmann <arnd@arndb.de>, Borislav Petkov <bp@alien8.de>,
	Catalin Marinas <catalin.marinas@arm.com>,
	Christoph Lameter <cl@linux.com>,
	Dan Williams <dan.j.williams@intel.com>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	David Hildenbrand <david@redhat.com>,
	"Reshetova, Elena" <elena.reshetova@intel.com>,
	Roman Gushchin <guro@fb.com>, Peter Anvin <hpa@zytor.com>,
	James Bottomley <James.Bottomley@hansenpartnership.com>,
	James Bottomley <jejb@linux.ibm.com>,
	"Kirill A . Shutemov" <kirill@shutemov.name>,
	Linux-MM <linux-mm@kvack.org>, kernel test robot <lkp@intel.com>,
	Andrew Lutomirski <luto@kernel.org>,
	Mark Rutland <mark.rutland@arm.com>, Ingo Molnar <mingo@redhat.com>,
	mm-commits@vger.kernel.org,
	Michael Kerrisk-manpages <mtk.manpages@gmail.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Palmer Dabbelt <palmerdabbelt@google.com>,
	Paul Walmsley <paul.walmsley@sifive.com>,
	Peter Zijlstra <peterz@infradead.org>,
	"Edgecombe, Rick P" <rick.p.edgecombe@intel.com>,
	Shakeel Butt <shakeelb@google.com>, Shuah Khan <shuah@kernel.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Tycho Andersen <tycho@tycho.ws>, Al Viro <viro@zeniv.linux.org.uk>,
	Will Deacon <will@kernel.org>, Matthew Wilcox <willy@infradead.org>
Subject: Re: [patch 11/54] mm: introduce memfd_secret system call to create
 "secret" memory areas
Message-ID: <YOdcY5SYIjPDO7nG@laniakea>
References: <20210707175950.eceddb86c6c555555d4730e2@linux-foundation.org>
 <20210708010803.i6RiDHM3L%akpm@linux-foundation.org>
 <CAHk-=whWxnQW=2Rx8uj01nGMGK3oOS9fJZCe6atVP7and5DkWg@mail.gmail.com>
 <YOaLPVFwQDBMcTMD@linux.ibm.com>
 <CAHk-=whEZT3f+-oDZ4kdz31GxxJ9QD_P1XrMBnM8DamdF9QHDg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAHk-=whEZT3f+-oDZ4kdz31GxxJ9QD_P1XrMBnM8DamdF9QHDg@mail.gmail.com>
X-Key-Id: 98350C22
X-Key-Fingerprint: 490F 557B 6C48 6D7E 5706 2EA2 4A22 8D45 9835 0C22
X-GPG-Key: gpg --recv-keys --keyserver wwwkeys.eu.pgp.net 98350C22
X-MBO-SPAM-Probability: 
X-Rspamd-Score: -1.41 / 15.00 / 15.00
X-Rspamd-UID: 4926c9
X-Rspamd-Server: rspam01
X-Rspamd-Queue-Id: CF6E5D0033C6
X-Stat-Signature: yj8sgqaj8cs56rdpzcxn1iu7qw4uuatq
Authentication-Results: imf21.hostedemail.com;
	dkim=none;
	dmarc=none;
	spf=none (imf21.hostedemail.com: domain of hagen@jauu.net has no SPF policy when checking 80.241.56.151) smtp.mailfrom=hagen@jauu.net
X-HE-Tag: 1625775219-26332
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

* Linus Torvalds | 2021-07-08 11:38:51 [-0700]:

Hello Mike, Linus

>> This feature is off by default and should be explicitly enabled by a system
>> administrator.
>>
>> When it is enabled, a user cannot exceed RLIMIT_MEMLOCK.

Just an idea/proposal:

this feature could be granted based on capabilities (new or existing one,
hopefully not CAP_SYS_ADMIN). Capabilities would provide a very convenient,
simple and fine granular way to use this, at least from a user perspective. Or
do I forget something Mike? 

If capability is the way, I think RLIMIT_MEMLOCK would also be redundant
in my view. It would be "just another parameter" which can only be set wrong
(too low or too high) and somehow always wrong by default. But yes, it doesn't
really hurt either, so I personally wouldn't care about that knob.

Hagen