From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EFC36D59D6B for ; Mon, 25 Nov 2024 20:40:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 885186B008C; Mon, 25 Nov 2024 15:40:18 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 8346F6B0092; Mon, 25 Nov 2024 15:40:18 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 6FD196B0093; Mon, 25 Nov 2024 15:40:18 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 5122F6B008C for ; Mon, 25 Nov 2024 15:40:18 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id A829B120ADB for ; Mon, 25 Nov 2024 20:40:17 +0000 (UTC) X-FDA: 82825784748.10.B1EB7DC Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf03.hostedemail.com (Postfix) with ESMTP id 3F3E72000B for ; Mon, 25 Nov 2024 20:40:13 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=XjGNUmFt; dmarc=none; spf=none (imf03.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1732567213; a=rsa-sha256; cv=none; b=vbvlDyl+6TVlAsQKSOOEw/Qt8nB6Vr0X1C2fqYsohrtcdapdZ5E7cSbED71n6L9m+JIyw8 7Gn4V+IeGDe1rIn7YmI5MKt1VnMp6z5jTJe44AME1CLG3TnnwDrRFZFq1B/yDw6/tX53Ha iOeFF0NpEi/0ICdwwAe7thkzx4kRJRk= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=XjGNUmFt; dmarc=none; spf=none (imf03.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1732567213; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=NVsVk2Cd6ZJd8jRyfdNHFXq9NI02Yyjwk/+6q8/76/A=; b=m1uA5ncxhZLnvGjv+xdMv7+AQM2cQcy6mror5lI2kro1QAxJ2GqDupqWgv+87Cp6jSYcxe anqeIljq6J/Fy7l8sRuJqoesq9Au4mtOwIc3tbOG+CezSxFR6RSj4G3ZMG+BVRWoirIhFg OMuQnKkucIZS1v6AehRNpZ8wyldV2Mk= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=NVsVk2Cd6ZJd8jRyfdNHFXq9NI02Yyjwk/+6q8/76/A=; b=XjGNUmFtOmnA/EI2txIfuGDPeV nDHfPS6SRB/QmkiwbxrqAkhKjvmXw8WUaRUB5kNIX+LUEKkim/+7Th3OagA0U8+9t3ojSc9iOZ71g 2SDHbyXJHA9om93l4E6Q8wxjjsCSFPLwF2P5eGO07CiShs3YA0nEegqtq2XolBdMFPc9vcFcogu9C y/nrkG4tMttZ8V4IuPJLYXokPTQsgf620Q9e4Uaz4mfuMDT1JzTdrYDaRu60x2R2ym61KN6vw4O2U FVrsZcS0XnuiwZg97F1XC+enJnOtDaXMnePahJ2+KXNM+koYjXH5cCYATve9kwTpm4EZknow5k9Zl b3pqS5lw==; Received: from willy by casper.infradead.org with local (Exim 4.98 #2 (Red Hat Linux)) id 1tFfsN-0000000CSXT-3y4q; Mon, 25 Nov 2024 20:40:08 +0000 Date: Mon, 25 Nov 2024 20:40:07 +0000 From: Matthew Wilcox To: jeffxu@chromium.org Cc: akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, torvalds@linux-foundation.org, adhemerval.zanella@linaro.org, oleg@redhat.com, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, sroettger@google.com, ojeda@kernel.org, adobriyan@gmail.com, anna-maria@linutronix.de, mark.rutland@arm.com, linus.walleij@linaro.org, Jason@zx2c4.com, deller@gmx.de, rdunlap@infradead.org, davem@davemloft.net, hch@lst.de, peterx@redhat.com, hca@linux.ibm.com, f.fainelli@gmail.com, gerg@kernel.org, dave.hansen@linux.intel.com, mingo@kernel.org, ardb@kernel.org, Liam.Howlett@oracle.com, mhocko@suse.com, 42.hyeyoo@gmail.com, peterz@infradead.org, ardb@google.com, enh@google.com, rientjes@google.com, groeck@chromium.org, mpe@ellerman.id.au Subject: Re: [PATCH v4 1/1] exec: seal system mappings Message-ID: References: <20241125202021.3684919-1-jeffxu@google.com> <20241125202021.3684919-2-jeffxu@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20241125202021.3684919-2-jeffxu@google.com> X-Rspamd-Queue-Id: 3F3E72000B X-Stat-Signature: bhz955n3fqtx85rpo1qasp6iit79dx6b X-Rspam-User: X-Rspamd-Server: rspam05 X-HE-Tag: 1732567213-914713 X-HE-Meta: U2FsdGVkX1/0xm9Ls4PZlr76vlLiSFhBR6Gvqv3/Km2IWbibFksfIatosqibpZsAqNFAcKYB9iEa5bsjU5othnYYEE6ZTQqcye86ZPoNHqDClK2CLOlVYbq1QthWSHCht/lS//5EP4K95GiJ83SBYtHyxI09JjemcpKfwr6G1L5rwULcNxkhnlIfBw1FoYTVTpfpPqxvDga3CZP5v9/whEEKDKuz82DcnADk4UmzvGScTUg7FFeq9FxSie+9iGZ21pBCBVDGUBC6fon0aiSnN4pTo0FDhDDr5PMxhBG7XKg2/hfCdoM1cv4N/Y5bto8LFSBtZp2+vTfJgP2/6UmzxBKrzTFnqFsubJdoLRiRpIHgEsG8J52Z9Gwqb9W5VHZZRBlFOGgJObfywRAUe9Szglc+VybFNfdr0imNhgFToxGqugwMcy6tXQdP7QFVz3IVD9qdeqQbJUX2RmCtp2xuEHiVJrkzAM1CgcB2VxYorGrvu5yQ7+EZDfqxFeFh7PZo4inLebuW2nNV8C3owiJgPAruZh2z12vVM+3OMCprWdLV0pnR/66J53vnnMgFowcLMY1fM9gl/cedm/psOVaHN7sxmFdo/lxtPQU2MNTj0RwYYLhx1okXaRKb0IklL07ZxdpIuxMIoyq/yXNA4yYRx+e4P7mA9romo/xmqEO/fVUGS7rJ0Cujl392RJsV9e0h+JX2tOu8QsGNXtaVMMS0Kx51OFFphLl2S7isTde6JOEQ1D92uLiert2NskzOqdlFan+2RzpuCn+fr2W3xkJ7E1z1fuEmoaPJQ3wuenikEN52GbUV2y5hneagvvi0DDY5ZV6E33LWPWXnDPqq1z4zIHSRk8sSqCDG5+nUbAFcu7lIQpgY701YC78S2UKCYNURupAO9JiHZqjdghtls5nr5doW9gP1oZFWy6suiGGoI6Md6NPyTtQZgYoBEbZQZLXr8gT8xmMHm0W+t0bxvIc cprU7qbq 9EI7Ev+aVWdmhm5N8NoTxRGLpkExjtwDfEd8T7axqlv5OY9i9OY98GLHDkWLwtgO7HRJ0JswaGg7g7RAu9UJl0NJ2LO73MmVHDfdsKYxId5PFH23gkfcj91je1js00uqjg+KE6U1EJDdbaj4xZZ4MM1Bihdoar1PD8BmhD4MuOP96bWVsQs1musKl/DDf8bHH3+md+9tZshJKFCWdiEhL5kLpOpzBCxHM333HOZW3WaNm+uYJacEzDHKttkduMxD2esFPIYhScktpijTvAXS8Vy7EVj5g32sPrl2DOTNFBfZPqua+Rr8P7jgX4c8o7pl8c1/nkSzjafxBUps= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, Nov 25, 2024 at 08:20:21PM +0000, jeffxu@chromium.org wrote: > +/* > + * Kernel cmdline override for CONFIG_SEAL_SYSTEM_MAPPINGS > + */ > +enum seal_system_mappings_type { > + SEAL_SYSTEM_MAPPINGS_DISABLED, > + SEAL_SYSTEM_MAPPINGS_ENABLED > +}; > + > +static enum seal_system_mappings_type seal_system_mappings_v __ro_after_init = > + IS_ENABLED(CONFIG_SEAL_SYSTEM_MAPPINGS) ? SEAL_SYSTEM_MAPPINGS_ENABLED : > + SEAL_SYSTEM_MAPPINGS_DISABLED; > + > +static const struct constant_table value_table_sys_mapping[] __initconst = { > + { "no", SEAL_SYSTEM_MAPPINGS_DISABLED}, > + { "yes", SEAL_SYSTEM_MAPPINGS_ENABLED}, > + { } > +}; > + > +static int __init early_seal_system_mappings_override(char *buf) > +{ > + if (!buf) > + return -EINVAL; > + > + seal_system_mappings_v = lookup_constant(value_table_sys_mapping, > + buf, seal_system_mappings_v); > + return 0; > +} > + > +early_param("exec.seal_system_mappings", early_seal_system_mappings_override); Are you paid by the line? This all seems ridiculously overcomplicated. Look at (first example I found) kgdbwait: static int __init opt_kgdb_wait(char *str) { kgdb_break_asap = 1; kdb_init(KDB_INIT_EARLY); if (kgdb_io_module_registered && IS_ENABLED(CONFIG_ARCH_HAS_EARLY_DEBUG)) kgdb_initial_breakpoint(); return 0; } early_param("kgdbwait", opt_kgdb_wait); I don't understand why you've created a new 'exec' namespace, and why this feature fits in 'exec'. That seems like an implementation detail. I'd lose the "exec." prefix.