From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 46C4CC7EE26
	for <linux-mm@archiver.kernel.org>; Tue, 23 May 2023 14:13:07 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id DA3F8900006; Tue, 23 May 2023 10:13:06 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D2CE2900002; Tue, 23 May 2023 10:13:06 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id BA73E900006; Tue, 23 May 2023 10:13:06 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14])
	by kanga.kvack.org (Postfix) with ESMTP id AC0B4900002
	for <linux-mm@kvack.org>; Tue, 23 May 2023 10:13:06 -0400 (EDT)
Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id 724801C6DEB
	for <linux-mm@kvack.org>; Tue, 23 May 2023 14:13:06 +0000 (UTC)
X-FDA: 80821711572.26.514B086
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by imf28.hostedemail.com (Postfix) with ESMTP id 95B0AC0489
	for <linux-mm@kvack.org>; Tue, 23 May 2023 14:10:18 +0000 (UTC)
Authentication-Results: imf28.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=UIdI3n7V;
	spf=pass (imf28.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com;
	dmarc=pass (policy=none) header.from=redhat.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1684851018;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=A1C8usowa2pgKunQ7Y0kEci+NwOJdReFKzh3ExUrheY=;
	b=F0Tpie8Mr65tArlCbRNhhaszo9cklgJiPrCplSBv0qlTWG8ad8ruAbRcz4D15/4Y+YwHRO
	l75SsKAJEm2BhpSlSn9clwLWiqlTV0I0jYwOzJcQ4t6DzQDSOjrUYMZdZSOEyVHIrmq8Kh
	jrg23hu/kzxybtcybIZ6VRGf0jrRmow=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684851018; a=rsa-sha256;
	cv=none;
	b=ASh9pe0shGZ3pVEo9oTSxWYXMVlACbGXjGe/fD6qw0h8E3ljEqqLC/4+qTD280nIovgBZh
	x7VrHlmtJkmwKyAEdllSj2oxYKF1mZP4a/saoGel9g4CozTR6S2uojmwdiybzCPKZDEk+A
	+EBIjVQKW7FYdc/2/wHmYqiTysnjYbI=
ARC-Authentication-Results: i=1;
	imf28.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=UIdI3n7V;
	spf=pass (imf28.hostedemail.com: domain of david@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=david@redhat.com;
	dmarc=pass (policy=none) header.from=redhat.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1684851017;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=A1C8usowa2pgKunQ7Y0kEci+NwOJdReFKzh3ExUrheY=;
	b=UIdI3n7VjSU8U7N1VIbMpeR9HwwfxqL9rNkNVH4OduHKQb/tx8O53P2KVOeFh9n5ip+X2O
	ClxecUIm/tAln9pRaNODYLHcvW9nE74kMGxq3Rp/RY4vaOiYrkSka8U4KyxXnVKGSHaXxp
	Z7zp7MaZlkU66D8fqE0N7DklmoG37FU=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-330-KphH2tCDPeaFzG0h4uOpaw-1; Tue, 23 May 2023 10:10:16 -0400
X-MC-Unique: KphH2tCDPeaFzG0h4uOpaw-1
Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-3f42867b47dso42816145e9.2
        for <linux-mm@kvack.org>; Tue, 23 May 2023 07:10:15 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1684851014; x=1687443014;
        h=content-transfer-encoding:in-reply-to:subject:organization:from
         :references:cc:to:content-language:user-agent:mime-version:date
         :message-id:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=A1C8usowa2pgKunQ7Y0kEci+NwOJdReFKzh3ExUrheY=;
        b=MtKho91IlHqQXlCJQB7sLYdSwPF1inM/B9dImBddh8AvzTL3lXUHzm6lrcNQYYNkuD
         TA2XuSddAt2eu7LW/+/4py4JquJ+wRwGg4oWxWZg5MsBlvbJnWSOTVmDyIiMR+Bo6O8f
         9manqOeFaCEZZB4iQWmEtqXJnmt52EKAnhWuLbCeiSmWyF3nYz/Xk/nOIjnZMItTLQJu
         yIajAUWR/XTImYqR8Fhc6LqHq4vOOYbcGA/CkjXrFcfZPXpBSDwOLCd0NPrweR1sYBG8
         KQdIXDM55pMSgZf1LtpCcB4m08JW/Lhu7SdqXF4mlDUAkrynnFEG8ffVDGcJSbkJuNkE
         yjKw==
X-Gm-Message-State: AC+VfDyVQfR1w9p76MDPLJcEoSoKhExI7CtPCdaI6BQmSaY1Q43luv1k
	wFpoxQSb/aW90WmPVmadzGnKJGARXj+SrvmfevO7ft1r7CBM5TKJb7xXCbnF+FvMIHJt88Dh7+R
	MeaX3IvrUU5Q=
X-Received: by 2002:adf:e60a:0:b0:2f9:61b5:7796 with SMTP id p10-20020adfe60a000000b002f961b57796mr10943789wrm.29.1684851014400;
        Tue, 23 May 2023 07:10:14 -0700 (PDT)
X-Google-Smtp-Source: ACHHUZ6NSL8riuboTPFlh9jPmS1Q+b3+kyv16SjRb+BhFJwza6MlsDIn0PSByLRqUU0fiMIlxmhoyw==
X-Received: by 2002:adf:e60a:0:b0:2f9:61b5:7796 with SMTP id p10-20020adfe60a000000b002f961b57796mr10943759wrm.29.1684851014003;
        Tue, 23 May 2023 07:10:14 -0700 (PDT)
Received: from ?IPV6:2003:cb:c74c:b400:5c8b:a0b2:f57e:e1cd? (p200300cbc74cb4005c8ba0b2f57ee1cd.dip0.t-ipconnect.de. [2003:cb:c74c:b400:5c8b:a0b2:f57e:e1cd])
        by smtp.gmail.com with ESMTPSA id y9-20020a05600c364900b003f4266965fbsm15162163wmq.5.2023.05.23.07.10.12
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 23 May 2023 07:10:13 -0700 (PDT)
Message-ID: <c3530ffb-c004-98cd-2651-280c391aca92@redhat.com>
Date: Tue, 23 May 2023 16:10:12 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.0
To: Alexey Izbyshev <izbyshev@ispras.ru>
Cc: Florent Revest <revest@chromium.org>, linux-kernel@vger.kernel.org,
 linux-mm@kvack.org, akpm@linux-foundation.org, catalin.marinas@arm.com,
 anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com,
 keescook@chromium.org, peterx@redhat.com, broonie@kernel.org,
 szabolcs.nagy@arm.com, kpsingh@kernel.org, gthelen@google.com,
 toiwoton@gmail.com
References: <20230517150321.2890206-1-revest@chromium.org>
 <20230517150321.2890206-4-revest@chromium.org>
 <bb08b91c-6c7b-a7a0-d4a7-68ddea46277f@redhat.com>
 <884d131bbc28ebfa0b729176e6415269@ispras.ru>
 <d7e3749c-a718-df94-92af-1cb0fecab772@redhat.com>
 <3c2e210b75bd56909322e8a3e5086d91@ispras.ru>
 <c63053b0-5797-504d-7896-c86271b64162@redhat.com>
 <7c572622c0d8e283fc880fe3f4ffac27@ispras.ru>
From: David Hildenbrand <david@redhat.com>
Organization: Red Hat
Subject: Re: [PATCH v2 3/5] mm: Make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long
In-Reply-To: <7c572622c0d8e283fc880fe3f4ffac27@ispras.ru>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Stat-Signature: yw9yugmmmrs63xd6drbfzf5y8yd9pj47
X-Rspamd-Server: rspam10
X-Rspamd-Queue-Id: 95B0AC0489
X-Rspam-User: 
X-HE-Tag: 1684851018-370509
X-HE-Meta: U2FsdGVkX1//6Zo0s6Kilkubf+UTR7unY2Pcew6eSsD2cJDvBQqdE0nluXlYyLZO10UOfBumF7jPeDr/4sJs8x2jSngcC5Rryk6mrOb8cqS1OnB+bYiy3PcMBoDLV288PzIFcSww9VMY8VWpF6Va0cktJ9oIXWjwjK5WY755DaKpOi9IHTfYPeKcpK1JSDymuvx9RDdTQ6RoUnEli+p9RSRIIGPPmvwcRrBW0Yjt+D8piSf34+LrKauU1zW4l/HgA06cUFdJs/srZ6VpGOOkHboqvIWrxi0Nm41PzoHiccT4NTC+D7wPJwGpPyc/UpEOwHqCklkaPgH3nt/831ad3p/lVAsUJXaFmD4l06VlChuM4EnQJFsgdyoNkmUpAzFpa/qX8sHXhDFb8KOd5arw0pQAyCp/crn4m28ODvDIxT56IPoPvFCdcx23npadEeUh6DSx18gMAzc1FpBEVfR0ltV33tHC0wCfo5VEed86jBvzlwuLWkUMXBF9TMV8bhGS7DVnzuJYTj2URsa/msHgUskwb/+xQPNkz3lzUu/C/2R8257dyJNVRCYmLWns5Mt82i4Ecs8JrWQ3w42MQzdEuK8KDOCEM6an8TX5xWCgnmqp45ciW2SH1zLrsjgTSNJzKTg4seFJ4rtV4DHnJl5G5xB+TMv5oK86t5uGUve8aG6GQfxNd1koSrNRxfHfvbBE8OfnzQ6gn4tmEhUNGOtLYU9PFehVR1Ao171ZZu7BNmBGK4EOGZR6IFsvHRUdr5AVnRSuV2IgdlxdKVIBgeWXooXaPnen9F8tPO1iClrOFqXs43LuPlsZeeueEYkXRWHcs/5MYpGsxvge2NEqgc7sSuKC0s6KpjerOrUMoLDJSQRWP6ahk5h69x8mqnUdaeddBjJ2jIwe2fNxrVyvNs3GUdDLY6meW1k6iiCpPy7ZjKnv2ucodrUwmBuRwJT6emNGRGUlzY5cXQv9yRS+YgI
 7CVj5Jt3
 cGJ+CeP6jY7epVpJQtyxWKKnKZnlThOwmdl0b82IAajG6YjAVeeY/CLM7R0r8IprPnY0dDoalji6eD11Gil0eZfaIZt96EvJDfr9MIfPRWpgTrgR1k2eq+j1Qf5wk/vLNYceqxVnaNN3WUA4fBjvBKLWDuGIPpB5q31bHKHMgnKsS+SWjrIOLfWVcYTZObYEJGUTPppcI01RZj+qLrdB58v9A/h5+ziofAMU2F9t3YZRo3nrT2A0eq0KYEwUnGuYFSgy7B+RD7K9DSNFDcIjv0PouJca6mEi+dtE4dt81GYLI+H1V7jJVVzqLwDRuvIzIqxNCLYWSxew/Crw3jW4tqT6jqbpjOgopikEfpks3876l+ShEMrt47vJgZH/FXzDslsnabfulgk3embsr+bMQgBEdOtxyciZ085xkvo8ii/Ovq93er9xFGv3qLU9JV6aw3iPobpy4XvnQNqU=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

>> Wouldn't that also suffer from the same issue, or how is this
>> different?
>>
> Yes, it is the same issue, so e.g. prctl(PR_SET_DUMPABLE,
> SUID_DUMP_DISABLE ) may wrongly fail with EINVAL on 64-bit targets.
> 
>> Also, how is passing "0"s to e.g., PR_GET_THP_DISABLE reliable? We
>> need arg2 -> arg5 to be 0. But wouldn't the following also just pass a
>> 0 "int" ?
>>
>> prctl(PR_GET_THP_DISABLE, 0, 0, 0, 0)
>>
> Yes, this is not reliable on 64-bit targets too. The simplest fix is to
> use "0L", as done in MDWE self-tests (but many other tests get this
> wrong).

Oh, it's even worse than I thought, then. :)

Even in our selftest most of
	$ git grep prctl tools/testing/selftests/ | grep "0"

gets it wrong.

> 
> Florent also expressed surprise[1] that we don't see a lot of failures
> due to such issues, and I tried to provide some reasons. To elaborate on

Yes, I'm also surprised!

> the x86-64 thing, for prctl(PR_SET_DUMPABLE, 0) the compiler will likely
> generate "xorl %esi, %esi" to pass zero, but this instruction will also
> clear the upper 32 bits of %rsi, so the problem is masked (and I believe
> CPU vendors are motivated to do such zeroing to reduce false
> dependencies). But this zeroing is not required by the ABI, so in a more
> complex situation junk might get through.

:/

> 
> Real-world examples of very similar breakage in variadic functions
> involving NULL sentinels are mentioned in [2] (the musl bug report is
> [3]). In short, musl defined NULL as plain 0 for C++, so when people do
> e.g. execl("/bin/true", "true", NULL), junk might prevent detection of
> the sentinel in execl() impl. (Though if the sentinel is passed via
> stack because there are a lot of preceding arguments, the breakage
> becomes more apparent because auto-zeroing of registers doesn't come
> into play anymore.)

Yes, I heard about the "fun" with NULL already. Thanks for the musl 
pointer. And thanks for the confirmation/explanation.

> 
>>
>> I'm easily confused by such (va_args) things, so sorry for the dummy
>> questions.
> 
> This stuff *is* confusing, and note that Linux man pages don't even tell
> that prctl() is actually declared as a variadic function (and for
> ptrace() this is mentioned only in the notes, but not in its signature).

Agreed, that's easy to miss (and probably many people missed it).


Anyhow, for this patch as is (although it feels like drops in the ocean 
after our discussion)

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 
Thanks,

David / dhildenb