From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 928EAC4332F for ; Tue, 20 Dec 2022 16:55:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 962C08E0002; Tue, 20 Dec 2022 11:55:35 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 9106B8E0001; Tue, 20 Dec 2022 11:55:35 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7D7E58E0002; Tue, 20 Dec 2022 11:55:35 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 6EEF38E0001 for ; Tue, 20 Dec 2022 11:55:35 -0500 (EST) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id EE0691C64FE for ; Tue, 20 Dec 2022 16:55:34 +0000 (UTC) X-FDA: 80263285788.13.78C9041 Received: from mail-il1-f170.google.com (mail-il1-f170.google.com [209.85.166.170]) by imf12.hostedemail.com (Postfix) with ESMTP id 699B34000F for ; Tue, 20 Dec 2022 16:55:30 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=linuxfoundation.org header.s=google header.b=CSJ9LGK+; spf=pass (imf12.hostedemail.com: domain of skhan@linuxfoundation.org designates 209.85.166.170 as permitted sender) smtp.mailfrom=skhan@linuxfoundation.org; dmarc=pass (policy=none) header.from=linuxfoundation.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1671555330; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=UmTBCjd4WfDkEIZ41SUabqVQsCDpgvamQQ85cJ8gqF0=; b=nDWeilYMp953M5V1wrWfDmmZK99bI0Ueg81/JVx4EdZZOfl4sQ2Pg2W7Yo12qv/bPnIGqC RR+se1afZdp/yMgodA5womiG9H1U//IAKWgwcdvTaeRFH1FRtXpAkTWO1GI/Rw4KziMf8v gaOirRcPgqT6WVPsN5qloMZpAUWXbe0= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=linuxfoundation.org header.s=google header.b=CSJ9LGK+; spf=pass (imf12.hostedemail.com: domain of skhan@linuxfoundation.org designates 209.85.166.170 as permitted sender) smtp.mailfrom=skhan@linuxfoundation.org; dmarc=pass (policy=none) header.from=linuxfoundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1671555330; a=rsa-sha256; cv=none; b=avTvDqZO19IH7k0ZD9A8jhLpxbR6GOXnoLT1ALhpeqoyn2sgsZudrW+4euTznpLdrlWRJM 7ljfioOFaM4WBomPtz7EIGgvfBX2rbMGzoONV4pfOywt3Pf78Id0EbFTe7CYc1f/ih+y4B 2O5ZEUzOO0Krv7Jp0FNRkPWeqPeH1t4= Received: by mail-il1-f170.google.com with SMTP id d14so6568391ilq.11 for ; Tue, 20 Dec 2022 08:55:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=google; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=UmTBCjd4WfDkEIZ41SUabqVQsCDpgvamQQ85cJ8gqF0=; b=CSJ9LGK+9xR1eOwHmVWnalfCyuk+oL/PCYF6ETNL7lFOI3yzt/TaJ7C+YlXlpXEDMJ Uzk7kF3dgaX9Wkqm4cTgekfJXPnLf9iAiCeEUInmVbE/gmNFvvx97KY6JTrWSLzftHWK BzRVwwchdTfgQj7qLq0lDyeRw9+bUl8d5sDWQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=UmTBCjd4WfDkEIZ41SUabqVQsCDpgvamQQ85cJ8gqF0=; b=cxlXM08OSNdnsX78+ZnHL77ZtpUanHZ+xnpS9iipTKJkmdbUtcwTpRpS6Rj3PyumkN GMfa4nDet4b99tUEAswD/gn5DAio1vLFM7hetA/nvloNHE0Q3B+l+prbfdsWoptGufmY +kIpKPeuVp1uK92nxXLZI7Bs9Be+mpHzGSaDcw/I04uJF2s4/ucuD0VEVR18zXfI/kZY W50+egMZfvrzXb3QLm28UqMXgSerLxh+Fdcbl0gH0iI+lDZXZA4QoUaAQY7xoNnVtz4r A/tVDhkie44tFapVd9eD38CxpTt/AYTq5Yjd71xDp1dZRsv/KXQ23xZJzWzclS/00Ndf M6UQ== X-Gm-Message-State: ANoB5plYvMP9mql4xazC5IXSvqqrJtKo54tfgVbln5LcMA2jv+GHIvzg zt0n8n+sdPrIp7QIhXI6zMWTyA== X-Google-Smtp-Source: AA0mqf5be6/mjb1uYLE+7Ce9R+B32f8xgMhK4AQZTwjI9AF9595PyJn41kXUUx+xKiFc9qajiFTWcA== X-Received: by 2002:a92:d3ce:0:b0:303:d8:f309 with SMTP id c14-20020a92d3ce000000b0030300d8f309mr4378979ilh.2.1671555329106; Tue, 20 Dec 2022 08:55:29 -0800 (PST) Received: from [192.168.1.128] ([38.15.45.1]) by smtp.gmail.com with ESMTPSA id s12-20020a92cb0c000000b0030005ae9241sm4493573ilo.43.2022.12.20.08.55.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 20 Dec 2022 08:55:28 -0800 (PST) Message-ID: Date: Tue, 20 Dec 2022 09:55:26 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [PATCH v6 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC To: Jeff Xu , Andrew Morton Cc: Kees Cook , Peter Xu , jeffxu@chromium.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, hughd@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, kernel test robot , Shuah Khan References: <20221207154939.2532830-1-jeffxu@google.com> <20221207154939.2532830-4-jeffxu@google.com> <202212080821.5AE7EE99@keescook> <20221216094259.bec91e4abd6cf54a05ce2813@linux-foundation.org> <202212161233.85C9783FB@keescook> <20221216140641.bf6e47b7c4f5a53f34c8cf9a@linux-foundation.org> Content-Language: en-US From: Shuah Khan In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Stat-Signature: apbguddomcshyrdpyq1p9t4yy8d9135f X-Rspam-User: X-Rspamd-Queue-Id: 699B34000F X-Rspamd-Server: rspam06 X-HE-Tag: 1671555330-867799 X-HE-Meta: U2FsdGVkX19atUqgMiFy1T3sdfzWknJB6HS9Aou2ItcHD6Ka1WDVZER2GKcQ1d1IWaoStumgFKpZjjCJCmrSH0SFpIqYKnAtk5YlAXtWcqlAELqUJY9SHT/carMufBwLDc+TI18mJUR7B5LBZ9y5yr20AbMyx0u3RedsPMIShiNT6F1SKWjotwMd1XKDJommf4c/k085eDxTVsnkyZNrMmgZNWQ7GjARnVLdKegC5oOoU+yIVtBvO7zkCMssbJzLMHkW4ePFPuxWmE9egLWWdEFnRzBIYbUOPsJ3Rc9Q8lTfXu9nMkrUN6EQZgBl5l22VHggXzs0qVXGQmjp9uW3k7DE+DbitsMwrMMQmzj78ogeQUhUPzNXirc6XhJuhMrJxr/216caYUoH8eUwFG75kPlmjg98RHPjEXq79x642JJIzK3By6ThXnyoP3Bt25wGPU67eLlQC3MTjkUwAaAq6twTqTpTJVcRTKH/b/ttLIL3YI1wuXJr3RxhEIIKPIkEQHW6pVghTPykgA6DSNllP2Ip6kC8D0HLPHeDSXwrZQOyGk5NvoBvzHsi9xU60/sgU4YSD97MAj1vQEaR9hycuKGRahpIJ8wnHOn4yFVE8BKZJg82cgOVz2nmbCOsEzOC8B4MMTgXhR9QRgf6a02eNdzm8rAIMhKE9mpoykFQe3Osq55DghO9azkYucL9tSPhOQRLn/4C1KToFglp5IWf5AfWA263YTRjcJLSEZhUOsH93AJ9g0tV/U4xrA7U5LWcpTBsqiMswAkJPD+TT+sVwrOz/DHJCQl+tbqUJAAwYCiSRLjmys4ImUuECKFMpGirrrXMRlwzI+SVyPSZPSvi7RIv/ECKHj94OXeEVBVzMm7SyfGAzHjt5JdA70gkKXPafFI9nKGuLQIrT3SY/BVGIa+oLZPdu/EROycJU589oZ4iHxWjviNkHQ9FlZjkz1zKuj35sYBdc+qF/B2qOnA 9QZbg8jj 166Nzafk5yNCFALCm/jF6Lhz7ijavynP4urZjAwxecoyGFxsMM0KxISzVBIPJ16lH6OhTitPx+g+eSp0/xfvyQQzxt2sYK+3qcgG7677IQncpnegzDcX/p9vyQXP+jgEU3q+rjoXtEK5vNadSTnyOHtKeM4iAijDl8zQDdHfPwW8dLkHum2xVYncHd+1zw+/xfylc3XH55CYk24WNXfdubuZOTejgMCNkzLKU/znNhLJPWV8EfKBNJ/JwrQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 12/16/22 16:40, Jeff Xu wrote: > On Fri, Dec 16, 2022 at 2:06 PM Andrew Morton wrote: >> >> On Fri, 16 Dec 2022 13:46:58 -0800 Jeff Xu wrote: >> >>> On Fri, Dec 16, 2022 at 12:35 PM Kees Cook wrote: >>>> >>>> On Fri, Dec 16, 2022 at 10:11:44AM -0800, Jeff Xu wrote: >>>>> Once per boot seems too little, it would be nice if we can list all processes. >>>>> I agree ratelimited might be too much. >>>>> There is a feature gap here for logging. >>>>> >>>>> Kees, what do you think ? >>>> >>>> I agree once per boot is kind of frustrating "I fixed the one warning, >>>> oh, now it's coming from a different process". But ratelimit is, in >>>> retrospect, still too often. >>>> >>>> Let's go with per boot -- this should be noisy "enough" to get the >>>> changes in API into the callers without being too much of a hassle. >>>> >>> Agreed. Let's go with per boot. >>> >>> Hi Andrew, what is your preference ? I can send a patch or you >>> directly fix it in mm-unstable ? >> >> Like this? >> > Yes. Thanks! > Sorry jumping into this discussion a bit late. Is it possible to provide a way to enable full logging as a debug option to tag more processes? thanks, -- Shuah