From: Kees Cook <kees@kernel.org>
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
linux-kernel@vger.kernel.org, Will Drewry <wad@chromium.org>,
Christian Brauner <brauner@kernel.org>
Subject: Re: [RFC PATCH v3 2/3] seccomp: add kernel-installed pinned-memfd redirect
Date: Tue, 23 Jun 2026 12:11:21 -0700 [thread overview]
Message-ID: <202606231206.EF1A049019@keescook> (raw)
In-Reply-To: <CALCETrXEA1kJycTjxxtH=bUY-mJyNjNcc7LRTZQ3b+tDWt7_LQ@mail.gmail.com>
On Tue, Jun 23, 2026 at 12:02:32PM -0700, Andy Lutomirski wrote:
> I'm really not convinced that the min is needed to preserve any useful
> behavior. But Kees is very conservative about these things, with good
> reason.
What is going to use this feature? I'd rather not try to have a USER_NOTIF
security boundary since there are so many corner cases.
--
Kees Cook
next prev parent reply other threads:[~2026-06-23 19:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-13 0:15 [RFC PATCH v3 0/3] seccomp: non-cooperative pinned-memfd argument redirect Cong Wang
2026-06-13 0:15 ` [RFC PATCH v3 1/3] mm: add __do_mmap() and vm_mmap_seal_remote() Cong Wang
2026-06-13 0:15 ` [RFC PATCH v3 2/3] seccomp: add kernel-installed pinned-memfd redirect Cong Wang
2026-06-13 4:03 ` Andy Lutomirski
2026-06-20 21:11 ` Cong Wang
2026-06-23 19:02 ` Andy Lutomirski
2026-06-23 19:11 ` Kees Cook [this message]
2026-06-23 22:21 ` Andy Lutomirski
2026-06-23 23:29 ` Cong Wang
2026-06-23 23:26 ` Cong Wang
2026-06-13 0:15 ` [RFC PATCH v3 3/3] selftests/seccomp: cover non-cooperative pinned-memfd install Cong Wang
2026-06-13 10:07 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202606231206.EF1A049019@keescook \
--to=kees@kernel.org \
--cc=brauner@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=wad@chromium.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.