All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Theo de Raadt" <deraadt@openbsd.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matthew Wilcox <willy@infradead.org>,
	Jonathan Corbet <corbet@lwn.net>,
	Andrew Morton <akpm@linux-foundation.org>,
	jeffxu@chromium.org, keescook@chromium.org, jannh@google.com,
	sroettger@google.com, gregkh@linuxfoundation.org,
	usama.anjum@collabora.com, Liam.Howlett@oracle.com,
	surenb@google.com, merimus@google.com, rdunlap@infradead.org,
	jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org,
	linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
	linux-mm@kvack.org, pedro.falcato@gmail.com,
	dave.hansen@intel.com, linux-hardening@vger.kernel.org
Subject: Re: [PATCH v10 0/5] Introduce mseal
Date: Tue, 14 May 2024 19:47:46 -0600	[thread overview]
Message-ID: <84192.1715737666@cvs.openbsd.org> (raw)
In-Reply-To: <CAHk-=wi04ZCm3vTtkcVnAUdiOpX3a0hBZ-aQWONwCubOJQEdXw@mail.gmail.com>

Linus Torvalds <torvalds@linux-foundation.org> wrote:

Regarding mprotect(), POSIX also says:

    An implementation may permit accesses other than those specified by
    prot; however, no implementation shall permit a write to succeed where
    PROT_WRITE has not been set or shall permit any access where PROT_NONE
    alone has been set.

When sealed memory is encountered in the middle of a range, an error
will be returned (which almost noone looks at). Memory after the sealed
region will not be fixed to follow this rule.

It may retain higher permission.

> Maybe some atomicity rules have always been true for BSD, but they've
> never been true for Linux, and while I don't know how authoritative
> that opengroup thing is, it's what google found.

It is not a BSD thing.  I searched many kernels.  I did not find the
Linux behaviour anywhere else.

> > (Linus, don't be a jerk)
> 
> I'm not the one who makes unsubstantiated statements and uses scare
> tactics to try to make said arguments sound more valid than they are.
> 
> So keep your arguments real, please.


CAN YOU PLEASE SHUT IT WITH THE PERSONAL ATTACKS?  ARE YOU SO INSECURE
THAT YOU NEED TO TAKE A TECHNICAL DISCUSSION AND MAKE IT PERSONAL?


In a new world of immutable / sealed memory, I believe there is a much
bigger problem and I would appreciate if the Linux team would give it
some consideration.

mprotect and munmap (and other calls) can now fail, due to intentional
address space manipulation requested by a process (previously).

The other previous errors have been transient system effects, like ENOMEM.

This EPERM with partial change is not transient.  A 5 line test program
can show memory which is not released, or which memory will retain
incorrect permissions.

Have any of you written test programs?

  reply	other threads:[~2024-05-15  1:47 UTC|newest]

Thread overview: 55+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-15 16:35 [PATCH v10 0/5] Introduce mseal jeffxu
2024-04-15 16:35 ` [PATCH v10 1/5] mseal: Wire up mseal syscall jeffxu
2024-04-15 18:12   ` Muhammad Usama Anjum
2024-04-15 18:21     ` Linus Torvalds
2024-04-15 19:06       ` Jeff Xu
2024-04-15 16:35 ` [PATCH v10 2/5] mseal: add " jeffxu
2024-04-16 14:59   ` Liam R. Howlett
2024-04-16 15:17     ` Jann Horn
2024-04-16 16:42     ` Theo de Raadt
2024-04-15 16:35 ` [PATCH v10 3/5] selftest mm/mseal memory sealing jeffxu
2024-04-15 18:32   ` Muhammad Usama Anjum
2024-04-15 20:27     ` Jeff Xu
2024-04-16  0:34       ` Kees Cook
2024-05-02 11:24   ` Ryan Roberts
2024-05-02 15:18     ` Jeff Xu
2024-05-02 22:39     ` Jeff Xu
2024-05-03  8:30       ` Ryan Roberts
2024-04-15 16:35 ` [PATCH v10 4/5] mseal:add documentation jeffxu
2024-04-15 16:35 ` [PATCH v10 5/5] selftest mm/mseal read-only elf memory segment jeffxu
2024-04-16 15:13 ` [PATCH v10 0/5] Introduce mseal Liam R. Howlett
2024-04-16 19:40   ` Jeff Xu
2024-04-18 20:19     ` Suren Baghdasaryan
2024-04-19  1:22       ` Jeff Xu
2024-04-19 14:57         ` Suren Baghdasaryan
2024-04-19 15:14           ` Jeff Xu
2024-04-19 16:54             ` Suren Baghdasaryan
2024-04-19 17:59         ` Pedro Falcato
2024-04-20  1:23           ` Jeff Xu
2024-05-14 17:46 ` Andrew Morton
2024-05-14 19:52   ` Kees Cook
2024-05-23 23:32     ` Kees Cook
2024-05-23 23:54       ` Andrew Morton
2024-05-24 15:19         ` Linus Torvalds
2024-05-14 20:59   ` Jonathan Corbet
2024-05-14 21:28     ` Matthew Wilcox
2024-05-14 22:48       ` Theo de Raadt
2024-05-14 23:01         ` Andrew Morton
2024-05-14 23:47           ` Theo de Raadt
2024-05-15  2:58             ` Willy Tarreau
2024-05-15  3:36               ` Linus Torvalds
2024-05-15  4:14                 ` Linus Torvalds
2024-05-15  6:14                   ` Willy Tarreau
2024-05-15  0:43         ` Linus Torvalds
2024-05-15  0:57           ` Theo de Raadt
2024-05-15  1:20             ` Linus Torvalds
2024-05-15  1:47               ` Theo de Raadt [this message]
2024-05-15  2:28                 ` Linus Torvalds
2024-05-15  2:42                   ` Theo de Raadt
2024-05-15  4:53                     ` Liam R. Howlett
2024-05-14 21:28   ` Liam R. Howlett
2024-05-15 17:18     ` Jeff Xu
2024-05-15 22:19       ` Liam R. Howlett
2024-05-16  0:59         ` Jeff Xu
2024-05-21 16:00           ` Liam R. Howlett
2024-05-21 20:55             ` Jeff Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=84192.1715737666@cvs.openbsd.org \
    --to=deraadt@openbsd.org \
    --cc=Liam.Howlett@oracle.com \
    --cc=akpm@linux-foundation.org \
    --cc=corbet@lwn.net \
    --cc=dave.hansen@intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=groeck@chromium.org \
    --cc=jannh@google.com \
    --cc=jeffxu@chromium.org \
    --cc=jeffxu@google.com \
    --cc=jorgelo@chromium.org \
    --cc=keescook@chromium.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=merimus@google.com \
    --cc=pedro.falcato@gmail.com \
    --cc=rdunlap@infradead.org \
    --cc=sroettger@google.com \
    --cc=surenb@google.com \
    --cc=torvalds@linux-foundation.org \
    --cc=usama.anjum@collabora.com \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.