From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 41EDDC25B75 for ; Thu, 23 May 2024 08:24:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6170E6B008C; Thu, 23 May 2024 04:24:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5C7916B0092; Thu, 23 May 2024 04:24:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 490396B0093; Thu, 23 May 2024 04:24:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 2C4956B008C for ; Thu, 23 May 2024 04:24:51 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id CA68BA144D for ; Thu, 23 May 2024 08:24:50 +0000 (UTC) X-FDA: 82148974740.24.7425C3F Received: from wfhigh3-smtp.messagingengine.com (wfhigh3-smtp.messagingengine.com [64.147.123.154]) by imf28.hostedemail.com (Postfix) with ESMTP id 23F16C0018 for ; Thu, 23 May 2024 08:24:47 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=readahead.eu header.s=fm3 header.b=bbi9wCEX; dkim=pass header.d=messagingengine.com header.s=fm1 header.b="I rVVz1i"; spf=pass (imf28.hostedemail.com: domain of david@readahead.eu designates 64.147.123.154 as permitted sender) smtp.mailfrom=david@readahead.eu; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1716452688; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uQ1XIZZzVzDnVHgFVVR9WB3UmecDQC4WcoxUGP3/pSA=; b=o2c0PgDyz7voGn5Iochmpc6m1VOB9pg6w4bNE1257jx9oOr8J1QLNzmZ7/oEewZm17U+X8 6ZFcosqlI71hl4lX5gDB7XVB0zxWO+riDN2Xv2I2GeiuSSHHBGbQWPrYWJfrdcVRCN/6J/ FZolnTgqCddYJ2pzDNXHDvvI1in1SWU= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=readahead.eu header.s=fm3 header.b=bbi9wCEX; dkim=pass header.d=messagingengine.com header.s=fm1 header.b="I rVVz1i"; spf=pass (imf28.hostedemail.com: domain of david@readahead.eu designates 64.147.123.154 as permitted sender) smtp.mailfrom=david@readahead.eu; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1716452688; a=rsa-sha256; cv=none; b=5CgHWCDAESxvIWmYKXLu2xdIidJmjD98Cr/PbzOhAtu3O6+A2Rb1542wwDAmLJ4LpRN+wu C1lyjCFJMvQYthTa0IaJPtKHvsVn7aFMWDn5zVLffDz/USpKb+bsYjWrZu9Jkoshh/yna6 kuVr27x3ZQ9PSOl3xG3bV8xbuwnkc4I= Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailfhigh.west.internal (Postfix) with ESMTP id CEE1718000C3; Thu, 23 May 2024 04:24:40 -0400 (EDT) Received: from imap50 ([10.202.2.100]) by compute6.internal (MEProxy); Thu, 23 May 2024 04:24:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=readahead.eu; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1716452680; x=1716539080; bh=uQ1XIZZzVzDnVHgFVVR9WB3UmecDQC4WcoxUGP3/pSA=; b= bbi9wCEXusq1PCAmAYxC4BiT27Y40Ap08kAkdhBLZgdMw/bGbiv2m8vsxcFVgmru q1OKDPeRBpEmFr9Cux8fOA0Av7QX/pUbN56fvGRN/GQ3Yq3+4uCieiqqF9VrX/ey B+RX/qDbkSBDH9dILn59EbowqykCzjPEExmQxTMNk8r5HlV7752kVMwqN3I83ZVl rrdP3OOhATAc+/OiEq7j9stxIgCA37KIB+ELIm7YnWK93kLM2SLBHZmlGUoDnOc4 e5TXMv56KeOVl4RoJitRzb72QYevGQ4n0yqQpO6ae1Qwvambj+iSimpMjcuQqbb2 s83XtM7ZZ7b6w6echlAw6A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1716452680; x= 1716539080; bh=uQ1XIZZzVzDnVHgFVVR9WB3UmecDQC4WcoxUGP3/pSA=; b=I rVVz1iYth6Czg8j1qlzSei4KHsHk6i+iAIZb4h97+FiMw3x2pC1Wx8pjym0Y2czl PFYMs18JfaAGDc3KXI+uViAvvsi2a+OWbTUeyMX4JzMmW8pYVy+aabMwvk+O1t0j cFsoE0nhI6EMqrwcvF+vjkskxERjNkO4DG2VRh7aSm1GlttBA9EOUFRISMvIe/Ds SNEXzqJ+1twWXspR4etxVWREVenq7W6wRzr3OwswSNFVFgAQ+O3WComfcxo3QA+W GM4uNOKBx77LmoBwx6tG7FqCy1pYoASliHS+fJFT7VMvpPYiUtz8xaGpgPRuxGB3 0Y6ab0XbWd3sMsnygt6tg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeiiedgtdefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtgfesthhqredtreerjeenucfhrhhomhepfdff rghvihguucfthhgvihhnshgsvghrghdfuceouggrvhhiugesrhgvrggurghhvggrugdrvg huqeenucggtffrrghtthgvrhhnpefgleejleduiedvfeevjeevieduledvjeeljeelvedt uedvgeejjefhvdefhffgieenucffohhmrghinhepkhgvrhhnvghlrdhorhhgnecuvehluh hsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepuggrvhhiugesrhgv rggurghhvggrugdrvghu X-ME-Proxy: Feedback-ID: id2994666:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 0828D1700093; Thu, 23 May 2024 04:24:39 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.11.0-alpha0-480-g515a2f54a-fm-20240515.001-g515a2f54 MIME-Version: 1.0 Message-Id: <08450f80-4c33-40db-886f-fee18e531545@app.fastmail.com> In-Reply-To: <1KDsEBw8g7ymBVpGJZp9NRH1HmCBsQ_jjQ_jKOg90gLUFhW5W6lcG-bI4-5OPkrD24RiG7G83VoZL4SXPQjfldsNFDg7bFnFFgrVZWwSWXQ=@protonmail.com> References: <20240513191544.94754-1-pobrn@protonmail.com> <20240522162324.0aeba086228eddd8aff4f628@linux-foundation.org> <1KDsEBw8g7ymBVpGJZp9NRH1HmCBsQ_jjQ_jKOg90gLUFhW5W6lcG-bI4-5OPkrD24RiG7G83VoZL4SXPQjfldsNFDg7bFnFFgrVZWwSWXQ=@protonmail.com> Date: Thu, 23 May 2024 10:24:19 +0200 From: "David Rheinsberg" To: =?UTF-8?Q?Barnab=C3=A1s_P=C5=91cze?= , "Andrew Morton" Cc: "Jeff Xu" , linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, dmitry.torokhov@gmail.com, "Daniel Verkamp" , hughd@google.com, jorgelo@chromium.org, skhan@linuxfoundation.org, "Kees Cook" Subject: Re: [PATCH v1] memfd: `MFD_NOEXEC_SEAL` should not imply `MFD_ALLOW_SEALING` Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 23F16C0018 X-Stat-Signature: wyyg57frchbfe7xum3boqxc761pka43m X-Rspam-User: X-HE-Tag: 1716452687-623025 X-HE-Meta: U2FsdGVkX19JO+VNfqpq3fgHHhrj1/LdR8XI+ZL6cAJmEvhmxAqhxALCD9MGizUjkRlQCmJg6Eqf+I9ubXuybRrLk6NoAzgNyJ/oil/8bUZJMpvYWj1LWUIRJ6skO6yMS3/qWXjlwVTn95T1Zs2CS7qBH2NWVcTpcauDxetSt4cSVLoQXqc8M0zTT0MsUQ9yoa1JdSAMh3PohC/EdI5nyoHfBt7VaPvQLzV0IIVAjF9IGRrGBiwfIg5K/6BOnrrH0ivuISK8WXmgqIBsATxHh5EJhDRxXC2OEIOI6SmzK+oMQ8mNMrtotYre1AUjHE4E5G2tjP2tojY1MBGbj7xcqKGwKegYc6/uS54nVQDL5kulaepZoa6cPfUFZuC4fJPLCDbRimO9oe4WMPApcK7swN6HBWYAg0YrU0OuW+W4yGhutklRH3dHly/m8HPQUqni+gQmvsGV+3zdzuNjXHrYOInXjU0rglgWtj3VjUAJpBEoJlcDTE6Ba6AdXrdSn+uXmMQrrAx5jMqA4Ili9Jk24vAmVOn4bv5DHsdc6Kz2KUSkraNL5Kek3nnlKWAdpriezqZJ+KtbCMQRA74Om1mnGA9AP1FcU5Ja10ThohBlh6gCOO43ovivkLiT461Qj7dmTMHPwgFRW+MEugzPd4ajDZnOJdu5amdldpp8QNvV+xnIK+qMgTB2S3VMXicjf5ILK6IYEq3pnKa6vyt6fU9VcJSE36hO31p4kuHGw/80ePesVBwNSYndZiJGFRdDWxG04OstWRHB6I1WpOa+ydnL1OBfIBMVF/uCETNz4G+lmkzBCUo/aXcwuHMgRKLwzSa6/VYrxB2i4m8WL6f9ZEVh0wRzNgGnZzoq7dxnTiG/AdD2UlHgsNJsh6BEJe5101SFmz1dpOe20TqfR48ne5LG5TEBuwG0pYNE2ErsmzpavJ5mvifFQy1puRbf6q9sEAKzwIbb4gOt8CvbdQ7LvTf ylpOnd/I Ajrmbt01chkDeEeVENMqG4hYtKisVmqjUDgCYWmzuhca3awXu5rsiehm8VbAU7/6f39fCOnfXo4JJWucuy3fR086JBnvsx/26IHhx2hD0kJdaUD8yYbRBiqR4Shg5ISe6aSoYOyItWRWimFM29w0ELSSroUYRwosthMzevcZnNLY1OR5xiQgPmNabCqWKv7HxYKvfnaBqTMUWHhIYkILfwws5ibq8zRirZVMc1HX+vwyI9AHum/s8p0Kdts1wm4h0yIDnjs2d4s3Jsfr0l7PvbqjIVA6Rz9whsm8+HraiEN94x5aDaZ0mEVM5lUru9f82eQqO6oJhLtKj+d4VVs0GMB/e5uyH6xX94LwNAGmlwVHaXG4hZmdaHveFir13jNZntuvxL43vHTKQWu38ZHxjWAl+LpxkB1FZASNtKNb4ORBpr7KYyB119YVqY+dN2xCQEma5bR2rbGFYLS3/vdo9YG9duA1ylcid7kQNtthdul7Fa5ei3vthlFKdwvpANgylrTxr3wOWss9zles= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Hi On Thu, May 23, 2024, at 4:25 AM, Barnab=C3=A1s P=C5=91cze wrote: > 2024. m=C3=A1jus 23., cs=C3=BCt=C3=B6rt=C3=B6k 1:23 keltez=C3=A9ssel, = Andrew Morton=20 > =C3=ADrta: >> It's a change to a userspace API, yes? Please let's have a detailed >> description of why this is OK. Why it won't affect any existing user= s. > > Yes, it is a uAPI change. To trigger user visible change, a program ha= s to > > - create a memfd > - with MFD_NOEXEC_SEAL, > - without MFD_ALLOW_SEALING; > - try to add seals / check the seals. > > This change in essence reverts the kernel's behaviour to that of Linux=20 > <6.3, where > only `MFD_ALLOW_SEALING` enabled sealing. If a program works correctly=20 > on those > kernels, it will likely work correctly after this change. > > I have looked through Debian Code Search and GitHub, searching for=20 > `MFD_NOEXEC_SEAL`. > And I could find only a single breakage that this change would case:=20 > dbus-broker > has its own memfd_create() wrapper that is aware of this implicit=20 > `MFD_ALLOW_SEALING` > behaviour[0], and tries to work around it. This workaround will break.=20 > Luckily, > however, as far as I could tell this only affects the test suite of=20 > dbus-broker, > not its normal operations, so I believe it should be fine. I have=20 > prepared a PR > with a fix[1]. We asked for exactly this fix before, so I very much support this. Our t= est-suite in `dbus-broker` merely verifies what the current kernel behav= ior is (just like the kernel selftests). I am certainly ok if the kernel= breaks it. I will gladly adapt the test-suite. Previous discussion was in: [PATCH] memfd: support MFD_NOEXEC alongside MFD_EXEC https://lore.kernel.org/lkml/20230714114753.170814-1-david@readahead= .eu/ Note that this fix is particularly important in combination with `vm.mem= fd_noexec=3D2`, since this breaks existing user-space by enabling sealin= g on all memfds unconditionally. I also encourage backporting to stable = kernels. Reviewed-by: David Rheinsberg Thanks David