From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94F43CF8868 for ; Sat, 5 Oct 2024 01:04:36 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 19F9B6B0096; Fri, 4 Oct 2024 21:04:36 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 12B8D6B0160; Fri, 4 Oct 2024 21:04:36 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id EE3046B03AB; Fri, 4 Oct 2024 21:04:35 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id C99BA6B03A6 for ; Fri, 4 Oct 2024 21:04:35 -0400 (EDT) Received: from smtpin21.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 6D9C9404CC for ; Sat, 5 Oct 2024 01:04:35 +0000 (UTC) X-FDA: 82637753310.21.C31F83D Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3]) by imf02.hostedemail.com (Postfix) with ESMTP id 177E780004 for ; Sat, 5 Oct 2024 01:04:32 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=openbsd.org header.s=selector1 header.b="sHZb4/K1"; dmarc=none; spf=pass (imf02.hostedemail.com: domain of deraadt@openbsd.org designates 199.185.137.3 as permitted sender) smtp.mailfrom=deraadt@openbsd.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728090232; a=rsa-sha256; cv=none; b=b8oNHLvtF/L6YKqmzIqHCXKWXSbk7qa89Ye3SmbS630zAtybBdNNjb3b1Nkt7Ffm6+dgeQ F/GUFm3KfmQ9p174xFhrSMDfc4wAADmjk80Qp4TPWgMpA79u2MDH/89n6dcS3fwnDLPsSV O/8CBN+lke/f6ZEzEU48gKtjChE1AVA= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=openbsd.org header.s=selector1 header.b="sHZb4/K1"; dmarc=none; spf=pass (imf02.hostedemail.com: domain of deraadt@openbsd.org designates 199.185.137.3 as permitted sender) smtp.mailfrom=deraadt@openbsd.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1728090232; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=aADS3Tjy5ONXlvm2nsYyMPO/myOxFcmg7iF6auSURJU=; b=KI/OcRMVqzXPlEZyFa+H5pPknWHffi2LWT/61QNhWFcfm4zmZeTXB5bXOuM5q+AsTrDHeY aKWBkATWfcT3hMELf6vt5OHOmwdrwBpX97dxjN/5Q7LXJc8UfZDUM3FEJmuEbq4PIvySh5 1M35UlZwDXyNllFZPuaBAK98POGySGI= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=selector1; bh=ceoFgBtwxS ZTjATveYnv5yYpnEyiSYI8ibzvGyRpUcM=; h=date:references:in-reply-to: subject:cc:to:from; d=openbsd.org; b=sHZb4/K17HQLUj6Xf/aoweZ8SPSWlEkj+ iV16cjKudM8yAAyPqYXrNHvHu0kOTJ/nvVS2Wk3cb3IrycxbZu8vCPoru0j0Mly5TudqT2 OI26Yo+0YGCoxM2LQfAqDTKn3RqzEYhI4D3yRT/F3pgdRXHlaZDjFLQajYZX3+ho2cpsTa HA5iZ+5T78uBxzIJepR5g1JZdE563fvq0OccznuEDbI2jykoruB+5CachkoWmmW5k4MH8B 96kd1Ack+hrPxlZSJtMihZOVRFJNyBBpSjsNsQfTr1xu4gIGhLikyhac2t9Td47ucORQon 7xrqkLBQAE2Fep/ijnW261s9gXt2Q== Received: from cvs.openbsd.org (localhost [127.0.0.1]) by cvs.openbsd.org (OpenSMTPD) with ESMTP id a9f35afe; Fri, 4 Oct 2024 19:04:31 -0600 (MDT) From: "Theo de Raadt" To: Randy Dunlap cc: Jeff Xu , akpm@linux-foundation.org, keescook@chromium.org, corbet@lwn.net, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, sroettger@google.com, pedro.falcato@gmail.com, linux-hardening@vger.kernel.org, willy@infradead.org, gregkh@linuxfoundation.org, torvalds@linux-foundation.org, usama.anjum@collabora.com, surenb@google.com, merimus@google.com, lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com, enh@google.com Subject: Re: [PATCH v2 1/1] mseal: update mseal.rst In-reply-to: <78f05735-cca3-491e-b2d6-c673427efa07@infradead.org> References: <20241001002628.2239032-1-jeffxu@chromium.org> <20241001002628.2239032-2-jeffxu@chromium.org> <4544a4b3-d5b6-4f6b-b3d5-6c309eb8fa9d@infradead.org> <78f05735-cca3-491e-b2d6-c673427efa07@infradead.org> Comments: In-reply-to Randy Dunlap message dated "Fri, 04 Oct 2024 16:52:06 -0700." MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <25904.1728090271.1@cvs.openbsd.org> Date: Fri, 04 Oct 2024 19:04:31 -0600 Message-ID: <15868.1728090271@cvs.openbsd.org> X-Rspam-User: X-Rspamd-Queue-Id: 177E780004 X-Rspamd-Server: rspam01 X-Stat-Signature: 6yne8mgmwyfcrn95ugh65nkwssmqk3xu X-HE-Tag: 1728090272-773749 X-HE-Meta: U2FsdGVkX18QvOyRzVEXc6JquCS4KcwYATWhj7nIOMV/xKFFaPIgNybuiGLhIYUJOARTC/abska/ngiTiNk/BiR3jK0Tzqgj6jdOipCatyvWe9HitRfjf47dB08hnD3BK9s4OUQwOOEuP9xeIwtUmRnVpbNgsa/yqdHxZsLv/jmsRS8E+//BLgynD0v/1QxDHMU4FbvDkbHAgu3Reja5uHmqPgO6M/tNnKfLruRmfAD6BUtX3fwMwLAVpHW8XXbTk/GMaXLOeUegEm22Wanz5NRPznNithjEOAvUH4KSFj5IEkyo/0M9vfC+EhHT/v2p552zheS/gkYE6e0D0lc0OOxaahAYdxlyN54jOHHFVsFKAlhkdjWt3z3Iz/j+H0o9M1BC1iAgdrryKN3nxZV9gdmohWhVdJDDnQ8cqBkpdwNYo9AmbubAH5EpOo3zXClcrngvsJw+I3O74XQdp667GZ4UF43o0rvfCpRRC5iVLH8HM9VKVhcGNasZWRLkTJfbZT6c+jYgUP5PDTo8o602CVFjgLFTU9UQDq6l4/YQvZW09TO3SS9IdK/Oim9B8+6Hki1rpbrvR090M7JuaWS9ZX9os3I54Tw/NROjHLRtLD3PZTxu9EvJVKD/7pAS554Pk+7bm6pT4s0PPXDcuMwqK3+FP9eCAMUG5N8u8ei17yMuUlLZEgV4Jyyx1hEJBtstPIEZF15bIsQk3jiNJ/3fNDQdiKwG1nZBEBeWFPiTl9r4jZRUO2hzj28JtD8A8SOpntoluoKe/xS9UYpIExOlbbYJpdqIBI/nv846BA5CzdNexAvicgSiZ+Tj7v65TbjXreKpsPWJJ7Jar7OKib7DfJ8ek7VVcq2fJPIhkoIQHGfPqVFkJYWsHY6ORgG+sueRQCZ/IijEQlfT3SjOj1Tc44nhAPMBXuqlsz1RrQLa19HQ6y4xdVqmMJixpMsWD79xAPmuVOxyKr3gZ3aT+sj TfN8KZBU mkJ6UOlfzpO70jmBc3BiZOW8aiv9S8ZgTDxJGQdV6xs15LRTo2K+hP/EdacpP7Cwef9rqCLK/XIV5YjEXwNE1CLnnCnyb7oZA4sBfiO1M6TOTNBUK1eqQKdZ0WcbxLJX1wwnmQNSRhtWNYbJvTD33o6t72Af6y5T9BvrEw0o8UCR2ozJPVjYRv5W+2A0X5cfy+gqVwMxYwpLBQ5TmMUrXvDrkxP1FZtAfR8kvOZjkjoUvDou4IhdazUPxoVKOLdROuQVETBUUMIk9xiF2p5NYMGnZO/sbMoEQEfMgLwyM2bGC81hprWWJ4E2fFtpvAY1OSHYPcvQXI78MmhX/afHvGwyk1GCPhJua6VBSFwhPNkUr11VlZnjwtjCJWc5ovT26HSlKqhrhYAlAl7NC2CUaNZIm1lUNn13E+NBm X-Bogosity: Ham, tests=bogofilter, spamicity=0.001768, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Randy Dunlap wrote: > On 10/4/24 9:52 AM, Jeff Xu wrote: > >> above is not a sentence but I don't know how to fix it. > >> > > Would below work ? > > > > Certain destructive madvise behaviors, specifically MADV_DONTNEED, > > MADV_FREE, MADV_DONTNEED_LOCKED, MADV_FREE, MADV_DONTFORK, > > MADV_WIPEONFORK, can pose risks when applied to anonymous memory by > > threads without write permissions. These behaviors have the potential > > to modify region contents by discarding pages, effectively performing > > a memset(0) operation on the anonymous memory. > > Yes, that works. > Or at least it explains the problem, like Theo said. In OpenBSD, mimmutable() solves this problem (in later code iterations). In Linux, does mseal() solve the problem or not? The statement doesn't answer this question. It only explains the problem. If it doesn't solve the problem, that's pretty surprising (weaker than mimmutable). During development I wrote a fake little program which placed an 'int = 1' resided into a zone of readonly memory (.data), and then imagined "an attacker gets enough control to perform an madvise(), but only had enough control, and has to return to normal control flow immediately". The madvise() operations was able to trash the int, altering the program's later behaviour. So I researched the matter more, and adapted mimmutable() to block ALL system-call variations similar to 'write to a not-permitted region'. So the question remains: Does mseal() block such a (rare) pattern or not. The sentence doesn't indicate that mseal() has a response to the stated problem.