* Re: [PATCH v5 5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC [not found] ` <20221206152358.1966099-6-jeffxu@google.com> @ 2022-12-06 16:02 ` Greg KH 2022-12-06 16:27 ` Jeff Xu 0 siblings, 1 reply; 7+ messages in thread From: Greg KH @ 2022-12-06 16:02 UTC (permalink / raw) To: jeffxu Cc: skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd, jeffxu, jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh, linux-hardening On Tue, Dec 06, 2022 at 03:23:57PM +0000, jeffxu@chromium.org wrote: > From: Jeff Xu <jeffxu@chromium.org> > > Tests to verify MFD_NOEXEC, MFD_EXEC and vm.memfd_noexec sysctl. > > Signed-off-by: Jeff Xu <jeffxu@chromium.org> > Co-developed-by: Daniel Verkamp <dverkamp@chromium.org> > Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> > > Change-Id: Idccec1141255ca948c849f4efc8ba5e97f78b6eb Always use checkpatch.pl on your patches so you don't get grumpy maintainers telling you to run checkpatch.pl on your patches... thanks, greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC 2022-12-06 16:02 ` [PATCH v5 5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC Greg KH @ 2022-12-06 16:27 ` Jeff Xu 0 siblings, 0 replies; 7+ messages in thread From: Jeff Xu @ 2022-12-06 16:27 UTC (permalink / raw) To: Greg KH Cc: jeffxu, skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd, jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh, linux-hardening [-- Attachment #1: Type: text/plain, Size: 700 bytes --] On Tue, Dec 6, 2022 at 8:02 AM Greg KH <gregkh@linuxfoundation.org> wrote: > On Tue, Dec 06, 2022 at 03:23:57PM +0000, jeffxu@chromium.org wrote: > > From: Jeff Xu <jeffxu@chromium.org> > > > > Tests to verify MFD_NOEXEC, MFD_EXEC and vm.memfd_noexec sysctl. > > > > Signed-off-by: Jeff Xu <jeffxu@chromium.org> > > Co-developed-by: Daniel Verkamp <dverkamp@chromium.org> > > Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> > > > > Change-Id: Idccec1141255ca948c849f4efc8ba5e97f78b6eb > > Always use checkpatch.pl on your patches so you don't get grumpy > maintainers telling you to run checkpatch.pl on your patches... > > Will do, thanks for pointing it out. Jeff > thanks, > > greg k-h > [-- Attachment #2: Type: text/html, Size: 1730 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <20221206152358.1966099-4-jeffxu@google.com>]
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC [not found] ` <20221206152358.1966099-4-jeffxu@google.com> @ 2022-12-06 16:04 ` Greg KH 2022-12-06 16:26 ` Jeff Xu 0 siblings, 1 reply; 7+ messages in thread From: Greg KH @ 2022-12-06 16:04 UTC (permalink / raw) To: jeffxu Cc: skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd, jeffxu, jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh, linux-hardening, kernel test robot On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote: > --- a/kernel/pid_namespace.c > +++ b/kernel/pid_namespace.c > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns > ns->ucounts = ucounts; > ns->pid_allocated = PIDNS_ADDING; > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) > + ns->memfd_noexec_scope = > + task_active_pid_ns(current)->memfd_noexec_scope; > +#endif .c files should never have #if in them. Can't you put this in a .h file properly so that this does not get really messy over time? > + > return ns; > > out_free_idr: > @@ -255,6 +260,45 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) > return; > } > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) Same here. thanks, greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC 2022-12-06 16:04 ` [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC Greg KH @ 2022-12-06 16:26 ` Jeff Xu 2022-12-06 16:35 ` Greg KH 0 siblings, 1 reply; 7+ messages in thread From: Jeff Xu @ 2022-12-06 16:26 UTC (permalink / raw) To: Greg KH Cc: jeffxu, skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd, jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh, linux-hardening, kernel test robot On Tue, Dec 6, 2022 at 8:04 AM Greg KH <gregkh@linuxfoundation.org> wrote: > > On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote: > > --- a/kernel/pid_namespace.c > > +++ b/kernel/pid_namespace.c > > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns > > ns->ucounts = ucounts; > > ns->pid_allocated = PIDNS_ADDING; > > > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) > > + ns->memfd_noexec_scope = > > + task_active_pid_ns(current)->memfd_noexec_scope; > > +#endif > > .c files should never have #if in them. Can't you put this in a .h file > properly so that this does not get really messy over time? > > Thanks for reviewing. It seems to me that checking for CONFIG_XXX is common in c code in kernel/ path. Do you have a sample code pattern (link/function) that I can follow? Thanks Jeff > > > + > > return ns; > > > > out_free_idr: > > @@ -255,6 +260,45 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns) > > return; > > } > > > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) > > Same here. > > thanks, > > greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC 2022-12-06 16:26 ` Jeff Xu @ 2022-12-06 16:35 ` Greg KH 2022-12-06 17:48 ` Jeff Xu 0 siblings, 1 reply; 7+ messages in thread From: Greg KH @ 2022-12-06 16:35 UTC (permalink / raw) To: Jeff Xu Cc: jeffxu, skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd, jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh, linux-hardening, kernel test robot On Tue, Dec 06, 2022 at 08:26:30AM -0800, Jeff Xu wrote: > On Tue, Dec 6, 2022 at 8:04 AM Greg KH <gregkh@linuxfoundation.org> wrote: > > > > On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote: > > > --- a/kernel/pid_namespace.c > > > +++ b/kernel/pid_namespace.c > > > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns > > > ns->ucounts = ucounts; > > > ns->pid_allocated = PIDNS_ADDING; > > > > > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) > > > + ns->memfd_noexec_scope = > > > + task_active_pid_ns(current)->memfd_noexec_scope; > > > +#endif > > > > .c files should never have #if in them. Can't you put this in a .h file > > properly so that this does not get really messy over time? > > > > > Thanks for reviewing. > It seems to me that checking for CONFIG_XXX is common in c code in > kernel/ path. Maybe, but please don't make it any worse if at all possible. It's tough to maintain code like that. > Do you have a sample code pattern (link/function) that I can follow? Any of the zillions of #if statements in .h files :) thanks, greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC 2022-12-06 16:35 ` Greg KH @ 2022-12-06 17:48 ` Jeff Xu 2022-12-06 23:24 ` Kees Cook 0 siblings, 1 reply; 7+ messages in thread From: Jeff Xu @ 2022-12-06 17:48 UTC (permalink / raw) To: Greg KH Cc: jeffxu, skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd, jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh, linux-hardening, kernel test robot On Tue, Dec 6, 2022 at 8:35 AM Greg KH <gregkh@linuxfoundation.org> wrote: > > On Tue, Dec 06, 2022 at 08:26:30AM -0800, Jeff Xu wrote: > > On Tue, Dec 6, 2022 at 8:04 AM Greg KH <gregkh@linuxfoundation.org> wrote: > > > > > > On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote: > > > > --- a/kernel/pid_namespace.c > > > > +++ b/kernel/pid_namespace.c > > > > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns > > > > ns->ucounts = ucounts; > > > > ns->pid_allocated = PIDNS_ADDING; > > > > > > > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) > > > > + ns->memfd_noexec_scope = > > > > + task_active_pid_ns(current)->memfd_noexec_scope; > > > > +#endif > > > > > > .c files should never have #if in them. Can't you put this in a .h file > > > properly so that this does not get really messy over time? > > > > > > > > Thanks for reviewing. > > It seems to me that checking for CONFIG_XXX is common in c code in > > kernel/ path. > > Maybe, but please don't make it any worse if at all possible. It's > tough to maintain code like that. > > > Do you have a sample code pattern (link/function) that I can follow? > > Any of the zillions of #if statements in .h files :) > Thanks. I will take the approach of having real/stub implementation in the h file, and the c file using it without a compile flag. Please kindly let me know if this is not right. Thanks Jeff > thanks, > > greg k-h ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC 2022-12-06 17:48 ` Jeff Xu @ 2022-12-06 23:24 ` Kees Cook 0 siblings, 0 replies; 7+ messages in thread From: Kees Cook @ 2022-12-06 23:24 UTC (permalink / raw) To: Jeff Xu Cc: Greg KH, jeffxu, skhan, akpm, dmitry.torokhov, dverkamp, hughd, jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh, linux-hardening, kernel test robot On Tue, Dec 06, 2022 at 09:48:55AM -0800, Jeff Xu wrote: > On Tue, Dec 6, 2022 at 8:35 AM Greg KH <gregkh@linuxfoundation.org> wrote: > > > > On Tue, Dec 06, 2022 at 08:26:30AM -0800, Jeff Xu wrote: > > > On Tue, Dec 6, 2022 at 8:04 AM Greg KH <gregkh@linuxfoundation.org> wrote: > > > > > > > > On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote: > > > > > --- a/kernel/pid_namespace.c > > > > > +++ b/kernel/pid_namespace.c > > > > > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns > > > > > ns->ucounts = ucounts; > > > > > ns->pid_allocated = PIDNS_ADDING; > > > > > > > > > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) > > > > > + ns->memfd_noexec_scope = > > > > > + task_active_pid_ns(current)->memfd_noexec_scope; > > > > > +#endif > > > > > > > > .c files should never have #if in them. Can't you put this in a .h file > > > > properly so that this does not get really messy over time? > > > > > > > > > > > Thanks for reviewing. > > > It seems to me that checking for CONFIG_XXX is common in c code in > > > kernel/ path. > > > > Maybe, but please don't make it any worse if at all possible. It's > > tough to maintain code like that. > > > > > Do you have a sample code pattern (link/function) that I can follow? > > > > Any of the zillions of #if statements in .h files :) > > > Thanks. > I will take the approach of having real/stub implementation in the h > file, and the c file using it without a compile flag. > Please kindly let me know if this is not right. Right; for example: in .h: #if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE) static inline void ns_copy_memfd_scope(... dst, ... src) { dst->memfd_noexec_scope = src->memfd_noexec_scope; } #else static inline void ns_set_memfd_scope(... ns, ... scope) { } #endif in .c: ns_copy_memfd_scope(ns, task_active_pid_ns(current)); -- Kees Cook ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-12-06 23:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20221206152358.1966099-1-jeffxu@google.com>
[not found] ` <20221206152358.1966099-6-jeffxu@google.com>
2022-12-06 16:02 ` [PATCH v5 5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC Greg KH
2022-12-06 16:27 ` Jeff Xu
[not found] ` <20221206152358.1966099-4-jeffxu@google.com>
2022-12-06 16:04 ` [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC Greg KH
2022-12-06 16:26 ` Jeff Xu
2022-12-06 16:35 ` Greg KH
2022-12-06 17:48 ` Jeff Xu
2022-12-06 23:24 ` Kees Cook
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).