From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6BDC6C4167B for ; Fri, 16 Dec 2022 22:06:48 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C37DB8E0002; Fri, 16 Dec 2022 17:06:47 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id BE8C18E0001; Fri, 16 Dec 2022 17:06:47 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AB0328E0002; Fri, 16 Dec 2022 17:06:47 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 994E48E0001 for ; Fri, 16 Dec 2022 17:06:47 -0500 (EST) Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 6C3F5AB7AA for ; Fri, 16 Dec 2022 22:06:47 +0000 (UTC) X-FDA: 80249554854.16.C54C5F4 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by imf03.hostedemail.com (Postfix) with ESMTP id 870F92001C for ; Fri, 16 Dec 2022 22:06:45 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=gtx8hPdk; spf=pass (imf03.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1671228405; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+2xpYkdj10NkTmYgrIXzzLj4FG35UH6c76P/7HhpoL0=; b=PeQ4O6BS9cd4F5D1SBbeDnldZt5bke0WApXXPq0jj9I5s/AGf1+/tS8DBTE/WaBsGLD2mn LtuEPlVGiF3jJeQjzAQpBz87Bl5I22tNdTsh8N6MiMF7oMrVatXFa3pqxyXbtrUNGL+8Pr ZhAG2xIY44f21x6iXhL5KKz4Oa4x1+8= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=gtx8hPdk; spf=pass (imf03.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.68.75 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1671228406; a=rsa-sha256; cv=none; b=EhdXIF2sbiZphmmbnCWtvUKOi3F0rIEU7GjbbiWgBMZq8bPA8nq/DIRsCrnOkkir5X/7Hn YM+CluPA38zfBnSGj9V7mfWAhWY5WQOx340B0sjidlSYRluktIIC44O5JLppGyB886Nzbb fOeDJlGKwAMluPeHn/HY0kL/opgcBis= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E3855B81E36; Fri, 16 Dec 2022 22:06:43 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2891EC433D2; Fri, 16 Dec 2022 22:06:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1671228402; bh=ztxC0tZ3LHE1E0QxQeFuDNowIFY2kavlk+wi+c1cZ9I=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=gtx8hPdkfa55IusM8ya2E+vD6klwp3mnVQ6Wox4M/3rNmhsnH6CJE0Hm+IWC1a+mP Zwc9vZhKss135hy9KXIxO4ptZOrGtvAlrlaY5o9haT4x/eCRjgK7FY1HfZBf3av/OP 0JsxdsaIHur80B5Y4+o6CvqIIl1ZDBOUaH5sR0lo= Date: Fri, 16 Dec 2022 14:06:41 -0800 From: Andrew Morton To: Jeff Xu Cc: Kees Cook , Peter Xu , jeffxu@chromium.org, skhan@linuxfoundation.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, hughd@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, kernel test robot Subject: Re: [PATCH v6 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC Message-Id: <20221216140641.bf6e47b7c4f5a53f34c8cf9a@linux-foundation.org> In-Reply-To: References: <20221207154939.2532830-1-jeffxu@google.com> <20221207154939.2532830-4-jeffxu@google.com> <202212080821.5AE7EE99@keescook> <20221216094259.bec91e4abd6cf54a05ce2813@linux-foundation.org> <202212161233.85C9783FB@keescook> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-redhat-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: 870F92001C X-Stat-Signature: umbuffx87a3roqep6nq43zm9php9kq3m X-Rspam-User: X-HE-Tag: 1671228405-718931 X-HE-Meta: U2FsdGVkX1/XwVe1CXBYsQ8uhDkB0scW9viuW8HtOEbhYjJSq8z+3bDiMqeIUZO30z1jypEFArSooJtw4N0zY/ylm5W5g8ENJrF9mYFgNPl27HNm9o+KFwXXk2VLEzTmTYNazPKQVcqu17wybq2BUbStWTSfgmirQJW6S8iwPGRumu2L/l4quOyHzF5Snol0riiYD0WEnEuMFdpFwez89An3bfIyJaDuJA30asFibZgNItVB7yVFMirk6gJX/cvrc6yGVO6G7EN60jWGJidS5tSnT5FkW8dPAop0i5ngCetNC5WOwLfRa+o1AH5TwtndwKHNgWeJKNyDjSCIhbcRU3YpWCqVwnbq3GK9ilWuYBL6BgiNKqkJ8NlwXGe8Q9YAk/ImIuew77OVErP+yN+u8EBUFtKXcn6Pj7U8vP5E4qNE8BKBwiAYo/PNMl/fbDuTuFSsP2q/2jK10pQRZBg47U7vedrb9vRu1FJJI65Up2gWZr9nvrfgHe0UPY7nB+/QdjgQrRvnJwsQsmuW1+CvFNjrGbRp0Av/sxsOcIRQPLil+qiTNmk8jdcXqMrpMrc4ka/uhADc+OeHLv6jgiUQOG2pGfGFu49Fd/LkrWEis7KkNJFYhm3r1JV3DZ/o9N4vSCF6wIJ4HQgNvu4n3RNTFte9nEfnDmEEZv35ezojMrX6uwC+IM/Ms0Qu09DFRw1NjZANPlLgJt7U3+HvdI1R3yGY1ghy1uEU/1MC2KHOxEpVa5qoLUzJguEExMCKoj0LF9pragmDL5kQI+zHkGsyPb/C1IMlVHH5gh0f1szOSXXdXNSpoHcUKY5R/qo3ElC73AgQIvgSwRMnUP9pFPMeKWajZ1Z+6gn763FHdMSN87LSUqWPMENVS+9ZiWPMGRkf4Y/Ubl24V2rOt21bizHYE5bdoxg5TsR2Q8iSlgSCpeN6Re+6jT9EqLgW7Dyr6T/cuGxhM/mI4QJmOsoKTgc rwcwb5T6 xghpErDjuiDMl39iOo1Pw27jXYRRNxa4wgRqVKypTl9utGmajTgiO3MtRtqjXiSNZ0ccWPrIJvs24HXYdPiXnJH1XvEf2OzNGHsOpT6jzFCoWAe4bcZbxEKFXdF6qd52FLS5VZJYiza4om3ub1eDla4xaonVO367AdkMlNFBQVO8GUGb19Y3Zc9fswyLfzvdJdH1j X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, 16 Dec 2022 13:46:58 -0800 Jeff Xu wrote: > On Fri, Dec 16, 2022 at 12:35 PM Kees Cook wrote: > > > > On Fri, Dec 16, 2022 at 10:11:44AM -0800, Jeff Xu wrote: > > > Once per boot seems too little, it would be nice if we can list all processes. > > > I agree ratelimited might be too much. > > > There is a feature gap here for logging. > > > > > > Kees, what do you think ? > > > > I agree once per boot is kind of frustrating "I fixed the one warning, > > oh, now it's coming from a different process". But ratelimit is, in > > retrospect, still too often. > > > > Let's go with per boot -- this should be noisy "enough" to get the > > changes in API into the callers without being too much of a hassle. > > > Agreed. Let's go with per boot. > > Hi Andrew, what is your preference ? I can send a patch or you > directly fix it in mm-unstable ? Like this? --- a/mm/memfd.c~mm-memfd-add-mfd_noexec_seal-and-mfd_exec-fix-3 +++ a/mm/memfd.c @@ -308,7 +308,7 @@ SYSCALL_DEFINE2(memfd_create, flags |= MFD_NOEXEC_SEAL; break; default: - pr_warn_ratelimited( + pr_warn_once( "memfd_create(): MFD_NOEXEC_SEAL is enforced, pid=%d '%s'\n", task_pid_nr(current), get_task_comm(comm, current)); return -EINVAL; @@ -316,7 +316,7 @@ SYSCALL_DEFINE2(memfd_create, #else flags |= MFD_EXEC; #endif - pr_warn_ratelimited( + pr_warn_once( "memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=%d '%s'\n", task_pid_nr(current), get_task_comm(comm, current)); } _