From: David Hildenbrand <david@redhat.com>
To: Kees Cook <kees@kernel.org>
Cc: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>,
Andrew Morton <akpm@linux-foundation.org>,
"Liam R . Howlett" <Liam.Howlett@oracle.com>,
Vlastimil Babka <vbabka@suse.cz>, Jann Horn <jannh@google.com>,
Pedro Falcato <pfalcato@suse.de>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Jeff Xu <jeffxu@chromium.org>
Subject: Re: [PATCH v3 2/5] mm/mseal: update madvise() logic
Date: Fri, 25 Jul 2025 00:47:45 +0200 [thread overview]
Message-ID: <28bf0b31-8b51-4acd-ae09-890a952501f4@redhat.com> (raw)
In-Reply-To: <202507241528.A73E1178@keescook>
On 25.07.25 00:29, Kees Cook wrote:
> On Thu, Jul 24, 2025 at 11:41:04PM +0200, David Hildenbrand wrote:
>> On 24.07.25 23:32, David Hildenbrand wrote:
>>>> As an aside, why should discard work in this case even without step 4?
>>>> Wouldn't setting "read-only" imply you don't want the memory to change
>>>> out from under you? I guess I'm not clear on the semantics: how do memory
>>>> protection bits map to madvise actions like this?
>>>
>>> They generally don't affect MADV_DONTNEED behavior. The only documented
>>> (man page) reason for EPERM in the man page is related to MADV_HWPOISON.
>>>
>>
>> (Exception: MADV_POPULATE_READ/MADV_POPULATE_WRITE requires corresponding
>> permissions)
>
> Shouldn't an MADV action that changes memory contents require the W bit
> though?
In a MAP_RPIVATE file mapping, to know whether you are actually
modifying memory ("discarding pages" ...) would require checking the
actually mapped pages (mixture of anon and !anon folios). Only zapping
anon folios is the problematic bit, really.
It could be implemented (e.g., fail halfway through while actually
walking the page tables and zap).
But, yeah ...
> I mean, I assume the ship may have sailed on this, but it feels
> mismatched to me.
... I think that is that case, unfortunately.
I remember that userfaultfd can do some really nasty stuff with
UFFDIO_COPY and MADV_DONTNEED on memory areas that don't have write
permissions ... or even read permissions. Not sure if CRIU or other use
cases depend on that in some weird way.
--
Cheers,
David / dhildenb
next prev parent reply other threads:[~2025-07-24 22:48 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-16 17:38 [PATCH v3 0/5] mseal cleanups, fixup MAP_PRIVATE file-backed case Lorenzo Stoakes
2025-07-16 17:38 ` [PATCH v3 1/5] mm/mseal: always define VM_SEALED Lorenzo Stoakes
2025-07-24 18:34 ` Jeff Xu
2025-07-24 18:44 ` Lorenzo Stoakes
2025-07-16 17:38 ` [PATCH v3 2/5] mm/mseal: update madvise() logic Lorenzo Stoakes
2025-07-24 18:39 ` Jeff Xu
2025-07-24 18:56 ` David Hildenbrand
2025-07-24 22:18 ` David Hildenbrand
2025-07-24 19:07 ` Lorenzo Stoakes
2025-07-24 21:53 ` David Hildenbrand
2025-07-25 6:17 ` Lorenzo Stoakes
2025-07-25 16:22 ` Jeff Xu
2025-07-24 21:15 ` Kees Cook
2025-07-24 21:32 ` David Hildenbrand
2025-07-24 21:41 ` David Hildenbrand
2025-07-24 22:29 ` Kees Cook
2025-07-24 22:47 ` David Hildenbrand [this message]
2025-07-25 7:41 ` David Hildenbrand
2025-07-25 5:49 ` Lorenzo Stoakes
2025-07-25 16:21 ` Jeff Xu
2025-07-24 22:12 ` David Hildenbrand
2025-07-25 7:01 ` Lorenzo Stoakes
2025-07-25 7:38 ` David Hildenbrand
2025-07-25 8:53 ` Lorenzo Stoakes
2025-07-25 9:46 ` David Hildenbrand
2025-07-25 10:05 ` Lorenzo Stoakes
2025-07-25 10:10 ` David Hildenbrand
2025-07-25 10:17 ` Lorenzo Stoakes
2025-07-16 17:38 ` [PATCH v3 3/5] mm/mseal: small cleanups Lorenzo Stoakes
2025-07-24 18:40 ` Jeff Xu
2025-07-16 17:38 ` [PATCH v3 4/5] mm/mseal: Simplify and rename VMA gap check Lorenzo Stoakes
2025-07-24 18:40 ` Jeff Xu
2025-07-25 5:33 ` Lorenzo Stoakes
2025-07-16 17:38 ` [PATCH v3 5/5] mm/mseal: rework mseal apply logic Lorenzo Stoakes
2025-07-24 18:41 ` Jeff Xu
2025-07-24 18:32 ` [PATCH v3 0/5] mseal cleanups, fixup MAP_PRIVATE file-backed case Jeff Xu
2025-07-24 19:10 ` Lorenzo Stoakes
2025-07-25 6:40 ` Lorenzo Stoakes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=28bf0b31-8b51-4acd-ae09-890a952501f4@redhat.com \
--to=david@redhat.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=jannh@google.com \
--cc=jeffxu@chromium.org \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lorenzo.stoakes@oracle.com \
--cc=pfalcato@suse.de \
--cc=vbabka@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).