From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A64DC04FFE for ; Wed, 15 May 2024 02:42:43 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A91668D0064; Tue, 14 May 2024 22:42:42 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A680C8D004F; Tue, 14 May 2024 22:42:42 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 90A508D0064; Tue, 14 May 2024 22:42:42 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 6F4BE8D004F for ; Tue, 14 May 2024 22:42:42 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 03408161323 for ; Wed, 15 May 2024 02:42:41 +0000 (UTC) X-FDA: 82119082164.04.933BF55 Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3]) by imf10.hostedemail.com (Postfix) with ESMTP id B2848C0012 for ; Wed, 15 May 2024 02:42:39 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=openbsd.org header.s=selector1 header.b=EVzA9XNP; dmarc=none; spf=pass (imf10.hostedemail.com: domain of deraadt@openbsd.org designates 199.185.137.3 as permitted sender) smtp.mailfrom=deraadt@openbsd.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1715740960; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=PaRe51EBaohZsgtnFKzrjDHPiK0HCSqi+/GKt9CFnOw=; b=Ra71AMMA9/kPoGju1nQBeplkGR8RLD7spuPNvLtY2OCY0aRbs2EiAag49fkKEMtEGi3Icd oJGkRV03dhH/gzXAq7y4mqQJKnwl5TqLkwUyds7Pvkrnz9YTr/vnlpHiqQeLINKxDdrwge tB3Ne8lRHUf+I3bS6DS82e4ZyDV3Ghw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1715740960; a=rsa-sha256; cv=none; b=62NBfjxbdaKWDxmhmjr6PbNN63rNYVDkpF4DsRoxHErUDrvVm+hCAluvErBIq/XCN0ixEy wVTHj/vQcNCMJq1e4Kq+LjVHjf8CWapORKWx8iCmuT2dbd2XDGai+HZfSeBswmZ572zou6 TpI9LZOhivBwNSRFoW3il4N3J1HXrL8= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=openbsd.org header.s=selector1 header.b=EVzA9XNP; dmarc=none; spf=pass (imf10.hostedemail.com: domain of deraadt@openbsd.org designates 199.185.137.3 as permitted sender) smtp.mailfrom=deraadt@openbsd.org DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=selector1; bh=E/eITmSfv/ hukN66zjfP822dc02uc7jnjBNrPzQ6vNk=; h=date:references:in-reply-to: subject:cc:to:from; d=openbsd.org; b=EVzA9XNPb+gPk9asC5OFVNyHR+i0fVDrX z9ATBDqxXlTOWBjRzskA+p4lrJb8vGvkmGIahadIO+N6X9VTQdg+upE34qLc8nykHKnuY4 wqNDC2Q0W5Oznjn2CSqtM84yOm6dPwVrEqedE0/6mmhog1vx9pEaabKX1Px+VovNJbW9tJ VHPvFyJlsKPFNTvh6V2NyZhzfdcuYz2xi1w6ovAUxkwjMkRT6lNcBvtEjguIqLUx1OHff4 5ethYU+X1oK6WAP/fCgIjJ+r2iQ0CdxRD0WnGC/RI18BOMMGW0/C9kcQzAuugpakmsH6Db jPJkuaz3YI2MbHRwYImoyZOwLf7SA== Received: from cvs.openbsd.org (localhost [127.0.0.1]) by cvs.openbsd.org (OpenSMTPD) with ESMTP id b934a569; Tue, 14 May 2024 20:42:38 -0600 (MDT) From: "Theo de Raadt" To: Linus Torvalds cc: Matthew Wilcox , Jonathan Corbet , Andrew Morton , jeffxu@chromium.org, keescook@chromium.org, jannh@google.com, sroettger@google.com, gregkh@linuxfoundation.org, usama.anjum@collabora.com, Liam.Howlett@oracle.com, surenb@google.com, merimus@google.com, rdunlap@infradead.org, jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, dave.hansen@intel.com, linux-hardening@vger.kernel.org Subject: Re: [PATCH v10 0/5] Introduce mseal In-reply-to: References: <20240415163527.626541-1-jeffxu@chromium.org> <20240514104646.e6af4292f19b834777ec1e32@linux-foundation.org> <871q646rea.fsf@meer.lwn.net> <56001.1715726927@cvs.openbsd.org> <16982.1715734632@cvs.openbsd.org> <84192.1715737666@cvs.openbsd.org> Comments: In-reply-to Linus Torvalds message dated "Tue, 14 May 2024 19:28:54 -0700." MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <58986.1715740958.1@cvs.openbsd.org> Date: Tue, 14 May 2024 20:42:38 -0600 Message-ID: <75628.1715740958@cvs.openbsd.org> X-Stat-Signature: 8t17ukqeukyfddwesxrdogmh7k6x9efp X-Rspamd-Queue-Id: B2848C0012 X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1715740959-503541 X-HE-Meta: U2FsdGVkX18WUYsTtTnZAA/zXTngyOAK7TbQQPeUDtBaQ58YygoFVOxpBTwHYOE4i5mI/3wY1n2oAbUvgzkLViZpxVuNtjMWObkHh7wZ7JP37xWTI9tN0/qJAvEfhXheSHsEeUX2iVeC5T5kEyBh89FKOgWT37DGXtCoFrQNl1+nAj1QFk++5ilGzyUIoDhgDQkFQeCngeRNS83q9E5dOUWafklAWBBrOswz2JJoeAP7kqPp+xerJkOeQ8mzItnFSSQxDEeAhnov2KhRVSfmEm1zjhy5Pg11fvbBdkquIrRNWpWDdrTx/k6Am8T5r3WFXTin882DTUAY1P1HbKeyu4kPQAqFW1RdVrnKVVVG3fWipRwaC8k56DjQtMYEbDR2EFavu+9YoMdjvHFpM/nXzol/RjTexhHVarpZ51cympK+lxlqX6EINlKPo7OQOUqq4eqdPMjsaEfkOWePn5a6aIUL2Jr4ij5M1fyKF2QQD5pCCX12V1GJPK6gnCkBLwiaSHV/J+dzEe5l34hiIuO63danhwYD2E0sJ4XW4xihf+wF7ZQXPuEPKDq+1shKWGz4qkT+LF8J97E6CmnMzq4xb/1ikaXY2RnWs810qVUt2Ktt7EKVLhqHou1QVAePB3T1ikpWEm4kTGigPfIVn6vHBKNcNJL6FYspctLjn4HU8DPgdHtc2qlDAk0PmgboLcIESQdn19IatfdFL++NIx4pGhNrGgVWRkPESMuceQlzHysd6zeC+YCtPanTk8tg0LZXHm8HnniXjwJPz0Pq31riWHEFnk10w87VnXOLuQu5qPGT+VReefDTcqeflPmx02frL314q8rT7/kd+rhwj3/mMo7vamqzwICbAgiw2wVR60/NWWS4Z7vJwvAnSMvA7gacrtLDQ4ZhSXdX5ThuS/g7NgEWKSS8afKp5KUY+kDaKzuW/AsJ/8A9Qahao3qYbcgG1vJ3T8SKNyVrmXvHQAV Pd3wATe+ FTJ2QYDu6r0VAF7Wt/pJ4T26M5IX7roGYJS0IW/LRCklQONwhe2vzOixZXmJ3r6mDJFF/kN24PPX9dqMvF6yQv3XzIRBy4DvNzu0gxXv6D3fZ0H6dvKkbBm4WEsArzH+DyYBuOS42r5J9ao2BD4TPuP2KOo3BM+PZZdOi+O31WkHJVlRxjr3S2CYiMJVpl7QgiJ4Z35TUw0WywiEAo6TK3ZAA9cUvWt024M1nHJ5tSH3/KKvy0bN8Ybm1i/0vmNWzhD+TV/7zkXN1dwOSEXy4EbiK+1gfbrOU4pZ8OQTUO8X3PaZmpRdM4nT6PYYnLaKxMvx1 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Linus Torvalds wrote: > On Tue, 14 May 2024 at 18:47, Theo de Raadt wrote: > > > > Linus Torvalds wrote: > > > > Regarding mprotect(), POSIX also says: > > > > An implementation may permit accesses other than those specified by > > prot; however, no implementation shall permit a write to succeed where > > PROT_WRITE has not been set or shall permit any access where PROT_NONE > > alone has been set. > > Why do you quote entirely irrelevant issues? > > If the mprotect didn't succeed, then clearly the above is irrelevant. Imagine the following region: <--------------------------------------------- len [region PROT_READ] [region PROT_READ + sealed] addr ^ then perform mprotect(addr, len, PROT_WRITE | PROT_READ); This will return -1, with EPERM, when it encounters the sealed region. I believe in Linux, since it has not checked for errors as a first phase, this changes the first region of memory to PROT_READ | PROT_WRITE. Liam, is that correct? If I am correct, then this follows: So tell me -- did the mprotect() system call succeed or did not it succeed? If EPERM means it did not succeed, then why is the first region now writable? Immediately after this "call that failed", the process can perform a write to that first region. But no succesful system call was made to change that memory to PROT_WRITE. Alternatively, does EPERM mean it did not completely fail, and therefore it is OK that that the prot value has been applied? That's really obscure, and undocumented. In any case it seems, PROT_WRITE can be set on memory, and it is even more pointless than before for userland to check the errno *because you can't determine the resulting protection on every page of memory. It's all a mishmash after that. (There is no POSIX system call to ask "what is the permission of a page or region). > Theo, you're making shit up. I'm trying to have a technical discussion. Please change your approach, Linus.