From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1A25CC04FFE for ; Wed, 15 May 2024 01:47:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9085A8D005D; Tue, 14 May 2024 21:47:51 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 8B8AF8D004F; Tue, 14 May 2024 21:47:51 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 780CF8D005D; Tue, 14 May 2024 21:47:51 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 5A69A8D004F for ; Tue, 14 May 2024 21:47:51 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id DBA2881386 for ; Wed, 15 May 2024 01:47:50 +0000 (UTC) X-FDA: 82118943900.11.24B15DF Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3]) by imf09.hostedemail.com (Postfix) with ESMTP id 06640140008 for ; Wed, 15 May 2024 01:47:47 +0000 (UTC) Authentication-Results: imf09.hostedemail.com; dkim=pass header.d=openbsd.org header.s=selector1 header.b=58HSJxwI; dmarc=none; spf=pass (imf09.hostedemail.com: domain of deraadt@openbsd.org designates 199.185.137.3 as permitted sender) smtp.mailfrom=deraadt@openbsd.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1715737668; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hOxBNmNeNBL8C0p2lOug1SJkMfoswuaAjiVp2EpqvM0=; b=8mXfWEHueKEX5E28yNgT+xPFbu6nCRayXQ4Y4ZFwwm4Du7/ZhJc2847hlm+GT/aImNGQVS RINeVz3sQtZW5dJU6cLsyrMyubpdaBxlrweMK+80Aw4X+MwTPbqzmptakyPY6fjH4emvmp TL2nnDtI8Dv1tToNKHr34mLREI6Mkps= ARC-Authentication-Results: i=1; imf09.hostedemail.com; dkim=pass header.d=openbsd.org header.s=selector1 header.b=58HSJxwI; dmarc=none; spf=pass (imf09.hostedemail.com: domain of deraadt@openbsd.org designates 199.185.137.3 as permitted sender) smtp.mailfrom=deraadt@openbsd.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1715737668; a=rsa-sha256; cv=none; b=EQ+mKVLG8LuWr6jnWO2eTO+pNj2cu1hzTFtrjKYpeqF+isAjzWzh3sRyUl3AD/VqsRqrAs ceG41+S9PEszRo/M97VKIkAtrmMebzL+y8cyxXGuPS1fRJ56ZIO19AG+SvGXO1L6KfJBgV MHV8cC9dTjAaT5C+ddbG9zIZp8UpbbI= DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=selector1; bh=nwi7XSp87K yMBhuDwVzMUgWk96d9Z2Gf+1P/43zA+uU=; h=date:references:in-reply-to: subject:cc:to:from; d=openbsd.org; b=58HSJxwIFFDunvAa6ffAS+xegRSfK9Kml vIQU3QINWU0zu0uNNtl/ENkzETD9jZ0lhJ06nfZdsJes7RXcWA6OhA9yzOm7tnw8OBTYw2 nkhlSw6lB6LwhOXn2y0DPj+Iu9/Aq6Usg3TElJUvwWK9cZ3CdGHOTs55P7DYpnWVh7LocG TnO4X+Hs1BUsMQAYK6Gffm4lLs1scWLFvnrAhO199CaYsqcXZFdp+k+ZN84LSLI1k6/2WQ u3B1Ommwx+T/L3JIgcTsk8IM0iNy1iHRGpnBfBuIlnCWUEXEOB5vJR0nqyx0MJSkzcIocI DW/cwgN0Gm7PWphRbO3/Y3uOveMEA== Received: from cvs.openbsd.org (localhost [127.0.0.1]) by cvs.openbsd.org (OpenSMTPD) with ESMTP id 55a0975a; Tue, 14 May 2024 19:47:46 -0600 (MDT) From: "Theo de Raadt" To: Linus Torvalds cc: Matthew Wilcox , Jonathan Corbet , Andrew Morton , jeffxu@chromium.org, keescook@chromium.org, jannh@google.com, sroettger@google.com, gregkh@linuxfoundation.org, usama.anjum@collabora.com, Liam.Howlett@oracle.com, surenb@google.com, merimus@google.com, rdunlap@infradead.org, jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, dave.hansen@intel.com, linux-hardening@vger.kernel.org Subject: Re: [PATCH v10 0/5] Introduce mseal In-reply-to: References: <20240415163527.626541-1-jeffxu@chromium.org> <20240514104646.e6af4292f19b834777ec1e32@linux-foundation.org> <871q646rea.fsf@meer.lwn.net> <56001.1715726927@cvs.openbsd.org> <16982.1715734632@cvs.openbsd.org> Comments: In-reply-to Linus Torvalds message dated "Tue, 14 May 2024 18:20:23 -0700." MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <31351.1715737666.1@cvs.openbsd.org> Date: Tue, 14 May 2024 19:47:46 -0600 Message-ID: <84192.1715737666@cvs.openbsd.org> X-Rspamd-Queue-Id: 06640140008 X-Stat-Signature: qd6oe7xr9ityiqennz6si3ts1mguiwyt X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1715737667-7341 X-HE-Meta: U2FsdGVkX19wM/wxcLO6bzmHAgCEponBV/Y0wMV3h768+qSjcDBWJUBCgLehyITMQFt/HKeBo9zmPq6DA/kbEyKdsYa1cmZzCWncFnU6tOaOsgAib2OjgwYAbErbYstPnMglCgM1eTE+kEC2pzlwHZVdEYQyBAC+Qf5Uy1QVn730IolaTUK5k/cQ+I/T1vNGg2f9xSFISLyqb35K9qPm/eU9b72+IXGStanseNCrx+WOolLSpSxP+OVfQCparzegOU3OJfVS0mWtLCA0rK+cm8PCIGQIE+QVFMDLhslPxohm9eJ7ytu0KnqolEP9/BBzl203ifUkJKc35om6TVNYLALaUp1c0TuA1k8OUOFifDiwVbe1x/fqnZbvIivtFMZaaCjzBMkpP8/1HE8gTtt+np/eIyl5PTBoQnPdxrhuQfa5TFUDtV7aeUEc7TCEGSBTQ1g4blAJGsBQQ8X0QE3MPWqOo94JLMSUeEnlZ8BOcrpw4w6VNAnakrL7weP4q2+sj4to9Xor324eBX3Mynv+hSLM5x1BwYlJ3lyYS0S6auwSUNzvGbV50xnvQ9PNzob9Jqr0EO23zwlalEFwcSVRk0F1GNJxAIKVNiFQipZhY728Y4US1Pn0jOdYqby8TuTCPHCILT8lK+tOBWVfg1Lo+hf3ePofF5DrC160R/Le/K7mlJJudksql6YmXeGxURaEXEMo7lXTmFlXkdUm6HDkfLP918AuDS4u8tCsg4nrPiqOFYYoJ15V2ZPcK1o7MPzAs0TIK/UP5QZJgw3cNAiPTcOOMJvb51Qf1FwnZl2y0n94IDzPKmbpR6Lp/R5FeHDQbnipx7qdjNPRSysdmCZu5BwtCUt5Y5MvFQeELtS2GOwgKzO1wHccXDo99naQVP+RKpfTOJt+pnw0b2aMjtlpo+P+2xvlFW17t+RAgGDne6nV9JRW6BofKr2ciO5V3retRbCzy+56QWj26gwNLvI +bfiA0lw BNGAaKjUMg9894S5fwXRO+2ecXEar7zNmrsPMOoh6PAyRZbX1kaAQbP0mEKdRMJkqfOk5L++IvHplWq9kv5T3+ZQ/DSIz+foasJHYij17XcwiNlsCjDzwzgRXVkbNxmSCmsMsXLWkZEPdUpwo7AkM0vXo2dlKSkDC/Np3CIn18XzvEG173oeclSFpxGBQ8oh4Ep+uPIX9D6WqoWeanD59P5q17HGtWvr/vaNQwPUtpHDmFJynDTe4+o2cp8cGPioacmxWYonlZZgeU6c= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Linus Torvalds wrote: Regarding mprotect(), POSIX also says: An implementation may permit accesses other than those specified by prot; however, no implementation shall permit a write to succeed where PROT_WRITE has not been set or shall permit any access where PROT_NONE alone has been set. When sealed memory is encountered in the middle of a range, an error will be returned (which almost noone looks at). Memory after the sealed region will not be fixed to follow this rule. It may retain higher permission. > Maybe some atomicity rules have always been true for BSD, but they've > never been true for Linux, and while I don't know how authoritative > that opengroup thing is, it's what google found. It is not a BSD thing. I searched many kernels. I did not find the Linux behaviour anywhere else. > > (Linus, don't be a jerk) > > I'm not the one who makes unsubstantiated statements and uses scare > tactics to try to make said arguments sound more valid than they are. > > So keep your arguments real, please. CAN YOU PLEASE SHUT IT WITH THE PERSONAL ATTACKS? ARE YOU SO INSECURE THAT YOU NEED TO TAKE A TECHNICAL DISCUSSION AND MAKE IT PERSONAL? In a new world of immutable / sealed memory, I believe there is a much bigger problem and I would appreciate if the Linux team would give it some consideration. mprotect and munmap (and other calls) can now fail, due to intentional address space manipulation requested by a process (previously). The other previous errors have been transient system effects, like ENOMEM. This EPERM with partial change is not transient. A 5 line test program can show memory which is not released, or which memory will retain incorrect permissions. Have any of you written test programs?