From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 954E2CFB43F
	for <linux-mm@archiver.kernel.org>; Mon,  7 Oct 2024 15:01:46 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 311A26B00A3; Mon,  7 Oct 2024 11:01:46 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 29B276B00AA; Mon,  7 Oct 2024 11:01:46 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 13C0F6B00AB; Mon,  7 Oct 2024 11:01:46 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id E541D6B00A3
	for <linux-mm@kvack.org>; Mon,  7 Oct 2024 11:01:45 -0400 (EDT)
Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 926EB160874
	for <linux-mm@kvack.org>; Mon,  7 Oct 2024 15:01:45 +0000 (UTC)
X-FDA: 82647120570.22.26E8C94
Received: from mail-oo1-f48.google.com (mail-oo1-f48.google.com [209.85.161.48])
	by imf09.hostedemail.com (Postfix) with ESMTP id D146C14002D
	for <linux-mm@kvack.org>; Mon,  7 Oct 2024 15:01:41 +0000 (UTC)
Authentication-Results: imf09.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b="iK/RtERO";
	spf=pass (imf09.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.48 as permitted sender) smtp.mailfrom=jeffxu@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1728313168;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=5jAAFMBYKppMdRXJchSLw0rc6C6JnyAPVbXk9thx1g8=;
	b=bqWY//irhrsrRgxSRVqPQBHl0OZAzLTm2Q4E38d+BoQqMS7OvVD5WbjCDjra2QE+Db9WhM
	+iY7D2j/WjwmdQLkxyRki0Ek7SgdyLW4fZzVy+QvKcSp8qTTFdnDL/vTBam2Aq5nS0C7NW
	d4bdc+a/X/cPinM+u/eg45itM/YTlJ8=
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1728313168; a=rsa-sha256;
	cv=none;
	b=N2s1yLpcqlgbPMxh6bR3RBFZvx4Sj41x8AnhdWbjV2C5W3Suo0RohBJXlH1XeK4AbwEFN/
	UWyYr37NvYs5KBR/ld00d+pdJ46TbnsqXaepckchvykMql8+7nl6Fbp1kvbulp2PT7IP65
	SI1hmiwOcqtGX//iECdrjWeg/X6GiMc=
ARC-Authentication-Results: i=1;
	imf09.hostedemail.com;
	dkim=pass header.d=chromium.org header.s=google header.b="iK/RtERO";
	spf=pass (imf09.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.48 as permitted sender) smtp.mailfrom=jeffxu@chromium.org;
	dmarc=pass (policy=none) header.from=chromium.org
Received: by mail-oo1-f48.google.com with SMTP id 006d021491bc7-5e1d7421d14so120937eaf.3
        for <linux-mm@kvack.org>; Mon, 07 Oct 2024 08:01:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google; t=1728313300; x=1728918100; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=5jAAFMBYKppMdRXJchSLw0rc6C6JnyAPVbXk9thx1g8=;
        b=iK/RtERO8MFbyk1gmydzgjXj/x55uq+cB6EAaL0HCJSgs7BKVtiHOlr+6aYbsKmer7
         KOVNgrQKCBG6WVTHqGWgj8NhtmyZ2KnEq6ZWl1jZcS9ELcq9JvU7yCOHOQxFEVPbsjyw
         vIPiH+Q6ummMEbu8hbCXeeLLhPw9Dwy5TrL9w=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1728313300; x=1728918100;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=5jAAFMBYKppMdRXJchSLw0rc6C6JnyAPVbXk9thx1g8=;
        b=IfGLB4ClYKPeB9IQtpsCuvwI3zDjOHYL8n/BA/3gQselw0VG20+8zhk+wkWPpkav/D
         QPMi1JIaxYkDxmAdWXnu8iYX6Hq5HTEskPokSHhCSvU9IMJ7JupbcIJWTYiPK4D7YEiP
         xMVemJ233yfY6wD7NClB3dR1ZStDWkNchTJo70glT0obY+JvHZqYUA4B3udITrBmS2Id
         fEvilWefZz5j7gCbIYIjMUPczOXqQxISTlSf1eoDWopZFpYsKBjYQp8qV6AQ5AWjhtvm
         wWb6TYrEvf+lIGe17Z/gjsengp2mUGByCj1nUEOg0sNXkH+mbGPJQFxIBAvTDEdDWg5j
         3ilw==
X-Forwarded-Encrypted: i=1; AJvYcCWnddatB8MGvRH86+J+WT7zxGmsxaYludyzE+ZMp7Kcv2jP9rNpKFTlg7o5ZQTrsaqB2QQSrlrA3A==@kvack.org
X-Gm-Message-State: AOJu0Yz2bAN30V9Yaz9CHQwLA7fa+IJ1DqqjhybGdlpqQ+/X1p7DK2ag
	dsGhKmo+yJSvrRJaWKlgtlo8jlqtUdu62eDUVpKhfgBwr8QqZ2R2B/i0qIdoMKZhJr4RpfbAa0K
	Q9jNu+2pCeFhggOU0F+RWlVsKUiggx4DAVChv
X-Google-Smtp-Source: AGHT+IFFTDkuljTZSSM+i7nA189OSRbRxsZF42ePZcfZwT24kjDKYTZ7AaE+3X0QfQ9LOodahDeCiX/tICNJikALAHw=
X-Received: by 2002:a05:6870:d201:b0:27b:9f8b:7e49 with SMTP id
 586e51a60fabf-287c22913fdmr2397442fac.11.1728313300572; Mon, 07 Oct 2024
 08:01:40 -0700 (PDT)
MIME-Version: 1.0
References: <20241001002628.2239032-1-jeffxu@chromium.org> <20241001002628.2239032-2-jeffxu@chromium.org>
 <4544a4b3-d5b6-4f6b-b3d5-6c309eb8fa9d@infradead.org> <CABi2SkUhcEY7KxuRX3edOHJZbo2kZOZfa0sWrcG2_T0rnvHCWQ@mail.gmail.com>
 <51463.1728069102@cvs.openbsd.org>
In-Reply-To: <51463.1728069102@cvs.openbsd.org>
From: Jeff Xu <jeffxu@chromium.org>
Date: Mon, 7 Oct 2024 08:00:00 -0700
Message-ID: <CABi2SkXW9atWJLCDQboKwLoXCX7w9sgs7H3Wm4U2soG4cFLosw@mail.gmail.com>
Subject: Re: [PATCH v2 1/1] mseal: update mseal.rst
To: Theo de Raadt <deraadt@openbsd.org>
Cc: Randy Dunlap <rdunlap@infradead.org>, akpm@linux-foundation.org, keescook@chromium.org, 
	corbet@lwn.net, jorgelo@chromium.org, groeck@chromium.org, 
	linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, 
	linux-mm@kvack.org, jannh@google.com, sroettger@google.com, 
	pedro.falcato@gmail.com, linux-hardening@vger.kernel.org, willy@infradead.org, 
	gregkh@linuxfoundation.org, torvalds@linux-foundation.org, 
	usama.anjum@collabora.com, surenb@google.com, merimus@google.com, 
	lorenzo.stoakes@oracle.com, Liam.Howlett@oracle.com, enh@google.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: D146C14002D
X-Stat-Signature: 53nfotetwmt6pi1qgi93nenca5perfs9
X-Rspamd-Server: rspam09
X-Rspam-User: 
X-HE-Tag: 1728313301-783453
X-HE-Meta: U2FsdGVkX1+RqOG9iIk8oFRWHkg1UTRG0KcnpcqtPvlCKL7obTXx5UcTEBpBd/g7Fjo1MjfzR+jZfE/d1T3VNtsvn6Ludo5RPbjIHZIaB/gRZ4oWqQRtdOk9cpPJbPXVAyI+oq/0RjzpviNPNaNFJe/4z19EtIKH+3ZDBQDDvkuGMhwr/ooQAwLYLPC7A+9sD2we+PO4DyZPPhu/eFcAIhFe90roRihItHf7O3rXqW1sv1QZFccArQnVXusRfv56jfstUlFC6HR20I8rpGEEScUOuPKfhaOg3Duw6uYYxE7OeCU9FEWaKq3XunIjicc3EUSw7giHDMZbEII0GdX+gFtm0yTTxAYNnupzfe2Vy79HVMwr3D55GMvrA6/OBWZuol/u/3WMYMq0dswH6GhL9IxTuI1Y3dN2dUG6NFoFtnbNBzGCLZSV/PGldV9TRPzz6JSKW1MKWLHZBCcHPMvLavWv9e+iVS+6nUjB2ucWuXBB0uNemqGogIOMHAA2v4nsIBbCRqi6Fks757LxJdO+WWjoPPUs0dGwkyGIy3WLeRZQ7Urpd+5TwvR02oS8N/L1frNwE9TkrAlMimtj6ENOS9ZGHI78frJRovpZfCwMVepOk5bXx6ov0IhFXQ8MzROQQn4ZbLEmlONoEkIOpUtak5juW9ArBl35dQdRw1USfUaKySV7BL6S907VrAGDJn61slwc82v2A66jtTT9Fwme/LxdadS+a/YBwKW1RhiTUJYSfVojJKoyspU8bEWRlqVE15PEm9BEY0pEQWvaKFqWheJcKGygQQipVHxwSc2BEhrozP/vOw3z5133edyk3ah4ywOZbLc99v3d8m2CLQ8E52MMj8cyty/g4pfqLTUfvuIZWbd2Pwm7Ftf+gpzYSlgKbh9MwTa3BbnArIakUNoH1kI0IZDAF4js9G0Xgk7BLxrvjCtLUzAXRfBXiTrzX5b6SjhNvAzYxrPoyE3pkoI
 3gEMY9ue
 AvcaUK/nvlo6dJYT1wRIaOwJ60Gu8ThO3KbzMFkEVpjWVPiQnG/xxkabNIcVmwRzaadVOPh/nrQVl6tbO09IC98HTxOE7+TJEtdEBDOi+M4IcQiUkbqB4TSZCkFswJW8GnXP5VixJJjDKt6pY4BmfxHNXISffEs/YN3xAwMQ9buG6l9J7+fNACdo0d2ojDddLgi3dl9z0vpnfjbcUWZdsRkuxA+ZNDsV3WYr4UAmfsEEcSlkn2FIrWFW+hPRvJjY762IzVol9by2338M9bYwaombpJLiC59Xe/HFhwgoENn3k6SENoj17C9VIC6MzDZgzeQ1H5hOvdtE6DXiVVBP4ekgs/w9nJYjW9z1j
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

Hi Theo

On Fri, Oct 4, 2024 at 12:11=E2=80=AFPM Theo de Raadt <deraadt@openbsd.org>=
 wrote:
>
> Jeff Xu <jeffxu@chromium.org> wrote:
>
> > > > +   replacement with a new mapping with new set of attributes, or c=
an
> > > > +   overwrite the existing mapping with another mapping.
> > > > +
> > > > +   mprotect and pkey_mprotect are blocked because they changes the
> > > > +   protection bits (RWX) of the mapping.
> > > > +
> > > > +   Some destructive madvise behaviors (MADV_DONTNEED, MADV_FREE,> =
+   MADV_DONTNEED_LOCKED, MADV_FREE, MADV_DONTFORK, MADV_WIPEONFORK)
> > > > +   for anonymous memory, when users don't have write permission to=
 the
> > > > +   memory. Those behaviors can alter region contents by discarding=
 pages,
> > >
> > > above is not a sentence but I don't know how to fix it.
> > >
> > Would below work ?
> >
> > Certain destructive madvise behaviors, specifically MADV_DONTNEED,
> > MADV_FREE, MADV_DONTNEED_LOCKED, MADV_FREE, MADV_DONTFORK,
> > MADV_WIPEONFORK, can pose risks when applied to anonymous memory by
> > threads without write permissions. These behaviors have the potential
> > to modify region contents by discarding pages, effectively performing
> > a memset(0) operation on the anonymous memory.
>
>
> In OpenBSD, mimmutable blocks all those madvise() operations.
>
>
> I don't understand the sentence supplied above.  Is it saying that
> mseal() solves that problem, or that mseal() does not solve that
> problem.
>
Yes. The mseal solved the problem, I will modify the sentence to clarify th=
at.
thanks

> I would hope it solves that problem.  But the sentence explains the
> problem without taking a position on what to do.
>