* Re: [PATCH v5 5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC
[not found] ` <20221206152358.1966099-6-jeffxu@google.com>
@ 2022-12-06 16:02 ` Greg KH
2022-12-06 16:27 ` Jeff Xu
0 siblings, 1 reply; 7+ messages in thread
From: Greg KH @ 2022-12-06 16:02 UTC (permalink / raw)
To: jeffxu
Cc: skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd, jeffxu,
jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh,
linux-hardening
On Tue, Dec 06, 2022 at 03:23:57PM +0000, jeffxu@chromium.org wrote:
> From: Jeff Xu <jeffxu@chromium.org>
>
> Tests to verify MFD_NOEXEC, MFD_EXEC and vm.memfd_noexec sysctl.
>
> Signed-off-by: Jeff Xu <jeffxu@chromium.org>
> Co-developed-by: Daniel Verkamp <dverkamp@chromium.org>
> Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
>
> Change-Id: Idccec1141255ca948c849f4efc8ba5e97f78b6eb
Always use checkpatch.pl on your patches so you don't get grumpy
maintainers telling you to run checkpatch.pl on your patches...
thanks,
greg k-h
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC
[not found] ` <20221206152358.1966099-4-jeffxu@google.com>
@ 2022-12-06 16:04 ` Greg KH
2022-12-06 16:26 ` Jeff Xu
0 siblings, 1 reply; 7+ messages in thread
From: Greg KH @ 2022-12-06 16:04 UTC (permalink / raw)
To: jeffxu
Cc: skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd, jeffxu,
jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh,
linux-hardening, kernel test robot
On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote:
> --- a/kernel/pid_namespace.c
> +++ b/kernel/pid_namespace.c
> @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
> ns->ucounts = ucounts;
> ns->pid_allocated = PIDNS_ADDING;
>
> +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
> + ns->memfd_noexec_scope =
> + task_active_pid_ns(current)->memfd_noexec_scope;
> +#endif
.c files should never have #if in them. Can't you put this in a .h file
properly so that this does not get really messy over time?
> +
> return ns;
>
> out_free_idr:
> @@ -255,6 +260,45 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
> return;
> }
>
> +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
Same here.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC
2022-12-06 16:04 ` [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC Greg KH
@ 2022-12-06 16:26 ` Jeff Xu
2022-12-06 16:35 ` Greg KH
0 siblings, 1 reply; 7+ messages in thread
From: Jeff Xu @ 2022-12-06 16:26 UTC (permalink / raw)
To: Greg KH
Cc: jeffxu, skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd,
jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh,
linux-hardening, kernel test robot
On Tue, Dec 6, 2022 at 8:04 AM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote:
> > --- a/kernel/pid_namespace.c
> > +++ b/kernel/pid_namespace.c
> > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
> > ns->ucounts = ucounts;
> > ns->pid_allocated = PIDNS_ADDING;
> >
> > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
> > + ns->memfd_noexec_scope =
> > + task_active_pid_ns(current)->memfd_noexec_scope;
> > +#endif
>
> .c files should never have #if in them. Can't you put this in a .h file
> properly so that this does not get really messy over time?
>
>
Thanks for reviewing.
It seems to me that checking for CONFIG_XXX is common in c code in
kernel/ path.
Do you have a sample code pattern (link/function) that I can follow?
Thanks
Jeff
>
> > +
> > return ns;
> >
> > out_free_idr:
> > @@ -255,6 +260,45 @@ void zap_pid_ns_processes(struct pid_namespace *pid_ns)
> > return;
> > }
> >
> > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
>
> Same here.
>
> thanks,
>
> greg k-h
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC
2022-12-06 16:02 ` [PATCH v5 5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC Greg KH
@ 2022-12-06 16:27 ` Jeff Xu
0 siblings, 0 replies; 7+ messages in thread
From: Jeff Xu @ 2022-12-06 16:27 UTC (permalink / raw)
To: Greg KH
Cc: jeffxu, skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd,
jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh,
linux-hardening
[-- Attachment #1: Type: text/plain, Size: 700 bytes --]
On Tue, Dec 6, 2022 at 8:02 AM Greg KH <gregkh@linuxfoundation.org> wrote:
> On Tue, Dec 06, 2022 at 03:23:57PM +0000, jeffxu@chromium.org wrote:
> > From: Jeff Xu <jeffxu@chromium.org>
> >
> > Tests to verify MFD_NOEXEC, MFD_EXEC and vm.memfd_noexec sysctl.
> >
> > Signed-off-by: Jeff Xu <jeffxu@chromium.org>
> > Co-developed-by: Daniel Verkamp <dverkamp@chromium.org>
> > Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
> >
> > Change-Id: Idccec1141255ca948c849f4efc8ba5e97f78b6eb
>
> Always use checkpatch.pl on your patches so you don't get grumpy
> maintainers telling you to run checkpatch.pl on your patches...
>
>
Will do, thanks for pointing it out.
Jeff
> thanks,
>
> greg k-h
>
[-- Attachment #2: Type: text/html, Size: 1730 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC
2022-12-06 16:26 ` Jeff Xu
@ 2022-12-06 16:35 ` Greg KH
2022-12-06 17:48 ` Jeff Xu
0 siblings, 1 reply; 7+ messages in thread
From: Greg KH @ 2022-12-06 16:35 UTC (permalink / raw)
To: Jeff Xu
Cc: jeffxu, skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd,
jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh,
linux-hardening, kernel test robot
On Tue, Dec 06, 2022 at 08:26:30AM -0800, Jeff Xu wrote:
> On Tue, Dec 6, 2022 at 8:04 AM Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote:
> > > --- a/kernel/pid_namespace.c
> > > +++ b/kernel/pid_namespace.c
> > > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
> > > ns->ucounts = ucounts;
> > > ns->pid_allocated = PIDNS_ADDING;
> > >
> > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
> > > + ns->memfd_noexec_scope =
> > > + task_active_pid_ns(current)->memfd_noexec_scope;
> > > +#endif
> >
> > .c files should never have #if in them. Can't you put this in a .h file
> > properly so that this does not get really messy over time?
> >
> >
> Thanks for reviewing.
> It seems to me that checking for CONFIG_XXX is common in c code in
> kernel/ path.
Maybe, but please don't make it any worse if at all possible. It's
tough to maintain code like that.
> Do you have a sample code pattern (link/function) that I can follow?
Any of the zillions of #if statements in .h files :)
thanks,
greg k-h
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC
2022-12-06 16:35 ` Greg KH
@ 2022-12-06 17:48 ` Jeff Xu
2022-12-06 23:24 ` Kees Cook
0 siblings, 1 reply; 7+ messages in thread
From: Jeff Xu @ 2022-12-06 17:48 UTC (permalink / raw)
To: Greg KH
Cc: jeffxu, skhan, keescook, akpm, dmitry.torokhov, dverkamp, hughd,
jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh,
linux-hardening, kernel test robot
On Tue, Dec 6, 2022 at 8:35 AM Greg KH <gregkh@linuxfoundation.org> wrote:
>
> On Tue, Dec 06, 2022 at 08:26:30AM -0800, Jeff Xu wrote:
> > On Tue, Dec 6, 2022 at 8:04 AM Greg KH <gregkh@linuxfoundation.org> wrote:
> > >
> > > On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote:
> > > > --- a/kernel/pid_namespace.c
> > > > +++ b/kernel/pid_namespace.c
> > > > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
> > > > ns->ucounts = ucounts;
> > > > ns->pid_allocated = PIDNS_ADDING;
> > > >
> > > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
> > > > + ns->memfd_noexec_scope =
> > > > + task_active_pid_ns(current)->memfd_noexec_scope;
> > > > +#endif
> > >
> > > .c files should never have #if in them. Can't you put this in a .h file
> > > properly so that this does not get really messy over time?
> > >
> > >
> > Thanks for reviewing.
> > It seems to me that checking for CONFIG_XXX is common in c code in
> > kernel/ path.
>
> Maybe, but please don't make it any worse if at all possible. It's
> tough to maintain code like that.
>
> > Do you have a sample code pattern (link/function) that I can follow?
>
> Any of the zillions of #if statements in .h files :)
>
Thanks.
I will take the approach of having real/stub implementation in the h
file, and the c file using it without a compile flag.
Please kindly let me know if this is not right.
Thanks
Jeff
> thanks,
>
> greg k-h
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC
2022-12-06 17:48 ` Jeff Xu
@ 2022-12-06 23:24 ` Kees Cook
0 siblings, 0 replies; 7+ messages in thread
From: Kees Cook @ 2022-12-06 23:24 UTC (permalink / raw)
To: Jeff Xu
Cc: Greg KH, jeffxu, skhan, akpm, dmitry.torokhov, dverkamp, hughd,
jorgelo, linux-kernel, linux-kselftest, linux-mm, jannh,
linux-hardening, kernel test robot
On Tue, Dec 06, 2022 at 09:48:55AM -0800, Jeff Xu wrote:
> On Tue, Dec 6, 2022 at 8:35 AM Greg KH <gregkh@linuxfoundation.org> wrote:
> >
> > On Tue, Dec 06, 2022 at 08:26:30AM -0800, Jeff Xu wrote:
> > > On Tue, Dec 6, 2022 at 8:04 AM Greg KH <gregkh@linuxfoundation.org> wrote:
> > > >
> > > > On Tue, Dec 06, 2022 at 03:23:55PM +0000, jeffxu@chromium.org wrote:
> > > > > --- a/kernel/pid_namespace.c
> > > > > +++ b/kernel/pid_namespace.c
> > > > > @@ -110,6 +110,11 @@ static struct pid_namespace *create_pid_namespace(struct user_namespace *user_ns
> > > > > ns->ucounts = ucounts;
> > > > > ns->pid_allocated = PIDNS_ADDING;
> > > > >
> > > > > +#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
> > > > > + ns->memfd_noexec_scope =
> > > > > + task_active_pid_ns(current)->memfd_noexec_scope;
> > > > > +#endif
> > > >
> > > > .c files should never have #if in them. Can't you put this in a .h file
> > > > properly so that this does not get really messy over time?
> > > >
> > > >
> > > Thanks for reviewing.
> > > It seems to me that checking for CONFIG_XXX is common in c code in
> > > kernel/ path.
> >
> > Maybe, but please don't make it any worse if at all possible. It's
> > tough to maintain code like that.
> >
> > > Do you have a sample code pattern (link/function) that I can follow?
> >
> > Any of the zillions of #if statements in .h files :)
> >
> Thanks.
> I will take the approach of having real/stub implementation in the h
> file, and the c file using it without a compile flag.
> Please kindly let me know if this is not right.
Right; for example:
in .h:
#if defined(CONFIG_SYSCTL) && defined(CONFIG_MEMFD_CREATE)
static inline void ns_copy_memfd_scope(... dst, ... src) {
dst->memfd_noexec_scope = src->memfd_noexec_scope;
}
#else
static inline void ns_set_memfd_scope(... ns, ... scope) { }
#endif
in .c:
ns_copy_memfd_scope(ns, task_active_pid_ns(current));
--
Kees Cook
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-12-06 23:24 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20221206152358.1966099-1-jeffxu@google.com>
[not found] ` <20221206152358.1966099-6-jeffxu@google.com>
2022-12-06 16:02 ` [PATCH v5 5/6] selftests/memfd: add tests for MFD_NOEXEC_SEAL MFD_EXEC Greg KH
2022-12-06 16:27 ` Jeff Xu
[not found] ` <20221206152358.1966099-4-jeffxu@google.com>
2022-12-06 16:04 ` [PATCH v5 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC Greg KH
2022-12-06 16:26 ` Jeff Xu
2022-12-06 16:35 ` Greg KH
2022-12-06 17:48 ` Jeff Xu
2022-12-06 23:24 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).