Received: by 2002:a05:6358:f14:b0:e5:3b68:ec04 with SMTP id b20csp980328rwj; Fri, 23 Dec 2022 10:37:30 -0800 (PST) X-Google-Smtp-Source: AMrXdXvhh59yDf9VxSc6dT975MTQyuI4P1UkyVfcvze5fvP9+/QdyZ3L9vdU87JGct0oW33Nl4Xi X-Received: by 2002:a05:6a20:a71a:b0:ab:e764:dc2c with SMTP id by26-20020a056a20a71a00b000abe764dc2cmr12483009pzb.7.1671820649845; Fri, 23 Dec 2022 10:37:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1671820649; cv=none; d=google.com; s=arc-20160816; b=BeVEnIDJdYKbIN1Z6CmrNpAWM2OKSy3XKJ19BDbVTqw3QRSL4gmL/8rtyiKY1OuRGB KWOIUGpKFXTDKgxzzvuHBWyL/kxjAeFxOdjcHx4GyvNtUDyQgPeJs/rm3r2QumWmhrvZ /mUTELmmdfwpUeQKHvv/zNjeqKMgvt1PQHaIpMMZbYv6tcuQz3povBQ2zMD5UM5m40vu iraysj2yMkc3caFGXM1ChZ+uVP9F0Sk5M2SDiUloxYXGLq1mIDlzvN0iI5hsiXRGaCfY DKs4+GMj/Vrn0VHv/ozPXmLQxqb6jBDWzR5mX1GtFpOk+EiCEXH1wCh5IXQxKNPmwPUc jRZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=YNX34iDEDxhm/E73u2ryfjAMjkVi+n5xnZV2QkAaR8Y=; b=cRgXkBunf3sFTLdoTYXGZrsZ9aT2EhKTyUSjoBjnsngh389koxabOFkUPmLh0dLPGy SG/8+4+glZtEA1ul1lTGBHDgipxzxq6UwZX9UjUcShJseiGKmnccpnzKm3Co0FYa2kDv LEwxhkFbomiKw+w0AZo2fV4xI3nWrKKkWU4PpaQlzAsmhQz5/dGZ+XQLovOKjBkazBIL WNrgXcUXN1HxsNr44yZyxHsSsb2WTS8v6MJL4M0tsvo+vhU+QLhs5SI0zP2nrLJKywVh EPQICAJVmKVb1X8aq7/VmjhHekg0WqWGvEpWBJLg1BeMcOksMMH7VhAmwv9btEkgd+Ms 6/RQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=B2pQNduQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o7-20020a635a07000000b00478ee0ffc8bsi4065592pgb.792.2022.12.23.10.37.20; Fri, 23 Dec 2022 10:37:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=B2pQNduQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231955AbiLWSHb (ORCPT + 65 others); Fri, 23 Dec 2022 13:07:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48012 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230489AbiLWSH2 (ORCPT ); Fri, 23 Dec 2022 13:07:28 -0500 Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com [IPv6:2607:f8b0:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 465CF15A35 for ; Fri, 23 Dec 2022 10:07:27 -0800 (PST) Received: by mail-pl1-x62e.google.com with SMTP id n4so5606139plp.1 for ; Fri, 23 Dec 2022 10:07:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YNX34iDEDxhm/E73u2ryfjAMjkVi+n5xnZV2QkAaR8Y=; b=B2pQNduQHUwfqdHCdaOSiaNR7q68ettEq3dUpGBPNb0sTtZvKsYwmkKSzUB5qdw/lV vsRPFX4RsX8ALAsgJhE8acYKHoqJvOAuPlel3zp14FztNUmVMbfVgmkeFlc40Tw/JGR6 W0UTXJ/2e9iivuwCSOdbxkpg9lITujhaGfv1Pk4lBIZRivylOuRxESQtdO8HpCTG+2Rd NxQSrit5JJ9rudyvZY5phz4kGh5CiMNDSvvZytbN61wCApficmhdGFoaiqQWGiBuH+oy zC6JSqk8dF4YljZcV3RJppACZ6ZUPatI/IOSUsjJC/3ZZpOmX0t9irb6JyUF7+k50nJQ B0Pg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YNX34iDEDxhm/E73u2ryfjAMjkVi+n5xnZV2QkAaR8Y=; b=DvcEK7UlCYDgBiW2eACUK7HCUfE0QfLqGrBOdCKkviBzHwO3Q5PhIUdrsEgoLx5mGX csHQLJJMv0VgWWvPZfW07TR1aikFxk1yEZDE+KAxGxZWg7PL9fLeF6NKVKlqfd6KWFYf woc6N6GvsjTs0tIwKBjSwxVEWuDjPuDiU0qf1svHwDAV3I8ZdLmkxs7VvpwYra+dONn8 18BZdpD5YEHk9ALdc6lZzSzpxxi9njrmoI++mwqTwZ8sYYRZzVS5MGxkBdxJBKXeiuww 6aJL8vkE9BTflHs/epDZfbGPQslBTstFFmrkoQ+K9bwDesL3AM8QXIK/V67naZf4K0j9 0jog== X-Gm-Message-State: AFqh2kp+VP2Xrsx43EzLCa4HXaPszwbdBGJbw+QjpzK62XbJ2+7YSE3k 1mgVPwooeMSt7igEVzpp+o0EhRQH7y6ofc+bAXcIYA== X-Received: by 2002:a17:902:b690:b0:174:7d26:812f with SMTP id c16-20020a170902b69000b001747d26812fmr658130pls.63.1671818846456; Fri, 23 Dec 2022 10:07:26 -0800 (PST) MIME-Version: 1.0 References: <20221207154939.2532830-1-jeffxu@google.com> <20221207154939.2532830-4-jeffxu@google.com> <202212080821.5AE7EE99@keescook> <20221216094259.bec91e4abd6cf54a05ce2813@linux-foundation.org> <202212161233.85C9783FB@keescook> <20221216140641.bf6e47b7c4f5a53f34c8cf9a@linux-foundation.org> In-Reply-To: From: Jeff Xu Date: Fri, 23 Dec 2022 10:06:49 -0800 Message-ID: Subject: Re: [PATCH v6 3/6] mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC To: Shuah Khan Cc: Andrew Morton , Kees Cook , Peter Xu , jeffxu@chromium.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, hughd@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, kernel test robot Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 20, 2022 at 8:55 AM Shuah Khan wrote: > > On 12/16/22 16:40, Jeff Xu wrote: > > On Fri, Dec 16, 2022 at 2:06 PM Andrew Morton wrote: > >> > >> On Fri, 16 Dec 2022 13:46:58 -0800 Jeff Xu wrote: > >> > >>> On Fri, Dec 16, 2022 at 12:35 PM Kees Cook wrote: > >>>> > >>>> On Fri, Dec 16, 2022 at 10:11:44AM -0800, Jeff Xu wrote: > >>>>> Once per boot seems too little, it would be nice if we can list all processes. > >>>>> I agree ratelimited might be too much. > >>>>> There is a feature gap here for logging. > >>>>> > >>>>> Kees, what do you think ? > >>>> > >>>> I agree once per boot is kind of frustrating "I fixed the one warning, > >>>> oh, now it's coming from a different process". But ratelimit is, in > >>>> retrospect, still too often. > >>>> > >>>> Let's go with per boot -- this should be noisy "enough" to get the > >>>> changes in API into the callers without being too much of a hassle. > >>>> > >>> Agreed. Let's go with per boot. > >>> > >>> Hi Andrew, what is your preference ? I can send a patch or you > >>> directly fix it in mm-unstable ? > >> > >> Like this? > >> > > Yes. Thanks! > > > > Sorry jumping into this discussion a bit late. Is it possible to provide > a way to enable full logging as a debug option to tag more processes? > Codewise it is possible, maybe by adding a sysctl or CONFIG_, but I am not sure the best practice to do this with the kernel? Kees/Andrew, do you have suggestions ? Thanks Jeff > thanks, > -- Shuah >