Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp4647054rwr; Mon, 8 May 2023 10:29:30 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5Mhg5pZttvrYK97fELE7ButKahftmt/NmdcDiq2fTdNBv4Bz56bWJ8lcXp2Y/0DOIW6rTU X-Received: by 2002:a05:6a20:3caa:b0:f6:4c57:262f with SMTP id b42-20020a056a203caa00b000f64c57262fmr14236840pzj.53.1683566970122; Mon, 08 May 2023 10:29:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683566970; cv=none; d=google.com; s=arc-20160816; b=E4cSC4PEBMotSh+nGNNEbXfTT0b1osYulJUB1EVBRpMeidWYuq/nM1TaI+cAbbBrLI BqmTxYctGHWuJGdTLOWlXv7wVhsj8dHoILYad+SpobIxx/U4P9Jaub3AIdnfubH0dU+3 MKVPG1Sa3vk7YT9A0QEei+4qJoh2IUvOI8BVJ/WZqX6ruzElYZUlgwSXuBinszbvqeKy TbX/X42qfFj0vgQ4e4qLJwn/1TX3xXKbP3mW/F0wvlMwbinCocR2m9HVv2Pvkq18H2Xf 7lB71k0UhRbOxCLlR9FX4/LGS0+H2cASolal3if/T2bj22AwjWkIEmQuhX+ti/z5Z5aY j8sQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=EGF9Bdb9JOj4ZKrCw770yZ6qanDIda3Of6R8VUahyS0=; b=tqWE0bdr4esVf7njn5/g8nOoT9adzjFft3xx2qXa5yWjjycG3zFN9xyXTKLSjUFMSl gMYZO92I23fz0WYXKVKnsuG5vtARntimv637tp5d3hdb44CkTgpmeFMqdLOGpXOZWMS0 JRjwa36iOD9rOVhsnN+hqe+R+9QH4N7kd2c8vtvz1A28z512WLSaV7YzW0excTa9RQh+ nyUsVscXHWY2figq8Xfmy9PEozGe9WJXkKfnN8AtkBGnbfKjxJecYfmMhkk97xVMNo8Q OeelLFxNGLuRa7S+H6BXpT0knixPu37ah385wIoFxeNodTOAvNguMvnVYzSC1jK7keMV YPgg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=VsL5h7zK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 65-20020a630044000000b0051384f6edeasi8915262pga.537.2023.05.08.10.29.14; Mon, 08 May 2023 10:29:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20221208 header.b=VsL5h7zK; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229764AbjEHRVW (ORCPT + 99 others); Mon, 8 May 2023 13:21:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37772 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232779AbjEHRVV (ORCPT ); Mon, 8 May 2023 13:21:21 -0400 Received: from mail-lf1-x12f.google.com (mail-lf1-x12f.google.com [IPv6:2a00:1450:4864:20::12f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DC1ADE76 for ; Mon, 8 May 2023 10:21:19 -0700 (PDT) Received: by mail-lf1-x12f.google.com with SMTP id 2adb3069b0e04-4efe8b3f3f7so5490729e87.2 for ; Mon, 08 May 2023 10:21:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683566478; x=1686158478; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=EGF9Bdb9JOj4ZKrCw770yZ6qanDIda3Of6R8VUahyS0=; b=VsL5h7zKMPs8Q7T4GaqwhDe0M3SaDXdFdUp6gR7o664fIAPEUCyV4Pb43Dop55RNHW glHp7weXenZXMh3BaH58FJFUqVqai1vYkHY8etK5czOgBN1DF7ZdeHFjbrtXxnSBPc34 ZhIfEhIMdAp4NiLuRxnfsUbijWeh/sCfaAmSs5ACwdAK9gHubvuib0vBx1Z2bxy+nLdW kLclBgUmwJTKHrjSttIkZKLk9pk7DwByR12vZYsWO+cCX/rVi4setysscov+Xh9WNiwN PyawKVKMWGZvrZgFhWLo5SYYSrRwrGuf6LfBrmtZVSPWjZqW5+elTXznLSDBfT49uaoe lpBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683566478; x=1686158478; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=EGF9Bdb9JOj4ZKrCw770yZ6qanDIda3Of6R8VUahyS0=; b=B1I7ytQWBxpjUJXxbBH49suscG9G1rlPjfo6/A64y3Bkv+hfz66jlrMVJ5ZpvELSDx V5CufNKed2wb3i8U017UGCn1DdVlrsDeQZiqQ8cnouQC+8Onx5re0PbjyAdxySSIMEtI hze4HNkm2DgDthZAfXiWYb2OEm1nzifpK/7X0ybEgT+uWIwfX4YvcZeDmPdH7/nBDfE+ /sDz7qkcS/iKrDrK4Sfm70G09Wwcg9127x4e8KDImK4yb4IcVMotUkKcSHhOG/+jMbqy E7F36gunDjDgn1rKTJ3Q6Yc56asd0+xKtlEE04ymXxUEehegCeAihFeEjttTUf1ohgnr kNaA== X-Gm-Message-State: AC+VfDxL2zREAcKo/TN5yauIcGL7Uwkfw0GsqZxHISWVBIn9cCIegaGn y71J10elWVhPQW+OWGNvyKU/lXuIWWA= X-Received: by 2002:ac2:44a6:0:b0:4ea:e0e7:d12d with SMTP id c6-20020ac244a6000000b004eae0e7d12dmr2617051lfm.1.1683566477979; Mon, 08 May 2023 10:21:17 -0700 (PDT) Received: from [192.168.1.12] (81-197-197-13.elisa-laajakaista.fi. [81.197.197.13]) by smtp.gmail.com with ESMTPSA id q5-20020ac25fc5000000b004f1477cf8a7sm50172lfg.115.2023.05.08.10.21.17 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 08 May 2023 10:21:17 -0700 (PDT) Message-ID: Date: Mon, 8 May 2023 20:21:16 +0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Subject: Re: [PATCH 0/4] MDWE without inheritance To: Catalin Marinas , Florent Revest Cc: Peter Xu , linux-kernel@vger.kernel.org, linux-mm@kvack.org, akpm@linux-foundation.org, anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com, keescook@chromium.org, david@redhat.com, izbyshev@ispras.ru, nd@arm.com, broonie@kernel.org, szabolcs.nagy@arm.com, lennart@poettering.net References: <20230504170942.822147-1-revest@chromium.org> Content-Language: en-US From: Topi Miettinen In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8.5.2023 17.10, Catalin Marinas wrote: > I think we should keep the original behaviour of systemd here, otherwise > they won't transition to the new interface and keep using the SECCOMP > BPF approach (which, in addition, prevents glibc from setting PROT_BTI > on an already executable mapping). Systemd has transitioned to prctl(PR_SET_MDWE) method since release of v253, so the original behaviour definitely should be kept. > To me MDWE is not about preventing JITs but rather ensuring buggy > programs don't end up with WX mappings. We ended up this way because of > the SECCOMP BPF limitations (just guessing, I haven't been involved in > its design). With a no-inherit MDWE, one can introduce an additional > policy for systemd. It would be a sysadmin decision which one to enable > and maybe current (inherit) MDWE will disappear in time. There could be a new setting for this, like MemoryDenyWriteExecute=no-inherit. I'd only use it for those special cases where MemoryDenyWriteExecute=yes can't be used. > x86 has protection keys and arm64 will soon have permission overlays > that allow user-space to toggle between RX and RW (Joey is looking at > the arm64 support). I'm not sure how we'll end up implemented this on > arm64 (and haven't looked at x86) but I have a suspicion MDWE will get > in the way as the base page table permission will probably need > PROT_WRITE|PROT_EXEC. Wouldn't those features defeat any gains from MDWE? The features probably should be forbidden with MemoryDenyWriteExecute=yes. -Topi