Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp3307275rdg; Tue, 17 Oct 2023 10:22:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHOua23uXH7ezRVa/Tw/g5VAa7koZoJNC4riIjwpuImb0RYMckAEJdx4eQ+sW3feu5C7oMD X-Received: by 2002:a17:90a:196:b0:27c:f486:3af8 with SMTP id 22-20020a17090a019600b0027cf4863af8mr2823469pjc.39.1697563368501; Tue, 17 Oct 2023 10:22:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697563368; cv=none; d=google.com; s=arc-20160816; b=xcfusaAI8pP/wOMw0DgyersQeH0F+x6YbxtHo1lQQ/GTxmJbQhigukDsFqJ59Uhd6E /8mHLnSA53MEY7prSdvcngKGjAMgVWhpTSXCLzKqu0nFzbGM64bmDIgi+IcSs47Xq0bT lR7tiDecjxeoEu9xK8oOuA25ZoWmWOSZcuNZnigoxuS6f2NRO8JJ3q6nDsIRX7pivleB ii8bIO7E8OXVzKzL+jOX5INGBECdmdKfcUmuQ4T06RmT7LV5uMAeWFDXUh/IyB2+s9VH KEl7FMeD3aJVCya35njhvSsg9aKzS5+Xu+kcEi6y9dmKj2yXIlQwGLw0XH9x3vrJ4Gtg 65aA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=pYYZG7yAyFfJYvTA6jWgYrv4Zal/uQTaztc6Ctmxivo=; fh=otRL9ddYQhGaEoGfv187QxVHaRZgLklhFFOyuWMCXhY=; b=pvflf6YHdR3E1Z/M2km/AGdz2qjmFTXol9JX83SRbmUd6w2ZbkQpcdeVgq5QqmnaGL V8DHSUmBKvxivmg3CFr/1J7/u8tRdDZ3wl6+ZXJcRPG92olsjk4kpz0U5ZTSZdhlUQMZ 9Narj9LVQD3XHCMNu+1b9AMsxwwHcudyOQnEhEj7WhAJWzEmtthHnFaMNMBE3YiKgbdM XfbhVYUExSgH2s09eXZLMjwZ1RlL+OfXZpfTAU1NnPCHe+05KnX2WEYonQ73bq6MgcX/ qomKRwbe0aGgW/RpF3RUvqQYanm+tHNWvkXDA9Clbid+DgAcRVNjLICtMoxiD+o52LhO CMWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=NeXtaCVt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id bw24-20020a056a02049800b00585a5e9a965si239813pgb.161.2023.10.17.10.22.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Oct 2023 10:22:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=NeXtaCVt; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 57DD8802EE53; Tue, 17 Oct 2023 10:22:46 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343939AbjJQRWk (ORCPT + 99 others); Tue, 17 Oct 2023 13:22:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57438 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234808AbjJQRWh (ORCPT ); Tue, 17 Oct 2023 13:22:37 -0400 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5CD37A4 for ; Tue, 17 Oct 2023 10:22:36 -0700 (PDT) Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-9bda758748eso675240166b.2 for ; Tue, 17 Oct 2023 10:22:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1697563355; x=1698168155; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=pYYZG7yAyFfJYvTA6jWgYrv4Zal/uQTaztc6Ctmxivo=; b=NeXtaCVtoBRYyn9Zqj//mRCL4yeww1erXUnSIkXPMWOVACf+Jkbaq4+bPZzC69WGTs e//9AE5/hXQurjDe2mC3gjraYdJbgw17FakyRXdHifoVHJq8fbwXsOEUohu5OSH0cPYp 9/D5B+3K50BSAUa7cmmqs6ZyzlMcmn0MR0GTI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697563355; x=1698168155; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=pYYZG7yAyFfJYvTA6jWgYrv4Zal/uQTaztc6Ctmxivo=; b=OOhYUnE4eTmBWz3p84s182SWir4bYvb2stURU6lYAgA/atbdwJzY/w3Bs5FvMA/9Xj NwR72KyUdkHW1ZMDGd0YsKc7xDXOnPJXad+CU943pnx+dIBB2SKh1L+pUCOncOFNKQMI mm8px0Ib0dONmCynLPTJG/af8AHA7X3ZJxP7kBq23K5j6CbdUp7+CTgrbzLB69el4Hm9 E6j2f1Gdpoqrjr8dXajde6QLsx+qTFS8bQ1YJbp3PEqLKWLAQfi5RIpDyJS2km6hnhIT agcYKbhorKSuREpIlF/CjTrVznmKmHqYIMSkvLo5I9BUm3AYiMGO4+eCwCTduuW9l64/ rqoQ== X-Gm-Message-State: AOJu0YzA+hBuk8E/YFb1reEEB+hfj3ui7Wk4UonyT+qcVPmn674+77EQ eDfxjoN36mW0SSW+bAYAqAcl6DQXtBSt4sbAdZJP0GRw X-Received: by 2002:a17:907:2ce2:b0:9bf:d65d:dc0f with SMTP id hz2-20020a1709072ce200b009bfd65ddc0fmr2117002ejc.4.1697563354779; Tue, 17 Oct 2023 10:22:34 -0700 (PDT) Received: from mail-ej1-f54.google.com (mail-ej1-f54.google.com. [209.85.218.54]) by smtp.gmail.com with ESMTPSA id ch3-20020a170906c2c300b0099ce188be7fsm165541ejb.3.2023.10.17.10.22.33 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Oct 2023 10:22:33 -0700 (PDT) Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-99c3c8adb27so937788566b.1 for ; Tue, 17 Oct 2023 10:22:33 -0700 (PDT) X-Received: by 2002:a17:907:c08:b0:9bd:e017:370e with SMTP id ga8-20020a1709070c0800b009bde017370emr2539597ejc.54.1697563353335; Tue, 17 Oct 2023 10:22:33 -0700 (PDT) MIME-Version: 1.0 References: <20231016143828.647848-1-jeffxu@chromium.org> In-Reply-To: From: Linus Torvalds Date: Tue, 17 Oct 2023 10:22:16 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v1 0/8] Introduce mseal() syscall To: Jeff Xu Cc: jeffxu@chromium.org, akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 17 Oct 2023 10:22:46 -0700 (PDT) On Tue, 17 Oct 2023 at 02:08, Jeff Xu wrote: > > It is probably worth noting that I choose to check one and only > one sealing type per syscall. i.e. munmap(2) checks > MM_SEAL_MUNMAP only. Yeah, this is wrong. It's wrong exactly because other system calls will unmap things too. Using mmap() to over-map something will unmap the old one. Same goes for mremap() to move over an existing mapping. So the whole "do things by the name of the system call" is not workable. All that matters is what the system calls *do*, not what their name is. And mmap() will fundamentally munmap() as part of the action. This is why I absolutely hated the old "ON_BEHALF_OF_xyz" flag, and why I still absolutely hate the "randomly pass different sealing flags fto do_munmap()". You should *not* be passing any flags at all to do_munmap(). Because *regardless* of who calls it, and regardless of which system call started the action, do_munmap() unmaps a virtual memory area. See what I'm saying? Linus