Received: by 2002:a05:7412:f690:b0:e2:908c:2ebd with SMTP id ej16csp670256rdb; Thu, 19 Oct 2023 16:06:47 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFIiINyR10C7QgY9ErZneCRG30aX4xvQ5/MecSIUUpi0m6hrD1ZtZX3y4uEEskIURABKSr7 X-Received: by 2002:aa7:88cc:0:b0:6b8:f7ed:4deb with SMTP id k12-20020aa788cc000000b006b8f7ed4debmr158157pff.13.1697756806793; Thu, 19 Oct 2023 16:06:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697756806; cv=none; d=google.com; s=arc-20160816; b=TByXw268eLYpB26Ji79iLu+rgIBb34ghO80ZAR8wX73nDver/vDM8sOD4nhdxaT10p Ug/FobsbVJHw7s8fsrUPxiMESgajr5+Ksj58IHKBJ/09e/02KzpmXOD47YFjNGkm2/rW lc0NnC66HkFJOJM9SvZPpyjl5Wi5oTq7a+btk0GB7t9UxREwVxGst334ztk5E3nlh2aS N2j56kYHgvzryaLB6Pqmm+frPbsA0T0Tb2201R3B5XMD4Slu9dlWaY9VWbJQQd/K3Yi0 1w5EIGGJuk4grj91wSfn0OqHoTA7o6kIlwJsp68lq51XHSew4KBSou9Wc1fnKfLHQIe2 pLIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=vyephYMGi9WkrF+MMy/aTcTtLZAvJsqtW+X3GM9oKyI=; fh=w7t3+BtwX5HnQAyiiPwr+4n2LEFrYk6lbC8eWG6LZJs=; b=Ss/UvCzFrTRa75VcjXku0MEZyeL2ZSU5115HXW7XeosnVL3M329SF1nWLNxvyeDh/Q wtcpt+MpGnLxmSMiSyu4fGuMVgjAwqet2nME/G616rcJg0YxKCXjb9ze1MA/nAmqlo06 efntGHAotrLE3jMKJhIvjpoonZjgcA9wEkFhpgc1c3mlDe2yK3nmkd+K1WCDUJ/9ZhMo QUA/fRpnrYXUaPYOwcMCf/HeQZ2D9RlY4FfHAUS3D5KpnVh/JEEDkSPjQeH9/jDefriW no+eyrUAVfqoH+bhQjxl6StKeoIiJSlBbZjHe1vs90sfDAVgEjPX/VmdMVA+XaB8nBHH hFKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=XLScS6Sx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id v191-20020a6389c8000000b00578ac88e239si522020pgd.595.2023.10.19.16.06.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Oct 2023 16:06:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=XLScS6Sx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id 7D59C81C00DC; Thu, 19 Oct 2023 16:06:44 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1346638AbjJSXGg (ORCPT + 99 others); Thu, 19 Oct 2023 19:06:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36864 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233222AbjJSXGf (ORCPT ); Thu, 19 Oct 2023 19:06:35 -0400 Received: from mail-lj1-x229.google.com (mail-lj1-x229.google.com [IPv6:2a00:1450:4864:20::229]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91884FA for ; Thu, 19 Oct 2023 16:06:33 -0700 (PDT) Received: by mail-lj1-x229.google.com with SMTP id 38308e7fff4ca-2c509d5ab43so3189231fa.0 for ; Thu, 19 Oct 2023 16:06:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1697756792; x=1698361592; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=vyephYMGi9WkrF+MMy/aTcTtLZAvJsqtW+X3GM9oKyI=; b=XLScS6SxFxKUAqTUem7TJ54dAnmfCURESHowXgmWQ1vxH0MjIQLMv4NiccWfdNQ81o 5ZcLccrDnSzYHjqc64UjvxOpSvRJNgjkHzArwGJMtQn3Yqxrc6SAQlHDxcgmA7MXLcPa jhxI7YiRmCnbCgVqS0vpsurLG8UspeVIvZumA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697756792; x=1698361592; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=vyephYMGi9WkrF+MMy/aTcTtLZAvJsqtW+X3GM9oKyI=; b=nEeSVuT5xwojlce3hDXuVzCZcGc6NBVPG9SUxBcEt8Hz3bCnqbUyiAQYz/Z8RollKP jZTmdGmMJH6W1lPpgQRrPqZFZ+4DLi71v9rL0L56oDyViZ7f6MW61gEkJPsGNHQygxqh JJkrq+3J2RWW6I+TzONKgYPThd7HNEYvtaSzDppez8iabvneahjZlrRTPilkCRO7Rlw3 Ha1nQrZysoAfiFmSdND1PDbYZadFwHpI75tPRXrldS4wvMDSMYkp00/z8OmqXgHCSGJb 1MR0LVCHmE8ee9NWRfEo3SZL+bKM5vp9g3hG+ShP39R/XQ8wdR/QaJrI7noX7kt6WDK4 Su6g== X-Gm-Message-State: AOJu0Yzewb4lPLj1KmG6Xi3p59UOtfsdr5O07PQRE0mPURIg189o38Nt 7zu6NibCG0YCOypY0INzBL3Uk8wftx/KA1GI3nDq4JG2 X-Received: by 2002:a2e:81cc:0:b0:2c0:2ef8:9716 with SMTP id s12-20020a2e81cc000000b002c02ef89716mr258938ljg.1.1697756791842; Thu, 19 Oct 2023 16:06:31 -0700 (PDT) Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com. [209.85.167.42]) by smtp.gmail.com with ESMTPSA id b12-20020a2e894c000000b002c00d4eb5ddsm107519ljk.99.2023.10.19.16.06.31 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 19 Oct 2023 16:06:31 -0700 (PDT) Received: by mail-lf1-f42.google.com with SMTP id 2adb3069b0e04-507a98517f3so246729e87.0 for ; Thu, 19 Oct 2023 16:06:31 -0700 (PDT) X-Received: by 2002:ac2:533c:0:b0:503:3453:ea7a with SMTP id f28-20020ac2533c000000b005033453ea7amr52431lfh.66.1697756791018; Thu, 19 Oct 2023 16:06:31 -0700 (PDT) MIME-Version: 1.0 References: <20231016143828.647848-1-jeffxu@chromium.org> In-Reply-To: From: Linus Torvalds Date: Thu, 19 Oct 2023 16:06:14 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [RFC PATCH v1 0/8] Introduce mseal() syscall To: Pedro Falcato Cc: Jeff Xu , Matthew Wilcox , jeffxu@chromium.org, akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, lstoakes@gmail.com, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Thu, 19 Oct 2023 16:06:44 -0700 (PDT) On Thu, 19 Oct 2023 at 15:47, Pedro Falcato wrote: > > > > For mprotect()/mmap(), is Linux implementation limited by POSIX ? > > No. POSIX works merely as a baseline that UNIX systems aim towards. > You can (and very frequently do) extend POSIX interfaces (in fact, > it's how most of POSIX was written, through sheer > "design-by-committee" on a bunch of UNIX systems' extensions). We can in extreme circumstances actually go further than that, and not only extend on POSIX requirements, but actively even violate them. It does need a very good reason, though, but it has happened when POSIX requirements were simply actively wrong. For example, at one point POSIX required int accept(int s, struct sockaddr *addr, size_t *addrlen); which was simply completely wrong. It's utter shite, and didn't actually match any reality. The 'addrlen' parameter is 'int *', and POSIX suddenly trying to make it "size_t" was completely unacceptable. So we ignored it, told POSIX people that they were full of sh*t, and they eventually fixed it in the next version (by introducing a "socklen_t" that had better be the same as "int"). So POSIX can simply be wrong. Also, if it turns out that we had some ABI that wasn't POSIX-compatible, the whole "don't break user space" will take precedence over any POSIX concerns, and we will not "fix" our system call if people already use our old semantics. So in that case, we generally end up with a new system call (or new flags) instead. Or sometimes it just is such a small detail that nobody cares - POSIX also has a notion of documenting areas of non-conformance, and people who really care end up having notions like "conformance vs _strict_ conformance". Linus