Received: by 2002:a05:7412:8d10:b0:f3:1519:9f41 with SMTP id bj16csp6241926rdb; Thu, 14 Dec 2023 12:11:55 -0800 (PST) X-Google-Smtp-Source: AGHT+IFRFyG1wEZwMLCMnKfsKqeL6RgJiT+GC+uRN+/CDmQpl/PAi9iTccpu5IAVRDf0HER7DFbU X-Received: by 2002:a05:6a20:9149:b0:18b:92b3:7c80 with SMTP id x9-20020a056a20914900b0018b92b37c80mr13596296pzc.22.1702584715611; Thu, 14 Dec 2023 12:11:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1702584715; cv=none; d=google.com; s=arc-20160816; b=O8zNXssA05XN59v0b9LF7OuX0RAG1niWb9xzl3usEY3UHDXyP16om/5O7/4I5c1gPK LgYZgG7i3WylKFj2yaeGohj0HYQoQdNeNjz1LDzsRUwkLsotGWVnzEEClbIhSH20JdXA 4nkVNj6J4/oS+qwuzsPLorMUfoNCm7KfDg28arzTlPJYLTAoq0DbyCbagXchWqD/zlH7 tdRvtP1WnYVUPQTfVuyMa0UmzO2JvlCMTVW1s0NgZvAREOE+Q2Gw4YHoiZ7BGGMrDEx2 Y/W5kRFR3G9TJZUF0TOjIV9az8QDtPWmP+Wn/dKTFZwlv9V6XEzofQUIvuy3qjbsteGp aFeg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=Kfh8Dy6cQrhts0Y+UCJGg173DSLFoHSRig78lNgd6Fg=; fh=ghqQBAoBF/gPlM6kj03qYK6Zgb9PbynlPNng+R3DDyE=; b=v3nIQAYQADcXRlbd+ty8YND8eEO3m6r8WPaPJjFWD1MmI0ARPOzmjkRRK+zRz3m+lD p2LybZ5N6dbzvaZ0N0USym3RmnrffMvzlHIH4IYtmxh/G3A+ieDzVZGfrn0irsiIM1TN KnIw+NiCgV2ABmlubr+S9StE0f0cuOTzcc+K5nfi/SB3fJhTvwsczsoH9DEt2bVteTvC 0k+qviVVSDmoORFwHbwbApl4k5vCpLE+d9KYIxqSg3Nx0Wjym8MDEpjarg3Qp8MG1CV+ 5zSs1RV5NqfwXEH2hO15bW2FiWxTKH8T5vTyt8TKtXT1xm3K6u5vLK0j3gsrl/qUxHDk Jnog== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Dka7iRwj; spf=pass (google.com: domain of linux-kernel+bounces-53-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-53-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id cm14-20020a056a020a0e00b005c6818b5a3esi1369333pgb.528.2023.12.14.12.11.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 14 Dec 2023 12:11:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-53-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Dka7iRwj; spf=pass (google.com: domain of linux-kernel+bounces-53-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-53-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 49515281850 for ; Thu, 14 Dec 2023 20:11:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1CD3D6A036; Thu, 14 Dec 2023 20:11:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Dka7iRwj" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-oi1-f182.google.com (mail-oi1-f182.google.com [209.85.167.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7EED86A006; Thu, 14 Dec 2023 20:11:45 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-oi1-f182.google.com with SMTP id 5614622812f47-3b9f727d94cso2331719b6e.1; Thu, 14 Dec 2023 12:11:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702584704; x=1703189504; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Kfh8Dy6cQrhts0Y+UCJGg173DSLFoHSRig78lNgd6Fg=; b=Dka7iRwjqy3XnAaS8QUUWkywJDET06cor2wo8xod1fSukvDJhMmtCSP9lYgHPROffT l4isFcvnZkZahKSlvTXBToQ3YXAPpmM+E+72jLVaqrdxydicjFfsQ+aLCkfStZMOesvt Lx+IyW4BeeSUzUzEBB2oauywMiQVTkoeflGX79GK4p/eYAKxYNow4KUa25B0dczXJXVS iSII0Wn82S6CRPKALbbwg7qfHy2fU6AcFjsNW2vb0mvgkFaxH30XFsTLrGW3waG5Q5pX FfAmedMffsnbT5M1dWIwJWbI9hbhiLM97wh6KiBsG7wd7q2R4GHBdeAkR6Ki+pLFQhvq MyAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702584704; x=1703189504; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Kfh8Dy6cQrhts0Y+UCJGg173DSLFoHSRig78lNgd6Fg=; b=TN2NxRhCDJZZxVlPeDurQOL3rAt0cSRb0LU53gztzNiWHkOy5kHJdZcvOFDQo1ibQ8 3xUm8TNJCBcSOnEybJy26zweCLBO4X9evsMUQrX6mObk9kCa9QfZ0pqKfJmxaQuKKWDq FYmVDEJ2Yfp54X9ksQWNdRd9h7rIX4ZC4oudp3bU2Zr84CydD2DdLtIzHDMT1rvJwfio fvigWYJ7ozaFd3OmmEkEiFUx4WiGKJYM2OcqKu60XIdDFtABkkL8uO/XgNXjDpoBMG+Z y9dI2bCek+3YD1y1GtrwGkvRuu+0/sG6YFlHQGxSKdGTommJw0Z/sUif/YXO6Jc2Ccb0 05QA== X-Gm-Message-State: AOJu0YxzUIoH/n3PaIU04beB4ulbaofvEq7ninchLooOnfXJuNSemFA1 FI6tZdOE/w0sN7elnSWGwd1XsvkmAhrzkTL6A1coFag3 X-Received: by 2002:a05:6808:3849:b0:3ba:c52:7245 with SMTP id ej9-20020a056808384900b003ba0c527245mr9035807oib.95.1702584704448; Thu, 14 Dec 2023 12:11:44 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20231212231706.2680890-1-jeffxu@chromium.org> <20231212231706.2680890-12-jeffxu@chromium.org> In-Reply-To: From: Pedro Falcato Date: Thu, 14 Dec 2023 20:11:32 +0000 Message-ID: Subject: Re: [RFC PATCH v3 11/11] mseal:add documentation To: =?UTF-8?Q?Stephen_R=C3=B6ttger?= Cc: Linus Torvalds , Jeff Xu , jeffxu@chromium.org, akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, willy@infradead.org, gregkh@linuxfoundation.org, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, dave.hansen@intel.com, linux-hardening@vger.kernel.org, deraadt@openbsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Dec 14, 2023 at 6:07=E2=80=AFPM Stephen R=C3=B6ttger wrote: > > On Thu, Dec 14, 2023 at 2:31=E2=80=AFAM Linus Torvalds > wrote: > > > > On Wed, 13 Dec 2023 at 16:36, Jeff Xu wrote: > > > > > > > > > > IOW, when would you *ever* say "seal this area, but MADV_DONTNEED i= s ok"? > > > > > > > The MADV_DONTNEED is OK for file-backed mapping. > > > > Right. It makes no semantic difference. So there's no point to it. > > > > My point was that you added this magic flag for "not ok for RO anon map= ping". > > > > It's such a *completely* random flag, that I go "that's just crazy > > random - make sealing _always_ disallow that case". > > > > So what I object to in this series is basically random small details > > that should just eb part of the basic act of sealing. > > > > I think sealing should just mean "you can't do any operations that > > have semantic meaning for the mapping, because it is SEALED". > > > > So I think sealing should automatically mean "can't do MADV_DONTNEED > > on anon memory", because that's basically equivalent to a munmap/remap > > operation. > > In Chrome, we have a use case to allow MADV_DONTNEED on sealed memory. I don't want to be that guy (*believe me*), but what if there was a way to attach BPF programs to mm's? Such that you could handle 'seal failures' in BPF, and thus allow for this sort of weird semantics? e.g: madvise(MADV_DONTNEED) on a sealed region fails, kernel invokes the BPF program (that chrome loaded), BPF program sees it was a MADV_DONTNEED and allows it to proceed. It requires BPF but sounds like a good compromise in order to not get an ugly API? --=20 Pedro