Received: by 2002:a05:7412:ba23:b0:fa:4c10:6cad with SMTP id jp35csp1688489rdb; Sat, 20 Jan 2024 08:59:20 -0800 (PST) X-Google-Smtp-Source: AGHT+IFsLmXLQdmQy2qL4S3lJJr4MZ3dUTHSR9sXuesKzJUWuGKTGLjct84/HTTLSs5Dtrn4u/bQ X-Received: by 2002:a05:6870:71c7:b0:214:431a:431f with SMTP id p7-20020a05687071c700b00214431a431fmr198372oag.64.1705769960090; Sat, 20 Jan 2024 08:59:20 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1705769960; cv=pass; d=google.com; s=arc-20160816; b=G02Llx47ORb6f0x9KuRmmcdkljum1LbdvckAq64wvD4KGfLGQJK95WhI6apSXZRDEZ FxjSZN2qITjxBaJS6+yR1d3dVb5iZ2Aa7PzA5cNawlZLTvSTZYYU+inUfyeR0CCpkK/l e35fFqterQkrixgLCnrHaWL/xQ0W9Cgi50tJ1gV5Thsn+uC/C1ztjvWtkDGzbST/Jg0u 4ltz6BnccM5q30IbGKVQu1wTWl8Y9AjvXpRdJLYjNyB3g3q8vZYyK7m5+GoYn8OSdLbC ovv06rdaah3N6qr8rCkwf+PVil88rkAn1wdiG7kNEsseUpVfz+OPKA5fzGQ3bAL7qfsX 6tKw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:date:content-id:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:comments:references:in-reply-to :subject:cc:to:from:dkim-signature; bh=qx9eQ5fnQoaWQUKfsP8a3kLDK/cEgK1Lql6Lp/Jy1TI=; fh=VhNN44yyMt19xvWWEFfvXp+R08EYSC+Sx65zo4udGmU=; b=lcjcRxNc+qLTdNt0lBAYi64f54h4TnYS4g+mqa/5AEB1VXZIm0qunuZSOoBYDF46O7 JHn0pZMaXMk8Q8wu4zy+DOASI+NaH8T+cIcPY+NVWTDkNl7eracm12Tg//SzghXJmF9Y wQxzS+xvY8VDd9sesOthUaC7YtRQ4Fz2mz3H3H6CVXdKKK2Ka+4YkDqoLjwWrtLTk4m/ 4gWcM/Kus+KQYiW5BoaYE4D1VJvq9LTvnAqwCNMxcn7yjGuUTCxqUaswS94+eZyfdY5W k1+Mge4+pwGB//ntAVEF/9v4XyFhCwpxYT6PAKJFtCwNQEHzhUWchjtOEw6z9m3crNvc wWcg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@openbsd.org header.s=selector1 header.b=ZBdxT4sm; arc=pass (i=1 spf=pass spfdomain=openbsd.org dkim=pass dkdomain=openbsd.org); spf=pass (google.com: domain of linux-kernel+bounces-31844-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-31844-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id u10-20020a170903124a00b001d55bccfd18si5379397plh.381.2024.01.20.08.59.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 20 Jan 2024 08:59:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-31844-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@openbsd.org header.s=selector1 header.b=ZBdxT4sm; arc=pass (i=1 spf=pass spfdomain=openbsd.org dkim=pass dkdomain=openbsd.org); spf=pass (google.com: domain of linux-kernel+bounces-31844-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-31844-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B6E3F283FD2 for ; Sat, 20 Jan 2024 16:59:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 181B010962; Sat, 20 Jan 2024 16:59:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=openbsd.org header.i=@openbsd.org header.b="ZBdxT4sm" Received: from cvs.openbsd.org (cvs.openbsd.org [199.185.137.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C3446FC12; Sat, 20 Jan 2024 16:59:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=199.185.137.3 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705769951; cv=none; b=CkJ1wYBwf1s4be1tHBAnR1fPwdN9suDmFfxNE1VZId25uxb8Zu6jXOSv+q3/SCDRXqyLBMtQXr1OYKVZ4tfJkIvd9gV7X2exA51bHq+l3VXtmHUzRs2lxXfr5oR7IGxTDGONT0jt5Rk1MGwn5L6z3aE2hzhpNHllMdZOGqrtH+I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1705769951; c=relaxed/simple; bh=1oROoR0nKlb6+UFwWsH51B+hCVBgpFqtLuP0ReDclek=; h=From:To:cc:Subject:In-reply-to:References:MIME-Version: Content-Type:Date:Message-ID; b=NBEUN/rTK8MISvbxlrnFWT96uo4uI5aX2ieB24zqqbfqdUNtbIj4AfGFkU+CXbRErZqJmPxBx3/nQFwI04PoynHr/v21Vw2TPTx5pCWwZcNb320MijB1VQYm5fA7/RpK1nWXY0DyLUcitQoKfQub1xxWHrDBym8Dv5QL7XxM93Q= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=openbsd.org; spf=pass smtp.mailfrom=openbsd.org; dkim=pass (2048-bit key) header.d=openbsd.org header.i=@openbsd.org header.b=ZBdxT4sm; arc=none smtp.client-ip=199.185.137.3 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=openbsd.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=openbsd.org DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=selector1; bh=1oROoR0nKl b6+UFwWsH51B+hCVBgpFqtLuP0ReDclek=; h=date:references:in-reply-to: subject:cc:to:from; d=openbsd.org; b=ZBdxT4smVvYsJtQ1Adk4k08ujFn06ssfD pzMIYPOjC1tKV3j2+bVsOnBxn71Lxc2vl0zUnMnRcHB+Cds96zGYxDU0E4aUXN41+AY2q5 rBMkkB9O5IWT+3RVaYTVl3SG3GtpfVaBsPRgW97s9brjJ5pRhmQX1fkG4PZgvhkIzW4NmU v3UH0nED5kIcWYnfDISQhINcSMbfynFn0WvMENDOiInSGX5ETzZmCKRaUPOUnGVXOeRspz WfpZowfZ5Lo0CY+OhlDlkM8aLZr3AsmioRInyAIBhiT6bk4ptR0pk5mnJTaIwlIJvmVw8H 2+b79CKFwG3aw6ZKdpw/uAe9mTINg== Received: from cvs.openbsd.org (localhost [127.0.0.1]) by cvs.openbsd.org (OpenSMTPD) with ESMTP id cc644406; Sat, 20 Jan 2024 09:59:07 -0700 (MST) From: "Theo de Raadt" To: Linus Torvalds cc: Jeff Xu , =?UTF-8?Q?Stephen_R=C3=B6ttger?= , Jeff Xu , akpm@linux-foundation.org, keescook@chromium.org, jannh@google.com, willy@infradead.org, gregkh@linuxfoundation.org, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, dave.hansen@intel.com, linux-hardening@vger.kernel.org Subject: Re: [RFC PATCH v3 11/11] mseal:add documentation In-reply-to: References: <20231212231706.2680890-1-jeffxu@chromium.org> <20231212231706.2680890-12-jeffxu@chromium.org> <78111.1705764224@cvs.openbsd.org> Comments: In-reply-to Linus Torvalds message dated "Sat, 20 Jan 2024 08:40:09 -0800." Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <62327.1705769947.1@cvs.openbsd.org> Date: Sat, 20 Jan 2024 09:59:07 -0700 Message-ID: <80897.1705769947@cvs.openbsd.org> Linus Torvalds wrote: > On Sat, 20 Jan 2024 at 07:23, Theo de Raadt wrote: > > > > There is an one large difference remainig between mimmutable() and mseal(), > > which is how other system calls behave. > > > > We return EPERM for failures in all the system calls that fail upon > > immutable memory (since Oct 2022). > > > > You are returning EACESS. > > > > Before it is too late, do you want to reconsider that return value, or > > do you have a justification for the choice? > > I don't think there's any real reason for the difference. > > Jeff - mind changing the EACESS to EPERM, and we'll have something > that is more-or-less compatible between Linux and OpenBSD? (I tried to remember why I chose EPERM, replaying the view from the German castle during kernel compiles...) In mmap, EACCESS already means something. [EACCES] The flag PROT_READ was specified as part of the prot parameter and fd was not open for reading. The flags MAP_SHARED and PROT_WRITE were specified as part of the flags and prot parameters and fd was not open for writing. In mprotect, the situation is similar [EACCES] The process does not have sufficient access to the underlying memory object to provide the requested protection. immutable isn't an aspect of the underlying object, but an aspect of the mapping. Anyways, it is common for one errno value to have multiple causes. But this error-aliasing can make it harder to figure things out when studying a "system call trace" a program, and I strongly believe in keeping systems are simple as possible. For all the memory mapping control operations, EPERM was available and unambiguous.