Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp3027632lqo; Tue, 14 May 2024 18:20:52 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXuxAILImiVZ68KWez5RlEhw3rLUsZNlCLzwm0LpF++clsKXsum4zjbyoQmLa5m0TfBhEpKVQqHmsMpN4qpHZLwGy55/vF+g6ksDNJagg== X-Google-Smtp-Source: AGHT+IHMTco5iBDagfWeIutJRD1Fc6VhyUX5s/FBx+bzTpBEBkbD7WZyff3QxfRlLVWzBTs6Gy2N X-Received: by 2002:a17:903:246:b0:1e2:bc3c:bef6 with SMTP id d9443c01a7336-1ef43e2797cmr159993495ad.37.1715736052006; Tue, 14 May 2024 18:20:52 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715736051; cv=pass; d=google.com; s=arc-20160816; b=Jn74tvKsPUM01jvcJwZKxoT1I7S89d9u+0vngjU4FjMg/W5qlAwffcdzY4hBsDOuE/ uB1xTh4tE8pI/98dG1xJlE315paVktVJL/bFZd2qu7f537uQjZpFeRx+aXmtkRBPRumU a3n2BUHgrbS8Gm51V1aNeW1kZavIsPZ4C54U1n99dwd+dejsBfyrD9M25pxYoFFX77M0 sxaV2OLSivk+lc+DTzNGpUh7QIG8rVtw6M6Nh4WFZGTieMDpdRQ8XrkAt9IFklkNSIys ur3K4wRqzIWnMhmMSRkzjP1fhHZGysKdE6e7uthuRisIRjlz+cc60l5uC7y9hWW9oHQC f3Fg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=nr8iJJBMAoKbZhUVSQrEstzktHb70Vrcza52uLAmnxg=; fh=r3z4Rc1F31L2bjlhYXFTGsKliijipC2zGdl4Bq77IKM=; b=En4OXf6qwp1P9E1eiMSbam/KzczuzFUks3VXNV212udUH8l0eXh9Yg/8UsY/4M865O PXUOAn9mkIfvnLOVS+ndlKDy0QXLGU2FrEFXTODarFno/XR0PO+Tk2T8JKDN7CXKata/ BlZATcXttYX5qU5j6j4btjv1KBLE6iD14oUoReZkdfNmZP/IOq/If21QHHPSaO2s9aAt bWi3hbD2VoGrsjOP8tXQrNxD6aTJ9oPdM945ovRWDmmECO08DWGISFPE5uM4+atlWbIj hm8qF+H/VETyZa+R7gx9doO1J9sPSxfHacz5yiQZK8hGASJA/t4O+HHTtQvefkipouRt A8Fw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Op3q2pUw; arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-179315-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179315-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d9443c01a7336-1ef0b9cf21fsi126746755ad.81.2024.05.14.18.20.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 May 2024 18:20:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-179315-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Op3q2pUw; arc=pass (i=1 spf=pass spfdomain=linuxfoundation.org dkim=pass dkdomain=linux-foundation.org); spf=pass (google.com: domain of linux-kernel+bounces-179315-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179315-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7D705282959 for ; Wed, 15 May 2024 01:20:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 636691FC4; Wed, 15 May 2024 01:20:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b="Op3q2pUw" Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 906316FC3 for ; Wed, 15 May 2024 01:20:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.53 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715736046; cv=none; b=lCQv0gBYAlisxGb71iyACb/C5DruoQTJhwA3f4lPalCUuEumuUQz18ll0v2HO6nGIzt5a4GNFwpFT9sSV1CjcH6r79sYsQjdtKVxmDMfO4HJRAsLA0RzgfHxqjt9L4hFY/OOIUEYVihj0pbeaiyvdX/0Q1xNbiV1qMp0dvfMxmY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715736046; c=relaxed/simple; bh=RWL2uQhi8Ed+uiGVKCNPstf3I/C9ZgqT5ZURnuftkQw=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=ApuHBMgBl3YzRdyVzmhtTogLH4SvbvNOVGMdd9YW2Hcy7ps5GIFm67Un5+o8TdvdA6k/gCyj3Afcq4lXmLM87TgBOe4rvZwsQH/l7TDyy5ymaiqxTYfh6JetwBKo2MMfve90o4BWZlaJhd8UAA+qwao82QCqZ/17UJ368V8TJrs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org; spf=pass smtp.mailfrom=linuxfoundation.org; dkim=pass (1024-bit key) header.d=linux-foundation.org header.i=@linux-foundation.org header.b=Op3q2pUw; arc=none smtp.client-ip=209.85.167.53 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=linuxfoundation.org Received: by mail-lf1-f53.google.com with SMTP id 2adb3069b0e04-52327368e59so3562013e87.1 for ; Tue, 14 May 2024 18:20:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; t=1715736042; x=1716340842; darn=vger.kernel.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nr8iJJBMAoKbZhUVSQrEstzktHb70Vrcza52uLAmnxg=; b=Op3q2pUw/FveAsXldNsihwe4bWCq/TKqiFu5nvQdpspLc2d/Xp7Q+9vhFiX+Bvlzt6 iBOV/zqAIuESzU2zAchTrnSuQSrSKWtOzZW31bOfu4o/GRbxE9PWhRsaTtU7GHqj1VXe tPIBf6uCh6vgy2E8vL+h7YIdi9ejnWYjsTVQs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1715736042; x=1716340842; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=nr8iJJBMAoKbZhUVSQrEstzktHb70Vrcza52uLAmnxg=; b=Y2lhp869Cmx1qKYtFNgS4EQZZaim8XYZJlj+MxDy/21znWrAtGTQ+j4Tw0YSWUFQ8D i5D0+MoK689Glz9fkD5j/ig+SRPntvrwBbKaETqMnr9M/70GvpFyvFd0WoGOVQdipsoG hPfCw/jC+Fbg1y9aICSPeCROVU7DHDf0SzvYopStxmvpf+ru+m9tqr3DH767ries0aAs g+8ulEChga1evJzF9kWCPschixBVqIk5Tb3ar97XiIQhuqUB2VFW7MZq0LRh0i+RmanS j+NmzYfHG7D7PTOSRzbIMa5UScSM1iS1fj1LQp9Qk/kxP5rj3VNOr1EnPM4eVf9RLbi4 w0sQ== X-Forwarded-Encrypted: i=1; AJvYcCXiA1C01iTqBeOT6GHpltRFVGu4zHfogTZWkezNnLbF0wwyslOUc9TDASLb+vGTiOUC7PBHEAcDvofoTZqX2fXiTb+remgJNvZNaEWP X-Gm-Message-State: AOJu0YxCGlg3yHFxUGHbpXh8RsdmR/1x6OcbsQaI7qzKXbGLrSLl0448 jXrnypSiZIfk575N72QXbiYoBtl+JneKlMZPV8bUkvDT7ZoIXbDcb+1kZSZMHhGnR4pQQp8MFEL SjOO6GA== X-Received: by 2002:a19:691e:0:b0:518:c057:6ab1 with SMTP id 2adb3069b0e04-52210275f30mr8035057e87.66.1715736042526; Tue, 14 May 2024 18:20:42 -0700 (PDT) Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com. [209.85.218.45]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a5a17b01724sm786660166b.162.2024.05.14.18.20.40 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 14 May 2024 18:20:41 -0700 (PDT) Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-a59c448b44aso119226866b.2 for ; Tue, 14 May 2024 18:20:40 -0700 (PDT) X-Forwarded-Encrypted: i=1; AJvYcCVcttWOFarO5qLFToVK9QixPMbQszuvnyRdJky0dGHJBb5Jn2cTmjiTUdB+MTe5YCJERilC+CZ9kWMufi7mU6aqBXXVUaJlSlmtcJkM X-Received: by 2002:a17:907:9625:b0:a59:db0f:6bdd with SMTP id a640c23a62f3a-a5a2d5d56b7mr1123543366b.44.1715736040490; Tue, 14 May 2024 18:20:40 -0700 (PDT) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20240415163527.626541-1-jeffxu@chromium.org> <20240514104646.e6af4292f19b834777ec1e32@linux-foundation.org> <871q646rea.fsf@meer.lwn.net> <56001.1715726927@cvs.openbsd.org> <16982.1715734632@cvs.openbsd.org> In-Reply-To: <16982.1715734632@cvs.openbsd.org> From: Linus Torvalds Date: Tue, 14 May 2024 18:20:23 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v10 0/5] Introduce mseal To: Theo de Raadt Cc: Matthew Wilcox , Jonathan Corbet , Andrew Morton , jeffxu@chromium.org, keescook@chromium.org, jannh@google.com, sroettger@google.com, gregkh@linuxfoundation.org, usama.anjum@collabora.com, Liam.Howlett@oracle.com, surenb@google.com, merimus@google.com, rdunlap@infradead.org, jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, pedro.falcato@gmail.com, dave.hansen@intel.com, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" On Tue, 14 May 2024 at 17:57, Theo de Raadt wrote: > > Let's wait and see. You may not be aware, but the Open Group literally endorses the Linux model: "When mprotect() fails for reasons other than [EINVAL], the protections on some of the pages in the range [addr,addr+len) may have been changed" at least according to this: https://pubs.opengroup.org/onlinepubs/9699919799/functions/mprotect.html so I think your atomicity arguments have always been misleading. At least for mprotect, POSIX is very explicit about this not being atomic. I find very similar wording in mmap: "If mmap() fails for reasons other than [EBADF], [EINVAL], or [ENOTSUP], some of the mappings in the address range starting at addr and continuing for len bytes may have been unmapped" Maybe some atomicity rules have always been true for BSD, but they've never been true for Linux, and while I don't know how authoritative that opengroup thing is, it's what google found. > (Linus, don't be a jerk) I'm not the one who makes unsubstantiated statements and uses scare tactics to try to make said arguments sound more valid than they are. So keep your arguments real, please. Linus