Received: by 2002:ab2:6c55:0:b0:1fd:c486:4f03 with SMTP id v21csp635290lqp; Wed, 12 Jun 2024 11:24:04 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXCOK6b97e3/fI7/jQD9OuPnSLoGkH9TnUJUtCV3t1YjFBy0mjZMvng6/SkU9VDAu1GzP3B+ovgB7cAzucUI6gmgbKL1+4k/jo4j6N2QA== X-Google-Smtp-Source: AGHT+IHj30zNwnfPG79QwUOcHzdvG6CgOou9BGQQmE44FPsZjRgxXwQv0qy203Y3JfVn6H2SIVis X-Received: by 2002:a17:906:6a1f:b0:a6f:1daa:9031 with SMTP id a640c23a62f3a-a6f47f99cd7mr279279066b.42.1718216644663; Wed, 12 Jun 2024 11:24:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1718216644; cv=pass; d=google.com; s=arc-20160816; b=UkLA5Jr02Kv5o6qttTl80ERTv8i0Oupo6eJ0xtppRQ0y35qgjXEyAzt68ZYtHVdC2t zCSo033pm30Bc08QQb/xjtyhNif6MyL/FFgWTAoUUZDR5o85C6xD0NzdShjBJ6WOT9o7 G5GUrLj4/uJK0rS/laInxkiw2O6E/Wma0ELgGriZ5bU9hbY9IEAou2t5XSUhyldya9fG EsnJWf8jECkxqpnE8Dyx97pSAIx8TJGiM8q7MUjBrP/ldL6JCnvEqeccwzuwkdxOWKVn 7NSo8fPzlVg0C1x4ucJf4tW7ATbfvHSoExOr+mPYplYOZbgE/+0JZTRn/o9oLjxs5cI+ iGvA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=QCwjhnNoA5mJL7Ocm12qtjKICvgpa/I7iu4r7qbcHr4=; fh=3t0IozILqP7yVR3IZyYFLqWEwg5a+xBuQLXLFT/Y8mE=; b=hmJMAnV/ONROYaoXVdHWQN10Kbu3Kih7ljmjNiaPWzpjfuaimPH4oyTnkmfAhefwbi FjVDGzbRdMMBNVTu/+2LcpJsBVZ2arnlPEt/WOHCmRKtlnHFSXj0CDOZ8Lp3JdY47nSQ pab2B4t1h8JY/9vaBWtkJ0h9iEPA+DCaaloRwe+ORwxMgia7fTXm4nQTS+7YXSVoArTF YoYacMI4GyUPjH3NGJTZnR5e8I19JTcoS3YN9B+SkLksV4wT7BA+TtpOxClLad6mB2Wr KosNQ8rcMkmde2qzdaGFrK8GjYlf12W+DFPR8RFi1EBvl+JYNO7wnPVomTmIe5umaMc7 8xwA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=osHdSw87; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-212064-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-212064-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a6f0de2a54esi455027166b.316.2024.06.12.11.24.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 12 Jun 2024 11:24:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-212064-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=osHdSw87; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-212064-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-kernel+bounces-212064-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 640D61F21BF3 for ; Wed, 12 Jun 2024 18:24:04 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BE2EE3D0D9; Wed, 12 Jun 2024 18:23:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="osHdSw87" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C45D5391; Wed, 12 Jun 2024 18:23:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718216629; cv=none; b=ntfLsxMakvDag+130bxCOQJ8WsfmMN9LgOhBoKd9TVRBtIT8Gi7YfiapRhoz5iUJ797XPcs7180xTG96Ld557/kv8CUVQPV4ZPB485k3oSLH26QOzwRUHUxZWPZjsPk6AWjh7tID19wpfYKHdnfHSgdtggoOS4hHC+jn8dOQ75c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718216629; c=relaxed/simple; bh=Tl9nyuzjb2pxEQcV7FhW1PIM12LMWMgzHS0CNeblVFM=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=MUGol8g4LyqnvP1m+BSnaAVsWF9drJ4n7YSNsKOxioydAc33Z3o6psadCHjjJ6LTRFXqWzd1CBJxaaySrDJxJz4qzeDyG3ng/YSwyR+8JkaxZ/dIDuPvMiwfYFAcCHV1MWyMoDLHrJlOsFhMKjZlYKQHYss79OKxk5K417U44Pc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=osHdSw87; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 89C32C116B1; Wed, 12 Jun 2024 18:23:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1718216628; bh=Tl9nyuzjb2pxEQcV7FhW1PIM12LMWMgzHS0CNeblVFM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=osHdSw87Cm8MGSp+pdRD0gXU3j/5xUcHgwEiJYwiIjkxQR2qufAumWRxZok/xEj7+ ywWkOmSJWsgVK0huS2vcqDdovTWWcg/7weEVtZ0VUXx3+Nbn0pt+Ol8e1y2N/7MFfu HYnRFtcv7pqCOn3ipjnNUjy0uaRriIK2knOlK1PgG2b4bm8tj9W0Fc+3ANQup5pzFI m4z5t5jr2HiyvlsuHy9AxckoeL5PkTRZMFK3jm+Ronn7TW4MAlt/q/5SejBEfFN59S 3nho1Upyw2KmhISPvKV2E88Hf3ty/Ly00WMq5t5mHyNIaMKZzo99MTAVaRHpPjw2uX nhMo/E5Qs0f8A== Date: Wed, 12 Jun 2024 11:23:48 -0700 From: Kees Cook To: Adrian Ratiu Cc: linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-doc@vger.kernel.org, kernel@collabora.com, gbiv@google.com, ryanbeltran@google.com, inglorion@google.com, ajordanr@google.com, jorgelo@chromium.org, Guenter Roeck , Doug Anderson , Jann Horn , Andrew Morton , Randy Dunlap , Christian Brauner , Jeff Xu , Mike Frysinger Subject: Re: [PATCH v5 2/2] proc: restrict /proc/pid/mem Message-ID: <202406121123.B0F60E91E@keescook> References: <20240605164931.3753-1-adrian.ratiu@collabora.com> <20240605164931.3753-2-adrian.ratiu@collabora.com> <202406060917.8DEE8E3@keescook> <3304e0-6669e580-9f9-33d83680@155585222> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3304e0-6669e580-9f9-33d83680@155585222> On Wed, Jun 12, 2024 at 07:13:41PM +0100, Adrian Ratiu wrote: > Would macros like the following be acceptable? > I know it's more verbose but also much easier to understand and it works. > > #if IS_ENABLED(CONFIG_PROC_MEM_RESTRICT_OPEN_READ_ALL) > DEFINE_STATIC_KEY_TRUE_RO(proc_mem_restrict_open_read_all); > DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_ptracer); > #elif IS_ENABLED(CONFIG_PROC_MEM_RESTRICT_OPEN_READ_PTRACE) > DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_all); > DEFINE_STATIC_KEY_TRUE_RO(proc_mem_restrict_open_read_ptracer); > #else > DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_all); > DEFINE_STATIC_KEY_FALSE_RO(proc_mem_restrict_open_read_ptracer); > #endif Yeah, that'd be fine by me. I was a little concerned I was over-generalizing those macros. :P -- Kees Cook