Re: [RFC PATCH v1 0/8] Introduce mseal() syscall

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Theo de Raadt <deraadt@xxxxxxxxxxx>
Subject: Re: [RFC PATCH v1 0/8] Introduce mseal() syscall
From: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Date: Tue, 17 Oct 2023 11:38:19 -0700
Cc: Jeff Xu <jeffxu@xxxxxxxxxx>, jeffxu@xxxxxxxxxxxx, akpm@xxxxxxxxxxxxxxxxxxxx, keescook@xxxxxxxxxxxx, sroettger@xxxxxxxxxx, jorgelo@xxxxxxxxxxxx, groeck@xxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, linux-kselftest@xxxxxxxxxxxxxxx, linux-mm@xxxxxxxxx, jannh@xxxxxxxxxx, surenb@xxxxxxxxxx, alex.sierra@xxxxxxx, apopple@xxxxxxxxxx, aneesh.kumar@xxxxxxxxxxxxx, axelrasmussen@xxxxxxxxxx, ben@xxxxxxxxxxxxxxx, catalin.marinas@xxxxxxx, david@xxxxxxxxxx, dwmw@xxxxxxxxxxxx, ying.huang@xxxxxxxxx, hughd@xxxxxxxxxx, joey.gouly@xxxxxxx, corbet@xxxxxxx, wangkefeng.wang@xxxxxxxxxx, Liam.Howlett@xxxxxxxxxx, lstoakes@xxxxxxxxx, willy@xxxxxxxxxxxxx, mawupeng1@xxxxxxxxxx, linmiaohe@xxxxxxxxxx, namit@xxxxxxxxxx, peterx@xxxxxxxxxx, peterz@xxxxxxxxxxxxx, ryan.roberts@xxxxxxx, shr@xxxxxxxxxxxx, vbabka@xxxxxxx, xiujianfeng@xxxxxxxxxx, yu.ma@xxxxxxxxx, zhangpeng362@xxxxxxxxxx, dave.hansen@xxxxxxxxx, luto@xxxxxxxxxx, linux-hardening@xxxxxxxxxxxxxxx
In-reply-to: <55960.1697566804@cvs.openbsd.org>
References: <20231016143828.647848-1-jeffxu@chromium.org> <CAHk-=whFZoap+DBTYvJx6ohqPwn11Puzh7q4huFWDX9vBwXHgg@mail.gmail.com> <CALmYWFtTDAb_kpZdAe_xspqwNgK1NWJmjTxaTC=jDEMzfe297Q@mail.gmail.com> <CAHk-=wj87GMTH=5901ob=SjQqegAm2JYBE7E4J7skJzE64U-wQ@mail.gmail.com> <55960.1697566804@cvs.openbsd.org>

On Tue, 17 Oct 2023 at 11:20, Theo de Raadt <deraadt@xxxxxxxxxxx> wrote:
>
> The only case where the immutable marker is ignored is during address space
> teardown as a result of process termination.

.. and presumably also execve()?

I do like us starting with just "mimmutable()", since it already
exists. Particularly if chrome already knows how to use it.

Maybe add a flag field (require it to be zero initially) just to allow
any future expansion. Maybe the chrome team has *wanted* to have some
finer granularity thing and currently doesn't use mimmutable() in some
case?

                  Linus

Follow-Ups:
- Re: [RFC PATCH v1 0/8] Introduce mseal() syscall
  - From: Stephen Röttger
- Re: [RFC PATCH v1 0/8] Introduce mseal() syscall
  - From: Theo de Raadt

References:
- [RFC PATCH v1 0/8] Introduce mseal() syscall
  - From: jeffxu
- Re: [RFC PATCH v1 0/8] Introduce mseal() syscall
  - From: Linus Torvalds
- Re: [RFC PATCH v1 0/8] Introduce mseal() syscall
  - From: Jeff Xu
- Re: [RFC PATCH v1 0/8] Introduce mseal() syscall
  - From: Linus Torvalds
- Re: [RFC PATCH v1 0/8] Introduce mseal() syscall
  - From: Theo de Raadt

Prev by Date: [PATCH v3 2/5] zswap: make shrinking memcg-aware
Next by Date: Re: [PATCH v2 4/5] ioctl_userfaultfd.2: fix / update UFFDIO_REGISTER error code list
Previous by thread: Re: [RFC PATCH v1 0/8] Introduce mseal() syscall
Next by thread: Re: [RFC PATCH v1 0/8] Introduce mseal() syscall
Index(es):
- Date
- Thread

[Index of Archives] [Linux ARM Kernel] [Linux ARM] [Linux Omap] [Fedora ARM] [IETF Annouce] [Bugtraq] [Linux OMAP] [Linux MIPS] [eCos] [Asterisk Internet PBX] [Linux API]