Hi Andrew, By fixing the document, the usage of MFD_NOEXEC_SEAL shall be clear. Was the previous patch (which changed ABI) removed from unstable ? I pulled the mm-unstable this morning, it seems that patch is still here. I'm not sure about the process of reverting it, hence asking. c1e11be9abae86ebe5cecc42abc412f61ae563c6 memfd: `MFD_NOEXEC_SEAL` should not imply `MFD_ALLOW_SEALING` Thanks -Jeff On Wed, Jun 12, 2024 at 12:23 PM Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> wrote: > > > The patch titled > Subject: mm-memfd-add-documentation-for-mfd_noexec_seal-mfd_exec-v3 > has been added to the -mm mm-hotfixes-unstable branch. Its filename is > mm-memfd-add-documentation-for-mfd_noexec_seal-mfd_exec-v3.patch > > This patch will shortly appear at > https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mm-memfd-add-documentation-for-mfd_noexec_seal-mfd_exec-v3.patch > > This patch will later appear in the mm-hotfixes-unstable branch at > git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm > > Before you just go and hit "reply", please: > a) Consider who else should be cc'ed > b) Prefer to cc a suitable mailing list as well > c) Ideally: find the original patch on the mailing list and do a > reply-to-all to that, adding suitable additional cc's > > *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** > > The -mm tree is included into linux-next via the mm-everything > branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm > and is updated there every 2-3 working days > > ------------------------------------------------------ > From: Jeff Xu <jeffxu@xxxxxxxxxxxx> > Subject: mm-memfd-add-documentation-for-mfd_noexec_seal-mfd_exec-v3 > Date: Tue, 11 Jun 2024 23:14:08 +0000 > > Link: https://lkml.kernel.org/r/20240611231409.3899809-2-jeffxu@xxxxxxxxxxxx > Signed-off-by: Jeff Xu <jeffxu@xxxxxxxxxxxx> > Reviewed-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx> > Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> > --- > > Documentation/userspace-api/mfd_noexec.rst | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > --- a/Documentation/userspace-api/mfd_noexec.rst~mm-memfd-add-documentation-for-mfd_noexec_seal-mfd_exec-v3 > +++ a/Documentation/userspace-api/mfd_noexec.rst > @@ -1,7 +1,7 @@ > .. SPDX-License-Identifier: GPL-2.0 > > ================================== > -Introduction of non executable mfd > +Introduction of non-executable mfd > ================================== > :Author: > Daniel Verkamp <dverkamp@xxxxxxxxxxxx> > @@ -30,7 +30,7 @@ use of executable memfds and an attacker > To address those above: > - Let memfd_create() set X bit at creation time. > - Let memfd be sealed for modifying X bit when NX is set. > - - Add a new pid namespace sysctl: vm.memfd_noexec to help applications to > + - Add a new pid namespace sysctl: vm.memfd_noexec to help applications in > migrating and enforcing non-executable MFD. > > User API > _ > > Patches currently in -mm which might be from jeffxu@xxxxxxxxxxxx are > > mm-memfd-add-documentation-for-mfd_noexec_seal-mfd_exec.patch > mm-memfd-add-documentation-for-mfd_noexec_seal-mfd_exec-v2.patch > mm-memfd-add-documentation-for-mfd_noexec_seal-mfd_exec-v3.patch >
