Re: [PATCH v4 0/6] MDWE without inheritance

From: Florent Revest <revest@chromium.org>
To: linux-kernel@vger.kernel.org, linux-mm@kvack.org
Cc: akpm@linux-foundation.org, catalin.marinas@arm.com,
	anshuman.khandual@arm.com, joey.gouly@arm.com, mhocko@suse.com,
	keescook@chromium.org, david@redhat.com, peterx@redhat.com,
	izbyshev@ispras.ru, broonie@kernel.org, szabolcs.nagy@arm.com,
	kpsingh@kernel.org, gthelen@google.com, toiwoton@gmail.com,
	ayush.jain3@amd.com
Subject: Re: [PATCH v4 0/6] MDWE without inheritance
Date: Wed, 20 Sep 2023 21:56:08 +0200	[thread overview]
Message-ID: <CABRcYm+u1AHMrXbYrfkxW-2vrjdq-1cx13FsX_DFo=wwWB8rbA@mail.gmail.com> (raw)
In-Reply-To: <20230828150858.393570-1-revest@chromium.org>

It looks like this series got quite a few Reviewed-by now. What should
be the next steps to have it merged ?

On Mon, Aug 28, 2023 at 5:09 PM Florent Revest <revest@chromium.org> wrote:
>
> Joey recently introduced a Memory-Deny-Write-Executable (MDWE) prctl which tags
> current with a flag that prevents pages that were previously not executable from
> becoming executable.
> This tag always gets inherited by children tasks. (it's in MMF_INIT_MASK)
>
> At Google, we've been using a somewhat similar downstream patch for a few years
> now. To make the adoption of this feature easier, we've had it support a mode in
> which the W^X flag does not propagate to children. For example, this is handy if
> a C process which wants W^X protection suspects it could start children
> processes that would use a JIT.
>
> I'd like to align our features with the upstream prctl. This series proposes a
> new NO_INHERIT flag to the MDWE prctl to make this kind of adoption easier. It
> sets a different flag in current that is not in MMF_INIT_MASK and which does not
> propagate.
>
> As part of looking into MDWE, I also fixed a couple of things in the MDWE test.
>
> This series applies on the mm-everything-2023-08-25-20-06 tag of the mm tree:
>   https://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/
>
> Diff since v3:
> - Added a bunch of Reviewed-by, Acked-by and Tested-by. Thanks everyone!
> - Reworded patch 2's description for clarity
> - Removed an unnecessary int cast
> - Added test coverage for errnos of invalid prctls (EPERM/EINVAL)
> - Added test coverage for can_keep_no_flags and can_keep_both_flags
>
> Diff since v2:
> - Turned the MMF_INIT_FLAGS macro into a mmf_init_flags function as suggested by
>   David Hildenbrand
> - Removed the ability to transition from to PR_MDWE_REFUSE_EXEC_GAIN from
>   (PR_MDWE_REFUSE_EXEC_GAIN | PR_MDWE_NO_INHERIT) which also significantly
>   simplifies the prctl_set_mdwe logic
> - Cc-ed -stable on patch 3 as suggested by Alexey Izbyshev
> - Added a handful of Reviewed-by/Acked-by trailers
>
> Diff since v1:
> - MMF_HAS_MDWE_NO_INHERIT clears MMF_HAS_MDWE in the fork path as part of a
>   MMF_INIT_FLAGS macro (suggested by Catalin)
> - PR_MDWE_* are defined as unsigned long rather than int (suggested by Andrey)
>
> Florent Revest (6):
>   kselftest: vm: Fix tabs/spaces inconsistency in the mdwe test
>   kselftest: vm: Fix mdwe's mmap_FIXED test case
>   kselftest: vm: Check errnos in mdwe_test
>   mm: Make PR_MDWE_REFUSE_EXEC_GAIN an unsigned long
>   mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl
>   kselftest: vm: Add tests for no-inherit memory-deny-write-execute
>
>  include/linux/sched/coredump.h         |  10 ++
>  include/uapi/linux/prctl.h             |   3 +-
>  kernel/fork.c                          |   2 +-
>  kernel/sys.c                           |  32 ++++--
>  tools/include/uapi/linux/prctl.h       |   3 +-
>  tools/testing/selftests/mm/mdwe_test.c | 137 ++++++++++++++++++++++---
>  6 files changed, 163 insertions(+), 24 deletions(-)
>
> --
> 2.42.0.rc2.253.gd59a3bf2b4-goog
>