From patchwork Thu Jun 29 23:34:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13297428 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 694C6EB64D9 for ; Thu, 29 Jun 2023 23:35:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D83B28D0002; Thu, 29 Jun 2023 19:35:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D16318D0001; Thu, 29 Jun 2023 19:35:01 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BAC5B8D0002; Thu, 29 Jun 2023 19:35:01 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A85418D0001 for ; Thu, 29 Jun 2023 19:35:01 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 7CD72160CFB for ; Thu, 29 Jun 2023 23:35:01 +0000 (UTC) X-FDA: 80957393202.24.84611D4 Received: from mail-ot1-f42.google.com (mail-ot1-f42.google.com [209.85.210.42]) by imf27.hostedemail.com (Postfix) with ESMTP id B9B3D40008 for ; Thu, 29 Jun 2023 23:34:59 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=V55WG+KN; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf27.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.42 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688081699; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=gG0p2NxJxfYPPHk57XaDb7PRgK5Ncrcc/zrK6bcWJBo=; b=gD5ktadgXsQarcCTmr5MBwtmMmWEKBDoE+FYe0fjXHNcKN0aZogYnrAujgOmTaQufoTHwl RjTP1t/xpHbnZq70oZiovk4HiIhKyKhhHNcLo96IZH2qtf5jQ31CkpkiFgwuTkK4YYOktz TXN+cDYIsVdpXIiR6Z86tK/LN9aFK5g= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=V55WG+KN; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf27.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.42 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688081699; a=rsa-sha256; cv=none; b=dqb7inovOxCwbKUFhmpx+JlxXbDJpb/zloocpYZVQvcRDdlh4VqaQK+divl/LY8ffQw2X+ 4MCoxND9xEoZx17DgOND86MbNwuaf76Vla07PYOCcbJaX37RW7lNTAsfegUpRN3di83MeZ QFmUBkLakbv2sCrZzd9a49oLEc2Ko8U= Received: by mail-ot1-f42.google.com with SMTP id 46e09a7af769-6b7474b0501so1110254a34.1 for ; Thu, 29 Jun 2023 16:34:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1688081699; x=1690673699; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=gG0p2NxJxfYPPHk57XaDb7PRgK5Ncrcc/zrK6bcWJBo=; b=V55WG+KNmomp8p6ckLhRrH+LXm07woxdK5aExRC5Ap8XBsUXarBgSTLvYxJcJOWLaH SZ94W8McRnwkd8EJtqtJiuP1Mqbaua+C+BgrqDU+dRC3HJ6HjxS4ALWXnq5izdYa0aWa TIiVjfq4PS1K8Y+0KXOb27kFxC49e6PrVjVQU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688081699; x=1690673699; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gG0p2NxJxfYPPHk57XaDb7PRgK5Ncrcc/zrK6bcWJBo=; b=WZinMc8T826BZGomURMYZOddGnLsXXBrPbzvIimQCQTCo7ZLNkqtze773dmOuJKX5d 8vTvo5jOsDLomf30pTn9T/h03raxDuA6FbXWeNpCKwy3Ic/Gxe7jiGCZXXzu7murASZz ivbX3aKjTHevZUtaFB1aeq7hA00NwFXLHoiFr7TVL5wXZ7yKuy25Cl4b35ioB9Z+shUV ydVbnJfo3UPLktcVy9dIMKZjcd/iesAdtkbPRj42UrvfbLEm8i8E257bDwl42UARDxEL +u6dk1lpTGbqQXZJZesnW4/p7hTTEotzbeiC/Oui3XXZxdEUL2O+EkNOuU0xePIjqrdN wCnQ== X-Gm-Message-State: AC+VfDwkLqMrvWqOeFJ/WsGJypixPtf0dK84+R6Fx2nzJOHjXat3C4ky TNmBSRfwV/Q0mlM3hNny8eZlgQ== X-Google-Smtp-Source: ACHHUZ4zm9+O4p+Sybi08lceONGhN6p+USDHiBG49m/rR5eMzi1I2db76dpbjYtp40INdTnI3DxXkQ== X-Received: by 2002:a05:6870:7c13:b0:1b0:432d:acb7 with SMTP id je19-20020a0568707c1300b001b0432dacb7mr1706353oab.35.1688081698833; Thu, 29 Jun 2023 16:34:58 -0700 (PDT) Received: from localhost (183.43.230.35.bc.googleusercontent.com. [35.230.43.183]) by smtp.gmail.com with UTF8SMTPSA id n59-20020a17090a2cc100b0025bdc3454c6sm12441785pjd.8.2023.06.29.16.34.58 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 29 Jun 2023 16:34:58 -0700 (PDT) From: jeffxu@chromium.org To: skhan@linuxfoundation.org, keescook@chromium.org Cc: akpm@linux-foundation.org, dmitry.torokhov@gmail.com, dverkamp@chromium.org, hughd@google.com, jeffxu@google.com, jorgelo@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, linux-hardening@vger.kernel.org, linux-security-module@vger.kernel.org, Dominique Martinet Subject: [PATCH v2] Documentation: mm/memfd: vm.memfd_noexec Date: Thu, 29 Jun 2023 23:34:54 +0000 Message-ID: <20230629233454.4166842-1-jeffxu@google.com> X-Mailer: git-send-email 2.41.0.255.g8b1d071c50-goog MIME-Version: 1.0 X-Rspamd-Queue-Id: B9B3D40008 X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: 7bckyaykxtwacpa3jye1i8fj9p86fz8z X-HE-Tag: 1688081699-758763 X-HE-Meta: U2FsdGVkX19ICtJceD/3dtIadOcJTyk/BjUA9nvrjI7sijCR8R7lWewfEL9TbiLyy8cHnKVNNvDVc3pug2nuMUyaawuHKpJsJuoJWt/MTjyHPJAp+JylvnZHNCGerzKxoxgD6h0NRnXRPipl8RpcsBwDEesq8dmt88rDAScKtPyTXtDB9r664hbm2FoaYsaCzpBSqNkeZsUJwYYhPgdd2GdX4Y88OwBBA2qjdx6bXlHc1KY0Ro3CKMJqHlmGdmGyChOnVdTdXoTdly5XInK+bFuacotAuMJr/4xwAenB0nGU41p6/BUILKsKPFI7WLVmHSp3kpJOkW7aZP9v91bJehl2+BTQK63JkYAzEcyX/IYy7hlSdO0Zgv3ady7aFYAZPfI0Q3ZkKy1CIHmKmAxK18JLI1mfsELk7bEbn+nZhpptteftTpy6m0ykLOQ1+lIODvBItcrG52iAg/2yXvmvsoLosI6e41ZSIVI030hQwmufBrkMaEcfipOHmLhIlpsWfEEYmugC+q6utwTuB4teck6fjGlh1h/IoBFp4nppH1asUt4i2M6FTY30mzbcgdXHwTrEvCPJAaW2OzQkhCUy/X/LMcOyyOkrxhJCTZUmww9BlRYYF2M0Mz4uNIR0zeySk7uMog6C6bM9uSGJBI+BiYXpzFXT1SQJ+xVgLO+0LJMWjVDMKX3MgjnYxklzJGnfSk6iltBNrFjvcPORUkad5/lD4Iq9h/XB+XcXyqFQyj+Ngq1ziYy5ms1vkL36ahfvinsHvyVXvxZhVD7iS+GjKAE2LrjsthfImvIbg0oNGA2yQ3ogaMkK2q2Oo2nBCNLoIiwwkUO5fgtXXvhrIvqSd2l6kaEG/m5OTkbw5N/ud511QbPuXO9Ylpqrd1erVWkdvQPgXpqGTAbBd8MYaxdzPzW5jkKoZedGx/N47J4y8DMlCLsJJkYwd6JHzfLUQYWjhQwp4AEfdCKDTfLUx5k Uzq5lN38 3ClTDjeCNpdYdH6DtLhis7rkh5hZBFqBUzS05sAOCY4ulG5hdqz030ctqsRCTJQtx4s77K1I0UB0DlUUd11K/jVbgpNqzXiEFavnfArf+wrOMX2EmIr3tkt9qaQrfqG+EhaI/wvBesa5q4YWEAtwUb6Srt62Xo5r3DnqRRxTtLeHF3rjskiH/4LjgJYXn9YkMbRdKpXzcuemlUm7suFZ43Mky6krkZxlTKmDCTs96nXq0G/uFsa+n8NawOiUQJnb2LbhHsKdoT5P9z0nDIX93RjimwLso/h4z1r0R14EFu+BXUOW7LSzyjTu8lRZfnCtuliCFmde2I9okC1oSt31efhLATfIiFNoAWjh3tHbt5sFcJm8CrzVphYJOYaMOZXY7oDLaHGCZLu5k7EmrKakTizujeJUHIDWhI5S9hV6Is6oaCwROaifh2PrZztdD5z/Tov/Amlt/CZ+UHOQtWVUlrP7e7VCRUpe4i2IvC2wQ73/RX1Iao+GIZPBC1LAE/UumUZWANh+uKUdo9nrzKCjgESsfyrogy0q8RwofKGXlqlayOo8sFiii+HabZWHpcB8pUo4qpn/uhJo3kkpnScaF8Jhw0Q== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu Add documentation for sysctl vm.memfd_noexec Link:https://lore.kernel.org/linux-mm/CABi2SkXUX_QqTQ10Yx9bBUGpN1wByOi_=gZU6WEy5a8MaQY3Jw@mail.gmail.com/T/ Reported-by: Dominique Martinet Signed-off-by: Jeff Xu --- Documentation/admin-guide/sysctl/vm.rst | 30 +++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/Documentation/admin-guide/sysctl/vm.rst b/Documentation/admin-guide/sysctl/vm.rst index 45ba1f4dc004..621588041a9e 100644 --- a/Documentation/admin-guide/sysctl/vm.rst +++ b/Documentation/admin-guide/sysctl/vm.rst @@ -424,6 +424,36 @@ e.g., up to one or two maps per allocation. The default value is 65530. +memfd_noexec: +============= +This pid namespaced sysctl controls memfd_create(). + +The new MFD_NOEXEC_SEAL and MFD_EXEC flags of memfd_create() allows +application to set executable bit at creation time. + +When MFD_NOEXEC_SEAL is set, memfd is created without executable bit +(mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to +be executable (mode: 0777) after creation. + +when MFD_EXEC flag is set, memfd is created with executable bit +(mode:0777), this is the same as the old behavior of memfd_create. + +The new pid namespaced sysctl vm.memfd_noexec has 3 values: +0: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_EXEC was set. +1: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL acts like + MFD_NOEXEC_SEAL was set. +2: memfd_create() without MFD_NOEXEC_SEAL will be rejected. + +The default value is 0. + +Once set, it can't be downgraded at runtime, i.e. 2=>1, 1=>0 +are denied. + +This is pid namespaced sysctl, child processes inherit the parent +process's memfd_noexec at the time of fork. Changes to the parent +process after fork are not automatically propagated to the child +process. memory_failure_early_kill: ==========================