From patchwork Wed Mar 12 00:21:16 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 14012788 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 807C2C28B30 for ; Wed, 12 Mar 2025 00:21:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B58C4280006; Tue, 11 Mar 2025 20:21:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id AB6C6280002; Tue, 11 Mar 2025 20:21:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 90C34280006; Tue, 11 Mar 2025 20:21:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 772B6280002 for ; Tue, 11 Mar 2025 20:21:26 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 4586AA8537 for ; Wed, 12 Mar 2025 00:21:28 +0000 (UTC) X-FDA: 83210995056.28.8B646DE Received: from mail-ed1-f45.google.com (mail-ed1-f45.google.com [209.85.208.45]) by imf24.hostedemail.com (Postfix) with ESMTP id 3E615180007 for ; Wed, 12 Mar 2025 00:21:25 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=gPJDFOHM; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf24.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.208.45 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741738886; a=rsa-sha256; cv=none; b=q+JI/0TpmyC30MMZXJipr8gxsJkwD0ywIxk2Uk9I1mOSgs9jQ4OQlIyHHqsi35JKLbYxN2 dAgdBosH3/TPFNOVtBQArIhH/eW1cH5m/i+SysKHNLY+R+pfeGakdwWL001vwrczOue1tg cbQoBYjLgy3skioy/DNun7j6rsFiHps= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=gPJDFOHM; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf24.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.208.45 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1741738886; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=miJIXyGYG3FDRWUe/NKY/2IA/SM1dTsr2zjDOOHuDTo=; b=PvVhMu2XNJ7DbGGQPZbNsiGbNM7u94UG23PJKoVcScjN7bFjR5FIInOQ/3rhEvY07t1FOP rlzDiqCu3ABvAALx3zOls5wE4GKJpVLt7nQZ3ATuVTW22YF4xvv/jyg5b1ukEUSW4LCd2v jHQ8RMMkZqgfs2mQSbtvH4wU+VYP+lE= Received: by mail-ed1-f45.google.com with SMTP id 4fb4d7f45d1cf-5e5ea062471so946954a12.2 for ; Tue, 11 Mar 2025 17:21:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741738885; x=1742343685; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=miJIXyGYG3FDRWUe/NKY/2IA/SM1dTsr2zjDOOHuDTo=; b=gPJDFOHMqbJr3jedTF0lP+NfF35ISz+rIqlfh7cA59FcaUdK/By+Cwm1eVADFJNMds Ak6enciJ6pqR8dtsJlzDG3APfdq1hNfmq3b5iOLlolrEQGWoinVevx3PsO4FZuZ7c7ew c6d2bSaMRqckvgzlehCnigZI8GrdP2tMIvCBY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741738885; x=1742343685; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=miJIXyGYG3FDRWUe/NKY/2IA/SM1dTsr2zjDOOHuDTo=; b=tEAEJvBLWV1p3GtCWVEQFoqABd0EKAoEhLJHqBu+szQuKt5Pf/RG7+u18nX9PtA4hp ZBAW6ynNP0KGiokVdYvDg30AF+AmsPjiw6g7Dt/F8sDujbZ2W94BQzrrfM3Kb2h1h1Xq H/sP9Duhm09ROkrTCSrGwilyJNDwtgOhFMlKc7KimdzX/3BoyOgLQB8UQ4Lkcqn7+Qe1 XEPcrdzpDrKht3Sczxrjx3x4d2GttIacDxqkHSADtK1Bvlzerv3gYWNtNJcQArF6MgKn xeRzsFUmXbDiftt99JM7sGQQPoSDgpq3iRAu2mYcwKRQlr+gUOK+u3NfumymQwSGQwmo wK2Q== X-Forwarded-Encrypted: i=1; AJvYcCUeSf2No9mNViN0iL/EBU0vuDI/4ve4f4FNDyWYodICOaMrGGWbRr7raY2A/z5Kl9jBkPz+Wb/aCA==@kvack.org X-Gm-Message-State: AOJu0YzZ9EBa6pDmKZvDoVOAJEh4yFzKJsNSwRQ9jTSLmf8qRGSKUFuQ o++lbFJJClKcj8R7CXtCq3W5j4K0EEk+4uBg1yIKhCGDIQiSGa7Wh/vEkpNtcw== X-Gm-Gg: ASbGncvRtsvfx0DiEFtgk7tZUVHpiKcLLkCHU/XJkaNhA0GE+OuoLQgaz7Y73bmn44J BwAOxXF8sZF9RBoKjFjK7O02qKDnDs2vk6qpC052Uu8cTFcIIWr+pDOMAQaC+JM2nWqG+7XD7b1 SXgOhGrCuA+sOiPkqqftsfu26BaSqeeEg0I3V0+VM5EZuK59vXcwC9ruUpwRyuv95MZ6KFBf4DL nsDZPSau0fSvguiBGSzcG/ByZ331ta8UrRnVstTQj+Jq2BxwfYGDCkisS7Eq0k7A/2QXh/cBUdD eU1gXsUUjauETfglBWV4IhyGoy+wZHK7oG0hgKuepElhDcGyNTekB+58XM1jDCGmlb7C4N3XvXn q X-Google-Smtp-Source: AGHT+IG2RY8KyPk79cZ65JQw4p98XAf1wvRrztHIEplkXwrKzzh8fZlWbd9JzkmEqA3hVmaYTTf1Tg== X-Received: by 2002:a05:6402:35c6:b0:5e5:e17f:22fc with SMTP id 4fb4d7f45d1cf-5e617f919d5mr7379042a12.2.1741738884777; Tue, 11 Mar 2025 17:21:24 -0700 (PDT) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e5c7669fd0sm8846503a12.51.2025.03.11.17.21.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 17:21:23 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, broonie@kernel.org, skhan@linuxfoundation.org Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, keescook@chromium.org, pedro.falcato@gmail.com, rdunlap@infradead.org, jannh@google.com, Jeff Xu Subject: [RFC PATCH v1 1/2] selftests/mm: mseal_test: avoid using no-op mprotect Date: Wed, 12 Mar 2025 00:21:16 +0000 Message-ID: <20250312002117.2556240-2-jeffxu@google.com> X-Mailer: git-send-email 2.49.0.rc0.332.g42c0ae87b1-goog In-Reply-To: <20250312002117.2556240-1-jeffxu@google.com> References: <20250312002117.2556240-1-jeffxu@google.com> MIME-Version: 1.0 X-Stat-Signature: m5oyxuia4hgdtfgdqy9u4iaec41th6uf X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: 3E615180007 X-Rspam-User: X-HE-Tag: 1741738885-574204 X-HE-Meta: U2FsdGVkX1+Myen5rPPSRryYc+K0XFZd92vafmmbLGtxV/iuorhh0k1AW+keewKL+/eLv8xKL7wCn1Wc7TJ2D+tVYGNFj5yJk6emtY5XxVhEZ5BoIMCe5OqJXE+P0QW9u5VmzBwaFjtn+b2XTqGECEk3NoYrcuylV1Q7O2/vY2QHo/mctR71GQnQKsAIJoRHxZsO/PRHsno6PB1ls85BV6NT5G53u2xcEilLhmT6Vsc1VwyUVbMVfi4o0WQW7Z9UddSt7G+Ibog0I/eowv5m8MgU7dng+fLWP+4d0Ue8MKx/Z/g3xlXclfpYaftF9HnCEf1YhJmktwenoIaOvkvsoPoH+laiGvVWwlYxn3DDsiIfA8HOOmocbrJ5rtGKo0xzcixzpMIZNsfcZeQ6PZNj7e6djOitriZWiAGzzCmdMhj58lXHAv6IkvwEg3mNISgLoBH0rDkpc3FGEYLGtIgIFbKbY9LgWWMCf3vpelIikgHGIfWFI0zSl6HqnrN6KgzhyvKRMn/tyWwnQe2CdTqcO1CIZRuUIiohWwWXOg9yIUvXWCc8UBXwYGZPqKcNERjFLxMYYNrfpRssFAS5ZM/kXF5HvW2HWFXICIhF/LYK2zZibIoJFqbtIjFFb7+qG4ZaPQ8p0ofbEOcP4kkMZq59thjcb9KdiTiSGjkNVz5k18rCv6Ix3BD2VpWo5B3dRdoFSZZ7CQPit31JurZTWxYHvEYTxUTO0aQOpxsX2WNWQl2qvnEGdqzBC5/gBtjp9MXSL46rwZE3ufyaXg3Zd/05st5CqYfeNQITfSev2nFY7c71JRAMe0ri7ohaFwVm8PsaxWtXSU327RE/f1zJLpvlZ2Rf5skGNdYCqdSXzRynhJJuUcm1PqbH/cOMHzIwIogc9Ro4CZVkvblPG66AA1AIbd+AcUf7AUrkkg0tWXHcE82NqrVprzPal9cH7KFWWtxRHgL51QVIlkR/1vty+dK qVcJq2Qv ATDIbLJEq6bTjNZfuGxUfNLdInLb2NcIusLudYN1Z356UKIKmzEScwmgmf8Bb/cO6lPWWJgFtK/YjV7y/WD5pLZAu/mTnU8aLaLayfeJx4OUvQKaXvHwA99NyAGBTMp6stnrfB1VKA5fOktpPcmgTnvPvykuVynu9kx0aXTLrEdL2F151xu1yyMXwGWqTt7v2LDs4W/pUC2EjYZqJR3gGlBIoixIFHrBpdKmYMJFiXH51FyBOKtFZMunideL43II39uqn8kcLWv1QEq5htuI9o8JoBeu8wUaTsWIj2n+Fpx4zYjn1QEJiicJ42Vmro7BGgkiuHELk37rhUusIlakRw5AE3257Ui0s0zmij+KUSx7aqy7uhWqzzNc8tYerGlviW1uW+HrPLAdCOv30rJcq1UOkUhme4eleQpIm X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Jeff Xu Modify mseal_tests to avoid using no-op mprotect. The no-op mprotect shall be allowed. Signed-off-by: Jeff Xu Fixes: 4a2dd02b0916 ("mm/mprotect: replace can_modify_mm with can_modify_vma") --- tools/testing/selftests/mm/mseal_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/mm/mseal_test.c b/tools/testing/selftests/mm/mseal_test.c index ad17005521a8..0d4e5d8aeefb 100644 --- a/tools/testing/selftests/mm/mseal_test.c +++ b/tools/testing/selftests/mm/mseal_test.c @@ -677,7 +677,7 @@ static void test_seal_mprotect_two_vma(bool seal) FAIL_TEST_IF_FALSE(!ret); } - ret = sys_mprotect(ptr, page_size * 2, PROT_READ | PROT_WRITE); + ret = sys_mprotect(ptr, page_size * 2, PROT_READ); if (seal) FAIL_TEST_IF_FALSE(ret < 0); else @@ -718,7 +718,7 @@ static void test_seal_mprotect_two_vma_with_split(bool seal) FAIL_TEST_IF_FALSE(!ret); /* the second page is sealed. */ - ret = sys_mprotect(ptr + page_size, page_size, PROT_READ | PROT_WRITE); + ret = sys_mprotect(ptr + page_size, page_size, PROT_READ); if (seal) FAIL_TEST_IF_FALSE(ret < 0); else @@ -873,7 +873,7 @@ static void test_seal_mprotect_split(bool seal) FAIL_TEST_IF_FALSE(!ret); - ret = sys_mprotect(ptr + 2 * page_size, 2 * page_size, PROT_READ); + ret = sys_mprotect(ptr + 2 * page_size, 2 * page_size, PROT_WRITE); if (seal) FAIL_TEST_IF_FALSE(ret < 0); else From patchwork Wed Mar 12 00:21:17 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 14012789 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9DE97C282EC for ; Wed, 12 Mar 2025 00:21:31 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CF71F280007; Tue, 11 Mar 2025 20:21:28 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C5616280002; Tue, 11 Mar 2025 20:21:28 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A0C2E280007; Tue, 11 Mar 2025 20:21:28 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 845C2280002 for ; Tue, 11 Mar 2025 20:21:28 -0400 (EDT) Received: from smtpin05.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 7C22354F31 for ; Wed, 12 Mar 2025 00:21:30 +0000 (UTC) X-FDA: 83210995140.05.BAE3607 Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) by imf25.hostedemail.com (Postfix) with ESMTP id D94F7A0007 for ; Wed, 12 Mar 2025 00:21:27 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=AOaTf9Ys; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.208.41 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741738888; a=rsa-sha256; cv=none; b=PLi1CFM5uU8jcc0v1ORWEwudg7gXB0Kj8wG42f/Q3xYxGiLNs16HdM4NPxa+DuLbtGTki/ 9U+SvDEkNeT0v9twVH/xC67T7Nif8VpburQ+OmAvd8wTX3iD0c9KF9uJM5eb6TuiedN2Q9 +4qtGztPjFBgnc1awRFXdMtWuIs34Iw= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=AOaTf9Ys; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.208.41 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1741738888; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=K5xe36OxoXeIkbizVHSnBn4NRndqdFCX6+LlkAnxrvI=; b=Pg8T7pqWyJlvzf4lTFoSBDeejU6hJbp61NhJp1V0JAvq3pkkS6aTpbLnvmz3cBdl0pBsd9 8PX3Z9dXKihTwk8RhW3YwN6ICRYM30QTI9VCvV4dz6f1tOOU0BEB6z1rBmXp2mAI4kRelp u/VJm+i0COrSDNjU/2vOeZ4d6R1AfAs= Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-5e5b736b3fcso809529a12.1 for ; Tue, 11 Mar 2025 17:21:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741738886; x=1742343686; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K5xe36OxoXeIkbizVHSnBn4NRndqdFCX6+LlkAnxrvI=; b=AOaTf9YsZDGmwjs6OFJi0IkJlEF+qQLBuS+oHWXQV/JFirFuQKWtVu6URo3HAkCLIG PVr2FXhtCu1nnYJwwfVwhzJZhBoiqcY4tu0b/NEKH4Opi1HW/4nA7GFtZdOgP2FrJFGF d039ykml4+e8zpOwtnehutVfGuCrGXj7W0bss= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741738886; x=1742343686; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K5xe36OxoXeIkbizVHSnBn4NRndqdFCX6+LlkAnxrvI=; b=lAYatIR6kACTarcjSinPR57e1D5qBLfJiOrYNnHQkrN6TRrX6dwTnU7MwNzIctzyFU IAwHO9ltOJph29ACS7yrLjvBe42R8zjPGOTyqzGmLg9F5u9D5sq3NfQbtNOiZ8GMPno6 rq4xBJ8RbSKND9b1DmoykO0HgYxJzxhZBTBbXWYDknkbmBNlMP/9GIzMO0nALbCodG5V 5NL9l/BJZQSLrRcN93G8/LkKmzkCQ84DulvNvWO2poEk4lk0+G9dxNb+7QQXbezsOn+V hqOVAu/4kyDuw/esQbUAYQgLuqixYNcsYl8Ukl95EuWorPDUwog6q395IGCPWPYjqpsn JuqA== X-Forwarded-Encrypted: i=1; AJvYcCWbfJOs3mjy8ZBNvzTZ8mJpVikrkUBwK98M3kP+UN++RQ8LGbmk5i6yYR3zJvEmVhQZHFFSf2TYuQ==@kvack.org X-Gm-Message-State: AOJu0YxqBIUg06E9lgV2qTt2pwrfmGa51pozTpzGWq5A78D0E2xeg0Ne 8C/aXDuvvg6ZETUsQJrRzHjTDrXPZrUnbASUGXs7dHsk+cMSjLlhlZ/nuSQQ1g== X-Gm-Gg: ASbGncuq7Req6maP0k5MshcXy8OiR3kLg5zLSzuUJgRZiTYcYlKrA5Kh7nDjqrWf1Kz yRffv9fF/7/fQQcIo1/GOF7/Ih1xIwg44w+gZu8UJSUbxIKIFa1dek+LTQYYtPzRr/D5I3ai1e1 jUHPE+I1V3N/Mwo4R1kpR0jSvyJHURVXQT+xVv/URUOzkRW+TpcCGI7qfGS5xeU6FUqS5gp/QKU I4USZjPl2zjvfsh5CvLi7uScBLwdqvHFdVkihRE9Wux4fcobNVgunwL+jJIW+7Oc21rMXMstc7p wcK2DrGIOGy7m32X84ibPTCK9dXsnArpHkb+lDQxhg/8rRms6PjSheRzlOpwKFw/u+LciEuV1il v X-Google-Smtp-Source: AGHT+IHtp8ouTXVsgTp2SJJgz2rGEBY4ebI7QJXVPc63NR9EJfuX37UqlqudFu1bAKoYDI0sugwhXA== X-Received: by 2002:a17:907:6ea1:b0:abf:6b30:7a83 with SMTP id a640c23a62f3a-ac2b9ef11e6mr297381266b.13.1741738886472; Tue, 11 Mar 2025 17:21:26 -0700 (PDT) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e5c7669fd0sm8846503a12.51.2025.03.11.17.21.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 17:21:25 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, broonie@kernel.org, skhan@linuxfoundation.org Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, keescook@chromium.org, pedro.falcato@gmail.com, rdunlap@infradead.org, jannh@google.com, Jeff Xu Subject: [RFC PATCH v1 2/2] mseal: allow noop mprotect Date: Wed, 12 Mar 2025 00:21:17 +0000 Message-ID: <20250312002117.2556240-3-jeffxu@google.com> X-Mailer: git-send-email 2.49.0.rc0.332.g42c0ae87b1-goog In-Reply-To: <20250312002117.2556240-1-jeffxu@google.com> References: <20250312002117.2556240-1-jeffxu@google.com> MIME-Version: 1.0 X-Stat-Signature: 9t46jtm3rdjpsj16jr35d8tdcmoe89m4 X-Rspamd-Server: rspam12 X-Rspamd-Queue-Id: D94F7A0007 X-Rspam-User: X-HE-Tag: 1741738887-934145 X-HE-Meta: U2FsdGVkX19EsAgth+hc4nPHakTl/hNljrXl+dQZbdaACiqpOrZuiHHqfjuAvizNB4iymFGfNWRrO7xnGBSluFriM1Er1FYwKxB/0D7YM1t6GUxUVSMhtYKg2b1nHYILEm8UaE82ATWeL1vMJynYZ4+0mb2LKgcb4D0kkxbzRGIZaxzwasY7bdyszJdxHiw6Bv3odblXvCHRj8NtKG80t9b6yFST0iNXuVkGeiFSUdOCXSaCyTnuNiJRlLk8/DE/eTH/sETXxURbrVR8WANLZPMDojwZJYlTxq2/u6IbhpoSnixKrPsPOjIU6gqqEtHT5FbXBnNp/wgHI/KMm18XW1ASmZevNBsZdoBSLZIeUMTVnJi927tZ1QznnOoIN7GBmo8uvSARU1ctGrgchMzgiaY66EqVyJR1N5Xo8KRFLxGueo08ZXOb3+KF+hhcpnDKox/dCXn8TVmm5NKEDXio26EFhdlpuJZ2Q1ST2/hE8m3EVuxZ5B6Vgnd81RIQn32ztd7B9N8/+6Mpx0dw4ywu9e7S8hC4GfapsW1bTcu4c1qSYeInxMF8Lul2fNpnanAvkQOgE44WDwb4kVKmaqEDUd7nMQhHiMN52nvvdvvmMVMQ3UsDDsfZTV8/JFTBV/6MC8KatbU+/UCasQMxOvaF0YFOiD6qOgGdEiMYwPWEwaqvi0RLBeRk0BK75rWO4iSWrIVfz6S7xH7zPEh99trzCYkTLMrUhYWCOKm9GEEmcHuX5CddMpyA9IyP3eTf5PF4pHGMrwkCMDO+1iqnlmHt8uasYxGhoOr9GLv5+DYlxVhR2d15VdkzmuxeHJh3BFEhqqOCwAztQr8/zOmSHDpGa1UJguixjZsl/FibO7yc8MMIOCacLh/ZK35lW2Z5thyzdxLM799IXQ9Bh28q+1RESSpk4J1G+29S9XkmzZDUV+CsyE55uJk1Wa6a7pJd7yHQhTNI7kqm/HncoWJTkh4 PU49ucAK 1n+LMTudTYnBuJnicR3D0RN3wa+2Jg8jWHYNSclstUS24umzadkr2moDJUD5NyIbr68dpuFuQOFabnu5d+OdX5iavoF48pRWwkI7Inlv50tH/J9ENM2L9hJtNeuTfgijtakQ88k5nXVthYlKJh9fd4/vupD+/TfUCqXez0d08Zwz0MqZcsketIi7Tq2xBSWGNNIQY6f2aoSus1CmyvPfLLbzPOoxJpFq6HRb6xcRBsAcSIdKpLqkBTcK8XpynRsU5lMhjOCy5a3exDD1WawERG8DZ9eHPSJQHmKFNwiKCg/dyBUpClwRAVsurIK9GKvngV01J9s7nQitLEaffOKIC/D1vr4TwUidAShkGe7X96suaACaC2s6SjXcBFr24ObmyAmFDbUxzkJBY2ARZXj1zwr6W9nI2A+eKSqhQ3XPRsC+XwWHTaYTW8A6W/AByUkzizWgt X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: From: Jeff Xu Initially, when mseal was introduced in 6.10, semantically, when a VMA within the specified address range is sealed, the mprotect will be rejected, leaving all of VMA unmodified. However, adding an extra loop to check the mseal flag for every VMA slows things down a bit, therefore in 6.12, this issue was solved by removing can_modify_mm and checking each VMA’s mseal flag directly without an extra loop [1]. This is a semantic change, i.e. partial update is allowed, VMAs can be updated until a sealed VMA is found. The new semantic also means, we could allow mprotect on a sealed VMA if the new attribute of VMA remains the same as the old one. Relaxing this avoids unnecessary impacts for applications that want to seal a particular mapping. Doing this also has no security impact. [1] https://lore.kernel.org/all/20240817-mseal-depessimize-v3-0-d8d2e037df30@gmail.com/ Fixes: 4a2dd02b0916 ("mm/mprotect: replace can_modify_mm with can_modify_vma") Signed-off-by: Jeff Xu --- mm/mprotect.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mm/mprotect.c b/mm/mprotect.c index 516b1d847e2c..a24d23967aa5 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -613,14 +613,14 @@ mprotect_fixup(struct vma_iterator *vmi, struct mmu_gather *tlb, unsigned long charged = 0; int error; - if (!can_modify_vma(vma)) - return -EPERM; - if (newflags == oldflags) { *pprev = vma; return 0; } + if (!can_modify_vma(vma)) + return -EPERM; + /* * Do PROT_NONE PFN permission checks here when we can still * bail out without undoing a lot of state. This is a rather