From nobody Sun Feb 8 02:04:42 2026 Received: from mail-ed1-f49.google.com (mail-ed1-f49.google.com [209.85.208.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 78CEF1CAA4 for ; Wed, 12 Mar 2025 00:21:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.49 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741738888; cv=none; b=UrrOMjNJ5B7GRsGGOXgeOw/5IDMG3/mPNPKDUC10IA2HAH5nXr0s+iqYhOKVvfMPHFJlSlzp9XL+S1/P5Su2Zc02vUWUzaXqPxdJvLVk+p9IuyE4nB0ciXsUvXyX2fuQLrm0S2kEZjGR5nqEiauRrls8EwPPUlGblpF5tT5uidY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741738888; c=relaxed/simple; bh=E0hajOFy+vpCtuf88R9Ti+b+60Xg+fLnjQmi+V0i0oM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=gOi1VHhbXZQUSgvOknRmbVIt1Y4EwpJvsUnNcpwy4VntVoiHBy+lS4H1xrIEl+HHL2D3p81kXjqj/bThWBnYR5yp3Q2q2G0vPH+hTW790jbtNIVhf6wBd5gmL5ROWwt8bCUpRnU7zyEfNlK1HSy1zK0e10DZUHT82Z9AvLIFjpk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=nBVZokNJ; arc=none smtp.client-ip=209.85.208.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="nBVZokNJ" Received: by mail-ed1-f49.google.com with SMTP id 4fb4d7f45d1cf-5e5ea062471so946953a12.2 for ; Tue, 11 Mar 2025 17:21:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741738885; x=1742343685; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=miJIXyGYG3FDRWUe/NKY/2IA/SM1dTsr2zjDOOHuDTo=; b=nBVZokNJULTTLGlDeH+QhdefPlbGtadJTYisrscWeZKoqbMbt8ZdBdD+JAPkFjdXF9 oqym5qLf9wyw87OIhlqnNOokF1AZLQZtrujJ3j7KT2q3XXxuUkSooXD0u+vSLh3UhddZ oZAw+q88AZE6Z+CbKZbiWHICyvioBpJjbEwt8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741738885; x=1742343685; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=miJIXyGYG3FDRWUe/NKY/2IA/SM1dTsr2zjDOOHuDTo=; b=fJOnzUbwXcN9r/CFzsn7a6CupdsHZaRQEaBOmAnsMYW7NWU6CFwM28fmaPic01wAwh EIvQq+dV9pgkaItM3m9DyfN9lL9bsj125GDxsleHflbzYk6Xdl1mdlPi0HoXbMIXh3PK oto7NBRM7Pa1xEkHH3zVxZtjS7n/L9oMJfmZqMp9kYOuNJ1f/SglBdYqPLoaHZ2/B6OL zxxAcJx9lckXBwM1KgcjY48aaSOr9sTWGywjrawJVX5vi+A1ABY01aMfFRjm1Cft3kxz 80rOrratO+VG7SqKDwajUveE7KZhkmhAdTWTORfwXtlB8UQHDe5w9K7qn0YHqLGxH9Z5 SblQ== X-Gm-Message-State: AOJu0Yw0s7+N1Eqri0Ax2AtaaFZLVIo4RJAYElj/wPnt2JhnxOZTGibx M0IapuabuBEeJkH4few9uwZ4TDkxI/PvF7e0WOtc9Cvvj3n+WWefyohut3VBdA== X-Gm-Gg: ASbGncsVed1hrZhAQX4TErt7m6tESKOeD6aNJ8xFoJo1kibbKSyPNqGIrV1y/rI4C45 yU83RCNQX3WbCQkOhzMCBqdac6bQsAd6HbrpkGpQu/2syrCMlUin6EmLZOwriaxQ+Qv3lS5iLvX mnGNZp3c3ioAMwRZ6oSo88e9pWXPNFr5K8ptRMGEI+XGooGefN3sRW57uKpQkBEi7zKlsmQfsZs 2l4BZAVHDpYzS1CoMwN7F8qpyxU6t2E5mSw9ByRXL7XfLORIVfRKmzZ/K+ea0zfd7XQJYlR2aMq IHYfI2MxT1VfYZoTAVn+ABJF8NuthfRcTaVvLQFmlkwLW5vbPtW0EHJP6rIEW0p9bxrndDrabzs 4 X-Google-Smtp-Source: AGHT+IG2RY8KyPk79cZ65JQw4p98XAf1wvRrztHIEplkXwrKzzh8fZlWbd9JzkmEqA3hVmaYTTf1Tg== X-Received: by 2002:a05:6402:35c6:b0:5e5:e17f:22fc with SMTP id 4fb4d7f45d1cf-5e617f919d5mr7379042a12.2.1741738884777; Tue, 11 Mar 2025 17:21:24 -0700 (PDT) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e5c7669fd0sm8846503a12.51.2025.03.11.17.21.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 17:21:23 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, broonie@kernel.org, skhan@linuxfoundation.org Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, keescook@chromium.org, pedro.falcato@gmail.com, rdunlap@infradead.org, jannh@google.com, Jeff Xu Subject: [RFC PATCH v1 1/2] selftests/mm: mseal_test: avoid using no-op mprotect Date: Wed, 12 Mar 2025 00:21:16 +0000 Message-ID: <20250312002117.2556240-2-jeffxu@google.com> X-Mailer: git-send-email 2.49.0.rc0.332.g42c0ae87b1-goog In-Reply-To: <20250312002117.2556240-1-jeffxu@google.com> References: <20250312002117.2556240-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jeff Xu Modify mseal_tests to avoid using no-op mprotect. The no-op mprotect shall be allowed. Signed-off-by: Jeff Xu Fixes: 4a2dd02b0916 ("mm/mprotect: replace can_modify_mm with can_modify_vm= a") --- tools/testing/selftests/mm/mseal_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/testing/selftests/mm/mseal_test.c b/tools/testing/selfte= sts/mm/mseal_test.c index ad17005521a8..0d4e5d8aeefb 100644 --- a/tools/testing/selftests/mm/mseal_test.c +++ b/tools/testing/selftests/mm/mseal_test.c @@ -677,7 +677,7 @@ static void test_seal_mprotect_two_vma(bool seal) FAIL_TEST_IF_FALSE(!ret); } =20 - ret =3D sys_mprotect(ptr, page_size * 2, PROT_READ | PROT_WRITE); + ret =3D sys_mprotect(ptr, page_size * 2, PROT_READ); if (seal) FAIL_TEST_IF_FALSE(ret < 0); else @@ -718,7 +718,7 @@ static void test_seal_mprotect_two_vma_with_split(bool = seal) FAIL_TEST_IF_FALSE(!ret); =20 /* the second page is sealed. */ - ret =3D sys_mprotect(ptr + page_size, page_size, PROT_READ | PROT_WRITE); + ret =3D sys_mprotect(ptr + page_size, page_size, PROT_READ); if (seal) FAIL_TEST_IF_FALSE(ret < 0); else @@ -873,7 +873,7 @@ static void test_seal_mprotect_split(bool seal) FAIL_TEST_IF_FALSE(!ret); =20 =20 - ret =3D sys_mprotect(ptr + 2 * page_size, 2 * page_size, PROT_READ); + ret =3D sys_mprotect(ptr + 2 * page_size, 2 * page_size, PROT_WRITE); if (seal) FAIL_TEST_IF_FALSE(ret < 0); else --=20 2.49.0.rc0.332.g42c0ae87b1-goog From nobody Sun Feb 8 02:04:42 2026 Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2AB5E1CF96 for ; Wed, 12 Mar 2025 00:21:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741738889; cv=none; b=it+QbjNZu8IjzfX2HyQZNRid6109ATl8zppy3IZo5SlufbeE05jLMw+1vtTB36VDaog8y3O9OOxC/Jb6sKuDvLvO9Gx16aiDQYi2fGFrY1xt/WrS/CJ+OKf0LRgMdu9v359FUpl/f2mV4bm+NAhba6WJKVGqTV2vcRSdUxxLpw4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1741738889; c=relaxed/simple; bh=e608xdJeqBKKdGNq0v7LWmeQ6DQjWhBH7FxgELGlglQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DWO+wsBjMPSzCehm+OOCbWkz0rLrB4M02hP7DSC6bAnUeEvnnupCFycmWjB/gJmxSZBdJiq7+ad2bv3C/DhFyISOcQggp+nhUG1qqcapQisi0TUeG6ME92k8yrDej78PLNZUWatT9SHp26C33jm+XSAul69W5cZiv8s3AVaxV3s= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org; spf=pass smtp.mailfrom=chromium.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b=CXH1yE2/; arc=none smtp.client-ip=209.85.208.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=chromium.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=chromium.org header.i=@chromium.org header.b="CXH1yE2/" Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-5e5b736b3fcso809528a12.1 for ; Tue, 11 Mar 2025 17:21:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1741738886; x=1742343686; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=K5xe36OxoXeIkbizVHSnBn4NRndqdFCX6+LlkAnxrvI=; b=CXH1yE2/Yl07OH3aRArU2m+/IjBVe/+zr9zByRPaEbjedAoCDIfGAh0DoVSWOCofmb a4NdZsHY6r3NhHdFvW/0bGXNQOgQWNrJcT7Z8+tp5RRoDmSXJM+z4jeZRM7DfdY6JWnr EahK7rbvE1eD2tdj7kNS1WzhO4SfxplcYj89w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741738886; x=1742343686; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=K5xe36OxoXeIkbizVHSnBn4NRndqdFCX6+LlkAnxrvI=; b=jmkwYXLLdPUn4AR2fYZLSGsBmbQfQ+NVBCW9qrqZliACesutacwW9i0hpTRMcIdM6o 8hjiYRxDoJ7zHJxLFhDgrFmJpUCOYu1nkWbJlqMv2L4Wa8td0QqniX74i88gKvDbYXPj /epG35+DEqEXWY0qv15baEp4GAihOBDSScRq79kQNc4TEIW4YG5gx+VD4Tr+87qhb/jL bi1kNAdkvGEOiAJJVwAyB9dMzaC9sUeTQx8zZ4cHT83b36QN2H0wRtrH8MtjGaEpFTqD 7+9TY1sL+NWxoHuuRtDGEVlPplmWwsTbL/2qlyxuFyqxjUadzLxkZza6g59uJaqM3Xlb SR4Q== X-Gm-Message-State: AOJu0YxmecCr61jkpALu0fPUELgltW+gz6GzkH9MRIpxnaf1bq/lYmv9 0svLCnwycm5rJOfrlyXJIO+IvgaKp6YInTQ0Qym6T/QU6SZxDJUlyK12Hw8QMQ== X-Gm-Gg: ASbGncuoLjjxnn2nHNQSWwvnqAFTHssaCFU1nQbtt13f6ey0vazTarEOoQKQ7eL9s1c tJtUvQXl1b70mokLMZxbPEzqsHJOapHj/BCYc52TbAA9yrR1nHjBqWCOaysacKOdWc9JBJGce69 nfk7izX+8r2GGTHhXXOviDsxqdOsfx4RFGUhy3X7yPfGcYu20MTGOlVmBbChh4l81lCMSQUcHbi 7pQblB8y0BndJmUZX6i9YFBzUbomLFWnL7yRYesaKP4nbI8XuYoxa3XxTW8/PDE6YwpYQpnEdAa q0ayixy/UotoEksPFmWUlFyHn1XsZsIT6RNR5l/PB0KMhP+lxRtMJpt4/0jO9usEGYel29jexz7 o X-Google-Smtp-Source: AGHT+IHtp8ouTXVsgTp2SJJgz2rGEBY4ebI7QJXVPc63NR9EJfuX37UqlqudFu1bAKoYDI0sugwhXA== X-Received: by 2002:a17:907:6ea1:b0:abf:6b30:7a83 with SMTP id a640c23a62f3a-ac2b9ef11e6mr297381266b.13.1741738886472; Tue, 11 Mar 2025 17:21:26 -0700 (PDT) Received: from cfish.c.googlers.com.com (40.162.204.35.bc.googleusercontent.com. [35.204.162.40]) by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5e5c7669fd0sm8846503a12.51.2025.03.11.17.21.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 11 Mar 2025 17:21:25 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, vbabka@suse.cz, lorenzo.stoakes@oracle.com, Liam.Howlett@Oracle.com, broonie@kernel.org, skhan@linuxfoundation.org Cc: linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jorgelo@chromium.org, keescook@chromium.org, pedro.falcato@gmail.com, rdunlap@infradead.org, jannh@google.com, Jeff Xu Subject: [RFC PATCH v1 2/2] mseal: allow noop mprotect Date: Wed, 12 Mar 2025 00:21:17 +0000 Message-ID: <20250312002117.2556240-3-jeffxu@google.com> X-Mailer: git-send-email 2.49.0.rc0.332.g42c0ae87b1-goog In-Reply-To: <20250312002117.2556240-1-jeffxu@google.com> References: <20250312002117.2556240-1-jeffxu@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable From: Jeff Xu Initially, when mseal was introduced in 6.10, semantically, when a VMA within the specified address range is sealed, the mprotect will be rejected, leaving all of VMA unmodified. However, adding an extra loop to check the m= seal flag for every VMA slows things down a bit, therefore in 6.12, this issue w= as solved by removing can_modify_mm and checking each VMA=E2=80=99s mseal flag= directly without an extra loop [1]. This is a semantic change, i.e. partial update is allowed, VMAs can be updated until a sealed VMA is found. The new semantic also means, we could allow mprotect on a sealed VMA if the= new attribute of VMA remains the same as the old one. Relaxing this avoids unne= cessary impacts for applications that want to seal a particular mapping. Doing this= also has no security impact. [1] https://lore.kernel.org/all/20240817-mseal-depessimize-v3-0-d8d2e037df3= 0@gmail.com/ Fixes: 4a2dd02b0916 ("mm/mprotect: replace can_modify_mm with can_modify_vm= a") Signed-off-by: Jeff Xu --- mm/mprotect.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mm/mprotect.c b/mm/mprotect.c index 516b1d847e2c..a24d23967aa5 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -613,14 +613,14 @@ mprotect_fixup(struct vma_iterator *vmi, struct mmu_g= ather *tlb, unsigned long charged =3D 0; int error; =20 - if (!can_modify_vma(vma)) - return -EPERM; - if (newflags =3D=3D oldflags) { *pprev =3D vma; return 0; } =20 + if (!can_modify_vma(vma)) + return -EPERM; + /* * Do PROT_NONE PFN permission checks here when we can still * bail out without undoing a lot of state. This is a rather --=20 2.49.0.rc0.332.g42c0ae87b1-goog