Re: [PATCH 3/4] mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl

From: Catalin Marinas
Date: Fri May 05 2023 - 14:34:34 EST

Next message: Jonathan Corbet: "[GIT PULL] Documentation stragglers for 6.4"
Previous message: Konrad Dybcio: "Re: [PATCH v4 3/5] usb: misc: eud: Add driver support for SM6115 / SM4250"
In reply to: Florent Revest: "[PATCH 3/4] mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl"
Next in thread: Florent Revest: "[PATCH 4/4] kselftest: vm: Add tests for no-inherit memory-deny-write-execute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 04, 2023 at 07:09:41PM +0200, Florent Revest wrote:
> This extends the current PR_SET_MDWE prctl arg with a bit to indicate
> that the process doesn't want MDWE protection to propagate to children.
>
> To implement this no-inherit mode, the tag in current->mm->flags must be
> absent from MMF_INIT_MASK. This means that the encoding for "MDWE but
> without inherit" is different in the prctl than in the mm flags. This
> leads to a bit of bit-mangling in the prctl implementation.

That bit mangling is not that bad but it complicates the code a bit,
especially if we'll add new bits in the future. We also need to check
both the original and the no-inherit bits for each feature.

Another question is whether we want to support more fine-grained
inheriting or just a big knob that disables inheriting for all the
(future) MDWE flags.

I think a somewhat simpler way would be to clear the flags on fork(),
either based on a big MMF_HAS_MDWE_NO_INHERIT knob or individual ones.
Something like below (completely untested):

diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h
index 0ee96ea7a0e9..ca83a0c8d19c 100644
--- a/include/linux/sched/coredump.h
+++ b/include/linux/sched/coredump.h
@@ -91,4 +91,12 @@ static inline int get_dumpable(struct mm_struct *mm)
MMF_DISABLE_THP_MASK | MMF_HAS_MDWE_MASK)

#define MMF_VM_MERGE_ANY 29
+
+#define MMF_INIT_FLAGS(flags) ({ \
+ unsigned long new_flags = flags; \
+ if (new_flags & (1UL << MMF_HAS_MDWE_NO_INHERIT)) \
+ new_flags &= ~(1UL << MMF_HAS_MDWE_MASK); \
+ new_flags & MMF_INIT_MASK; \
+})
+
#endif /* _LINUX_SCHED_COREDUMP_H */
diff --git a/kernel/fork.c b/kernel/fork.c
index ed4e01daccaa..53f0b68a5451 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1288,7 +1288,7 @@ static struct mm_struct *mm_init(struct mm_struct *mm, struct task_struct *p,
hugetlb_count_init(mm);

if (current->mm) {
- mm->flags = current->mm->flags & MMF_INIT_MASK;
+ mm->flags = MMF_INIT_FLAGS(current->mm->flags);
mm->def_flags = current->mm->def_flags & VM_INIT_DEF_MASK;
} else {
mm->flags = default_dump_filter;

The checks in MMF_INIT_FLAGS() can grow in time if we add more bits in
there but we still only keep a single flag that determines whether the
feature is enabled (maybe that's more like bikeshedding at this moment
when we have a single bit).

(fun remark: I see you cc'ed nd@xxxxxxx'; that's not a real person, it's
what our IT folk asked us to add on cc so that the Exchange server
doesn't append the legal disclaimer; most lists are covered already
without such cc but I guess people feel safer to add it, just in case)

--
Catalin

Next message: Jonathan Corbet: "[GIT PULL] Documentation stragglers for 6.4"
Previous message: Konrad Dybcio: "Re: [PATCH v4 3/5] usb: misc: eud: Add driver support for SM6115 / SM4250"
In reply to: Florent Revest: "[PATCH 3/4] mm: Add a NO_INHERIT flag to the PR_SET_MDWE prctl"
Next in thread: Florent Revest: "[PATCH 4/4] kselftest: vm: Add tests for no-inherit memory-deny-write-execute"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]