lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20230912-memfd-reduce-spam-v2-1-7d92a4964b6a@cyphar.com>
Date:   Tue, 12 Sep 2023 01:17:20 +1000
From:   Aleksa Sarai <cyphar@...har.com>
To:     Andrew Morton <akpm@...ux-foundation.org>
Cc:     Damian Tometzki <dtometzki@...oraproject.org>,
        Aleksa Sarai <cyphar@...har.com>,
        Christian Brauner <brauner@...nel.org>,
        Daniel Verkamp <dverkamp@...omium.org>,
        Jeff Xu <jeffxu@...gle.com>, Kees Cook <keescook@...omium.org>,
        Shuah Khan <shuah@...nel.org>, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH v2] memfd: drop warning for missing exec-related flags

Commit 434ed3350f57 ("memfd: improve userspace warnings for missing
exec-related flags") attempted to make these warnings more useful (so
they would work as an incentive to get users to switch to specifying
these flags -- as intended by the original MFD_NOEXEC_SEAL patchset).
Unfortunately, it turns out that even INFO-level logging is too extreme
to enable by default and alternative solutions to the spam issue (such
as doing more extreme rate-limiting per-task) are either too ugly or
overkill for something as simple as emitting a log as a developer aid.

Given that the flags are new and there is no harm to not specifying them
(after all, we maintain backwards compatibility) we can just drop the
warnings for now until some time in the future when most programs have
migrated and distributions start using vm.memfd_noexec=1 (where failing
to pass the flag would result in unexpected errors for programs that use
executable memfds).

Fixes: 434ed3350f57 ("memfd: improve userspace warnings for missing exec-related flags")
Fixes: 2562d67b1bdf ("revert "memfd: improve userspace warnings for missing exec-related flags".")
Reported-by: Damian Tometzki <dtometzki@...oraproject.org>
Reviewed-by: Christian Brauner <brauner@...nel.org>
Signed-off-by: Aleksa Sarai <cyphar@...har.com>
---
Changes in v2:
- rebase on top mm-stable (in particular, commit 2562d67b1bdf)
- v1: <https://lore.kernel.org/r/20230906-memfd-reduce-spam-v1-1-1f0d35facd95@cyphar.com>
---
 mm/memfd.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/mm/memfd.c b/mm/memfd.c
index 2dba2cb6f0d0..d3a1ba4208c9 100644
--- a/mm/memfd.c
+++ b/mm/memfd.c
@@ -315,12 +315,6 @@ SYSCALL_DEFINE2(memfd_create,
 	if ((flags & MFD_EXEC) && (flags & MFD_NOEXEC_SEAL))
 		return -EINVAL;
 
-	if (!(flags & (MFD_EXEC | MFD_NOEXEC_SEAL))) {
-		pr_warn_once(
-			"%s[%d]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set\n",
-			current->comm, task_pid_nr(current));
-	}
-
 	error = check_sysctl_memfd_noexec(&flags);
 	if (error < 0)
 		return error;

---
base-commit: 6bc660278f11970e7c0c349f66c693e5dc5d85b6
change-id: 20230906-memfd-reduce-spam-8788fc0b951e

Best regards,
-- 
Aleksa Sarai <cyphar@...har.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ