On Fri, Dec 16, 2022 at 7:47 AM Peter Xu peterx@redhat.com wrote:
Hi, Jeff,
On Thu, Dec 08, 2022 at 02:55:45PM -0800, Jeff Xu wrote:
if (!(flags & (MFD_EXEC | MFD_NOEXEC_SEAL))) {[...]
pr_warn_ratelimited("memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=%d '%s'\n",task_pid_nr(current), get_task_comm(comm, current));This will be frequently dumped right now with mm-unstable. Is that what it wanted to achieve?
[ 10.822575] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=491 'systemd' [ 10.824743] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=495 '(sd-executor)' ...
If there's already a sane default value (and also knobs for the user to change the default) not sure whether it's saner to just keep it silent as before?
Thanks for your comments.
The intention is it is a reminder to adjust API calls to explicitly setting this bit. The sysctl vm.memfd_noexec = 0 1 is for transaction to the final state, and 2 depends on API call setting this bit.
The log is ratelimited, and there is a rate limit setting: /proc/sys/kernel/printk_ratelimit /proc/sys/kernel/printk_ratelimit_burst
Best regards, Jeff
-- Peter Xu