On Fri, Dec 16, 2022 at 9:43 AM Andrew Morton akpm@linux-foundation.org wrote:
On Fri, 16 Dec 2022 09:15:40 -0800 Jeff Xu jeffxu@google.com wrote:
On Fri, Dec 16, 2022 at 7:47 AM Peter Xu peterx@redhat.com wrote:
Hi, Jeff,
On Thu, Dec 08, 2022 at 02:55:45PM -0800, Jeff Xu wrote:
if (!(flags & (MFD_EXEC | MFD_NOEXEC_SEAL))) {[...]
pr_warn_ratelimited("memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=%d '%s'\n",task_pid_nr(current), get_task_comm(comm, current));This will be frequently dumped right now with mm-unstable. Is that what it wanted to achieve?
[ 10.822575] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=491 'systemd' [ 10.824743] memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=495 '(sd-executor)' ...
If there's already a sane default value (and also knobs for the user to change the default) not sure whether it's saner to just keep it silent as before?
Thanks for your comments.
The intention is it is a reminder to adjust API calls to explicitly setting this bit.
Do we need to warn more than once per boot? If not, use pr_warn_once()?
Once per boot seems too little, it would be nice if we can list all processes. I agree ratelimited might be too much. There is a feature gap here for logging.
Kees, what do you think ?
The sysctl vm.memfd_noexec = 0 1 is for transaction to the final state, and 2 depends on API call setting this bit.
The log is ratelimited, and there is a rate limit setting: /proc/sys/kernel/printk_ratelimit /proc/sys/kernel/printk_ratelimit_burst