On Wed, 15 May 2024 23:11:12 -0700 Jeff Xu <jef...@google.com> wrote:
> On Mon, May 13, 2024 at 12:15 PM Barnabás Pőcze <po...@protonmail.com> wrote: > > > > `MFD_NOEXEC_SEAL` should remove the executable bits and set > > `F_SEAL_EXEC` to prevent further modifications to the executable > > bits as per the comment in the uapi header file: > > > > not executable and sealed to prevent changing to executable > > > > However, currently, it also unsets `F_SEAL_SEAL`, essentially > > acting as a superset of `MFD_ALLOW_SEALING`. Nothing implies > > that it should be so, and indeed up until the second version > > of the of the patchset[0] that introduced `MFD_EXEC` and > > `MFD_NOEXEC_SEAL`, `F_SEAL_SEAL` was not removed, however it > > was changed in the third revision of the patchset[1] without > > a clear explanation. > > > > This behaviour is suprising for application developers, > > there is no documentation that would reveal that `MFD_NOEXEC_SEAL` > > has the additional effect of `MFD_ALLOW_SEALING`. > > > Ya, I agree that there should be documentation, such as a man page. I will > work on that. > > > So do not remove `F_SEAL_SEAL` when `MFD_NOEXEC_SEAL` is requested. > > This is technically an ABI break, but it seems very unlikely that an > > application would depend on this behaviour (unless by accident). > > > > [0]: https://lore.kernel.org/lkml/20220805222126.142525-3-jef...@google.com/ > > [1]: https://lore.kernel.org/lkml/20221202013404.163143-3-jef...@google.com/ > > ... > > Reviewed-by: Jeff Xu <jef...@google.com> It's a change to a userspace API, yes? Please let's have a detailed description of why this is OK. Why it won't affect any existing users. Also, please let's give consideration to a -stable backport so that all kernel versions will eventually behave in the same manner.