Re: [PATCH v3 2/7] prctl: introduce PR_DEFAULT_MADV_HUGEPAGE for the process

[Jann Horn]

On Tue, May 20, 2025 at 12:33 AM Usama Arif <usamaarif642@xxxxxxxxx> wrote:
> This is set via the new PR_SET_THP_POLICY prctl. It has 2 affects:
> - It sets VM_HUGEPAGE and clears VM_NOHUGEPAGE on the default VMA flags
>   (def_flags). This means that every new VMA will be considered for
>   hugepage.
> - Iterate through every VMA in the process and call hugepage_madvise
>   on it, with MADV_HUGEPAGE policy.
> The policy is inherited during fork+exec.

As I replied to Lorenzo's series
(https://lore.kernel.org/all/CAG48ez3-7EnBVEjpdoW7z5K0hX41nLQN5Wb65Vg-1p8DdXRnjg@xxxxxxxxxxxxxx/),
it would be nice if you could avoid introducing new flags that have
the combination of all the following properties:

1. persists across exec
2. not cleared on secureexec execution
3. settable without ns_capable(CAP_SYS_ADMIN)
4. settable without NO_NEW_PRIVS

Flags that have all of these properties need to be reviewed extra
carefully to see if there is any way they could impact the security of
setuid binaries, for example by changing mmap() behavior in a way that
makes addresses significantly more predictable.