Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752253AbdHHSpT (ORCPT ); Tue, 8 Aug 2017 14:45:19 -0400 Received: from mx1.redhat.com ([209.132.183.28]:41948 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752082AbdHHSpS (ORCPT ); Tue, 8 Aug 2017 14:45:18 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 12F1DC047B7C Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=riel@redhat.com Message-ID: <1502217914.6577.32.camel@redhat.com> Subject: Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK From: Rik van Riel To: Matthew Wilcox Cc: Mike Kravetz , Florian Weimer , linux-kernel@vger.kernel.org, linux-mm@kvack.org, colm@allcosts.net, akpm@linux-foundation.org, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, mingo@kernel.org, kirill@shutemov.name, dave.hansen@intel.com Date: Tue, 08 Aug 2017 14:45:14 -0400 In-Reply-To: <20170808165211.GE31390@bombadil.infradead.org> References: <20170806140425.20937-1-riel@redhat.com> <1502198148.6577.18.camel@redhat.com> <0324df31-717d-32c1-95ef-351c5b23105f@oracle.com> <1502207168.6577.25.camel@redhat.com> <20170808165211.GE31390@bombadil.infradead.org> Organization: Red Hat, Inc Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 08 Aug 2017 18:45:18 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1437 Lines: 40 On Tue, 2017-08-08 at 09:52 -0700, Matthew Wilcox wrote: > On Tue, Aug 08, 2017 at 11:46:08AM -0400, Rik van Riel wrote: > > On Tue, 2017-08-08 at 08:19 -0700, Mike Kravetz wrote: > > > If the use case is fairly specific, then perhaps it makes sense > > > to > > > make MADV_WIPEONFORK not applicable (EINVAL) for mappings where > > > the > > > result is 'questionable'. > > > > That would be a question for Florian and Colm. > > > > If they are OK with MADV_WIPEONFORK only working on > > anonymous VMAs (no file mapping), that certainly could > > be implemented. > > > > On the other hand, I am not sure that introducing cases > > where MADV_WIPEONFORK does not implement wipe-on-fork > > semantics would reduce user confusion... > > It'll simply do exactly what it does today, so it won't introduce any > new fallback code. Sure, but actually implementing MADV_WIPEONFORK in a way that turns file mapped VMAs into zero page backed anonymous VMAs after fork takes no more code than implementing it in a way that refuses to work on VMAs that have a file backing. There is no complexity argument for or against either approach. The big question is, what is the best for users? Should we return -EINVAL when MADV_WIPEONFORK is called on a VMA that has a file backing, and only succeed on anonymous VMAs? Or, should we simply turn every memory range that has MADV_WIPEONFORK done to it into an anonymous VMA in the child process?