Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3512766imm; Fri, 19 Oct 2018 11:52:02 -0700 (PDT) X-Google-Smtp-Source: ACcGV62VqiUgD8sfD1zoNRoaOrE0QvNnIm2EtMOGfCt3UcxfTB2EPzjHnpxYoV5gffa1z8566Aem X-Received: by 2002:a63:ac02:: with SMTP id v2-v6mr33611710pge.414.1539975122628; Fri, 19 Oct 2018 11:52:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539975122; cv=none; d=google.com; s=arc-20160816; b=KM1wPiyXeJzAv3MaCyQxKftRy3EUtXYHR9jy3wxiUJ1u1F0hfHoA7h2JdjeCPfg/eE 2dn2Pl8lk2sAGLCVYQmfvarS0TUx/amgrZGmsAt3f58b3HnBmNyEYHIsK9lGCIGw3pgY Mv9n21c1Jxw71mztJPYCStPsTFEwd52xn08WUQqoS32MXPiCbGdAS/uHtHDt2/ozxRAZ d3adkeDUYcHWRskiwBnkCgc+nTf80rLQ8oGAG5vkd9s7XU8SvZb9KbQhedqCcuRr9iY/ AA5ZVrEuwmnTpGRpPxhEHxKB5sF92r4+ILNirerbCViRaRf3j+6CCMjNr1oxj85T55aB Z/2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:content-transfer-encoding :mime-version:references:in-reply-to:subject:cc:to:from; bh=rpWcHs7QjgVgvMYBkCCy+N/bC7/0xCUlUJeesVOVucA=; b=JG074XvVYK3bbkebgDfFGpScn2V5swDfjzct330OYONVYPfNg4fbO5mtcZBQSlywa7 UsdYpKWRUYkSLh4h9Y4Go+tr1g3hbaM80qhUubmb4lHLnI4zdEtHqivDM3HrutnLb/F8 RfYVKWnpMTkec2mIDJufGLqJBhQX4voR0yiUFllA5N7frvQxZ5rr48TLBUF72RVCmqbo RoQ+ozf9RcCBGsdPAlbzZev6bqGumXitJTAmAvm42ntecjCSz8fSUY4RYoz/BaBXwtNL QBaizdt/cq8ogGyt/agLO3NeMvPrMmQgE8Vu0d71SSoVl9uizp4zapPVrghM6Ud4WmOh QXEA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p8-v6si25704415plq.136.2018.10.19.11.51.46; Fri, 19 Oct 2018 11:52:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=vt.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728035AbeJTC4j (ORCPT + 99 others); Fri, 19 Oct 2018 22:56:39 -0400 Received: from outbound.smtp.vt.edu ([198.82.183.121]:35522 "EHLO omr2.cc.vt.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727770AbeJTC4j (ORCPT ); Fri, 19 Oct 2018 22:56:39 -0400 Received: from mr6.cc.vt.edu (mr6.cc.vt.edu [IPv6:2607:b400:92:8500:0:af:2d00:4488]) by omr2.cc.vt.edu (8.14.4/8.14.4) with ESMTP id w9JInKOU018933 for ; Fri, 19 Oct 2018 14:49:20 -0400 Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) by mr6.cc.vt.edu (8.14.7/8.14.7) with ESMTP id w9JInFlk028836 for ; Fri, 19 Oct 2018 14:49:20 -0400 Received: by mail-qk1-f199.google.com with SMTP id y201-v6so36824160qka.1 for ; Fri, 19 Oct 2018 11:49:20 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=rpWcHs7QjgVgvMYBkCCy+N/bC7/0xCUlUJeesVOVucA=; b=b0HMWF3VBzoByj6j3NhGgIOzYDA68W0S2cfHa5N1eGvjGmg85UCPa1yxwHlOKhZoXP 37IXb0tjMioPbY10tGdi8+iY8QO3tXAq48yCCvrQqS4zEWNCqgbFnl/QN++oKRLgslsq a+xE+jf7oUqDgzDlF3hCxxhXGr80RpC7FSkBHAQ8u9duRzVcjop01Ovrx+3qvU4EfqC3 CqTNFxBP47KpqWIy02pXhH/2QHaUIgDd/8gqpb/22+5Q8Nx/QiFBW2ArvcNoSWBv2qqy OClLQJM95fkuMWUr+FuwiTHxk7ibWM5z1VmFQ3pOe7zldY6E8h1+YadZNuLEAsuxVAsi HQAg== X-Gm-Message-State: ABuFfohZd4ThLKVDlwmJj7DPNTpu+N2++XddpqEbB9ahRG6NLLuDkmi8 GvgtouP105BP+CBoKCdUbnf5TghbIAokCpvEoStFKt9izFRVDB6dLxJ0fmxvOQhdv+hxfAnN4EI GNy65/h0PWPIDfWTbBcPeFuJAdcreilg8Tgw= X-Received: by 2002:a37:2825:: with SMTP id o37-v6mr6693167qkh.350.1539974954944; Fri, 19 Oct 2018 11:49:14 -0700 (PDT) X-Received: by 2002:a37:2825:: with SMTP id o37-v6mr6693140qkh.350.1539974954529; Fri, 19 Oct 2018 11:49:14 -0700 (PDT) Received: from turing-police.cc.vt.edu (turing-police.cc.ipv6.vt.edu. [2001:468:c80:2103:f21f:afff:fe0c:8ada]) by smtp.gmail.com with ESMTPSA id k39-v6sm4792358qtf.3.2018.10.19.11.49.12 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 19 Oct 2018 11:49:12 -0700 (PDT) From: valdis.kletnieks@vt.edu X-Google-Original-From: Valdis.Kletnieks@vt.edu X-Mailer: exmh version 2.8.0 04/21/2017 with nmh-1.7+dev To: Joel Fernandes Cc: LKML , kernel-team , John Reck , John Stultz , Todd Kjos , Greg Kroah-Hartman , Christoph Hellwig , Al Viro , Andrew Morton , Daniel Colascione , "J. Bruce Fields" , Jeff Layton , linux-fsdevel@vger.kernel.org, linux-kselftest , linux-mm , marcandre.lureau@redhat.com, Mike Kravetz , Minchan Kim , Shuah Khan , Thomas Gleixner Subject: Re: [PATCH v3 1/2] mm: Add an F_SEAL_FUTURE_WRITE seal to memfd In-Reply-To: References: <20181018065908.254389-1-joel@joelfernandes.org> <42922.1539970322@turing-police.cc.vt.edu> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1539974951_3102P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Fri, 19 Oct 2018 14:49:11 -0400 Message-ID: <118792.1539974951@turing-police.cc.vt.edu> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --==_Exmh_1539974951_3102P Content-Type: text/plain; charset=us-ascii On Fri, 19 Oct 2018 10:57:31 -0700, Joel Fernandes said: > On Fri, Oct 19, 2018 at 10:32 AM, wrote: > > What is supposed to happen if some other process has an already existing R/W > > mmap of the region? (For that matter, the test program doesn't seem to > > actually test that the existing mmap region remains writable?) > Why would it not remain writable? We don't change anything in the > mapping that prevents it from being writable, in the patch. OK, if the meaning here is "if another process races and gets its own R/W mmap before we seal our mmap, it's OK". Seems like somewhat shaky security-wise - a possibly malicious process can fail to get a R/W map because we just sealed it, but if it had done the attempt a few milliseconds earlier it would have its own R/W mmap to do as it pleases... On the other hand, decades of trying have proven that trying to do any sort of revoke() is a lot harder to do than it looks... > We do test that existing writable mmaps can continue to exist after > the seal is set, in a way, because we test that setting of the seal > succeeds. Well, if the semantics are "We don't bother trying to deal with existing R/W maps", then it doesn't really matter - I was thinking along the lines of "If we're revoking other R/W accesses, we should test that we didn't nuke *this* one in the bargain".... --==_Exmh_1539974951_3102P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Comment: Exmh version 2.8.0 04/21/2017 iQEVAwUBW8onJ40DS38y7CIcAQK8gAgAn0hFoG/7NzVOy5Rst3e/VtBaNha/e3V0 N+mOczsxE3dMEijB1Uyu9c9Lzla9XW612XLu/DIgfET40+gYywBE39PQQovZomc3 QEc1GfcRkVUQqncDVvKSAN9JQ7QdWLTvqAva+ChFl8+yAn2Y7hCqg+WHKT7XMqVZ IQl7IZxHgfik1Id2h5IizZgSeBS91WoYehfIrgH59TcFA+Fjek8beOJpBvC4es3m jDyp2LTlACh55TkUM3N7pQtKsNGSMUSekMG+ylFykgY76LS+K1rS9KBpABMFZL0Y +McJX3of+FHEVoJy2W42G6+SRr82+4pVysAeVa8XxGRvS/wvMgTySQ== =GvDD -----END PGP SIGNATURE----- --==_Exmh_1539974951_3102P--