Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1474412imu; Fri, 9 Nov 2018 17:49:50 -0800 (PST) X-Google-Smtp-Source: AJdET5cT5/ozWu726UGi1RKD1s7ssLhO+dENnZp/MRuFPhStYYdhE8/g0YI8K0KDg6FCwHEr1jsO X-Received: by 2002:a62:b802:: with SMTP id p2-v6mr11189724pfe.1.1541814590889; Fri, 09 Nov 2018 17:49:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541814590; cv=none; d=google.com; s=arc-20160816; b=IU1Qe6uAyHnKuPhQBl1z0FMELsMQ1IHkGTxLiBMBW6lRnrJ7ysV6HTdOSeM37hzLtn x7UD8S0YiFuXQ4kd2RJB1/j/0JU+KnPPdXYrw8Q4ux2XWdYHJnqAxHOMly/h/P/eN9Fn KQNzH7KLP6XBqO2FUk/wfjekHhE6LdWtTN/BZxLRWIQwDZiMK2DB6mIR0S3TmoyUoTuL bDP0PdvDQo0v8DX8cecIWy8mMpFA/YPC5rreFEQBOoqNrn10WTPvV9T3odKV9zPN3EtU 7u1uyS1JEekempDl222dPL/hFcoA41l9a0RassQ0kLwDmx7Ut2VFtDfQd2utfWv4lV7I ZQ5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=0lDTTnRz1Cu4Oscn2W4VK8h2tsMFzMBklznMjhc0CXQ=; b=YBqu+Pt7EqzsiW1RmpWTy5vwx/GN/+MGnR5YNygOXHpS/qkGsmqn0l2iHiWASvc6gq Z0CdCglOaCM3QXfkfLPMlbFiAcqPvQj2PSAD+Sb+CI7EfTBQjodCv1tLZ3hdMQnp0Z/6 GIMjVmMZQmX2YPcAb9QAmhtuXIhifYHykMYrIXHkZrKbUkTSUdBZrCNTNRtAlV9ZNw2T bnSEH+F2Re6vV16wtvB+4lR0hNcfCAgc/s+mDUT8tcUnlG7kZRTHXGotHdsruHA8PSXl S/607FY01azDeDUIGi7XbGEB4/30dynKt/by3SDMY+uAVU7cnj21L3xw5BgcAnNdJvEg dp/w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=rDtwYt9e; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o184si8460490pgo.591.2018.11.09.17.49.35; Fri, 09 Nov 2018 17:49:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@joelfernandes.org header.s=google header.b=rDtwYt9e; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728368AbeKJLca (ORCPT + 99 others); Sat, 10 Nov 2018 06:32:30 -0500 Received: from mail-pg1-f195.google.com ([209.85.215.195]:43674 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728130AbeKJLca (ORCPT ); Sat, 10 Nov 2018 06:32:30 -0500 Received: by mail-pg1-f195.google.com with SMTP id n10-v6so1586765pgv.10 for ; Fri, 09 Nov 2018 17:49:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=joelfernandes.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=0lDTTnRz1Cu4Oscn2W4VK8h2tsMFzMBklznMjhc0CXQ=; b=rDtwYt9ehQgvItQ/LiK74/hRP8chNZBRF3SpmOayofveXOF8JaFtiXHLpkvXJxTp64 J5V83W3uA8rdZnCUoAhrRkhp9IlCliF2XODQuH1jDptCQd0QxzdJrOig1tzGPq8Y/yMl DeuJkq8aV1maJgeoTxOIc2PNHV3VTXINmdFC4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=0lDTTnRz1Cu4Oscn2W4VK8h2tsMFzMBklznMjhc0CXQ=; b=bwmHtfTDDCRTiqusSTmnu7eYs1Ga1zQo6j32mj2jDDq9h/I/ZqTW/qLQPWLgXuGP2C OybtJJfxPIXtUn99cga7epEfib0RadFTgSGkfYYAs2WZH13GmgDqqr4Q8/OCe/41LsNo yKok6l8LfEuS8JVyS9Kys33JCJxEObZxdvaz9Yp0Jw7TQEN20JyQpLAg/qNl2P/3RAbC 9HDDoMHsJqhZ3g548h7ErqmPzykvdHF3WIghVo26DPWIIqW1Hfr4MtjQl7hM5gZYrImM oJ6sMB2AAFT38dGHQ6RUA2s48TAnaF/1y2z4h68XMtzwoqwMPjRok7rChYm3Wi1U0GTI o6bA== X-Gm-Message-State: AGRZ1gJpcnkO3drlBZD3mTL2GjxjRdltVFaD0hMq8xwCvyHoUVMRVPii oQ6tjr6drYxy2enM6o9VDdqRjg== X-Received: by 2002:a62:114c:: with SMTP id z73-v6mr11048963pfi.192.1541814554993; Fri, 09 Nov 2018 17:49:14 -0800 (PST) Received: from localhost ([2620:0:1000:1601:3aef:314f:b9ea:889f]) by smtp.gmail.com with ESMTPSA id o1sm10335882pgn.63.2018.11.09.17.49.13 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 09 Nov 2018 17:49:14 -0800 (PST) Date: Fri, 9 Nov 2018 17:49:13 -0800 From: Joel Fernandes To: Michael Tirado Cc: Andy Lutomirski , Jann Horn , LKML , jreck@google.com, john.stultz@linaro.org, tkjos@google.com, gregkh@linuxfoundation.org, hch@infradead.org, viro@zeniv.linux.org.uk, Andrew Morton , dancol@google.com, bfields@fieldses.org, jlayton@kernel.org, khalid.aziz@oracle.com, Lei.Yang@windriver.com, linux-fsdevel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, marcandre.lureau@redhat.com, mike.kravetz@oracle.com, minchan@kernel.org, shuah@kernel.org, valdis.kletnieks@vt.edu, hughd@google.com, linux-api@vger.kernel.org Subject: Re: [PATCH v3 resend 1/2] mm: Add an F_SEAL_FUTURE_WRITE seal to memfd Message-ID: <20181110014913.GA202500@google.com> References: <20181108041537.39694-1-joel@joelfernandes.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 09, 2018 at 08:02:14PM +0000, Michael Tirado wrote: [...] > > > That aside: I wonder whether a better API would be something that > > > allows you to create a new readonly file descriptor, instead of > > > fiddling with the writability of an existing fd. > > > > Every now and then I try to write a patch to prevent using proc to reopen > > a file with greater permission than the original open. > > > > I like your idea to have a clean way to reopen a a memfd with reduced > > permissions. But I would make it a syscall instead and maybe make it only > > work for memfd at first. And the proc issue would need to be fixed, too. > > IMO the best solution would handle the issue at memfd creation time by > removing the race condition. I agree, this is another idea I'm exploring. We could add a new .open callback to shmem_file_operations and check for seals there. thanks, - Joel