Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1388498imu; Wed, 23 Jan 2019 16:26:16 -0800 (PST) X-Google-Smtp-Source: ALg8bN6sipyc5xU3hwlax8njxrq1FEn4KMkPQsYx21X1IcCwuCs2ICF3L/2PzgCJb1Wt7aiVrgZx X-Received: by 2002:a62:55c4:: with SMTP id j187mr4178160pfb.129.1548289576656; Wed, 23 Jan 2019 16:26:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548289576; cv=none; d=google.com; s=arc-20160816; b=XVYSMonMHE2gWlmao/8qzVfJHpCaW5fAvtutkZZDlMXlBsKUg1DvqtCMx9CiRlrMdf IxjJx3rs3PKxxtkTqlaV7oT0U4+ahD7wIdv2SN6oRgSFyy6/rOFV5nOhIj/1syXxEMLQ FfbCY8Nh94Bpew0IS5u/s8CaqheWVyyAGj9S1KmKS1W80sPja6JaMgVzZh5OlrVIRbbR E8wvzmeoHoLGF8cJnLHlGi7uyuyFUCNXryKUqaPl7D/KzpY3HnUUsWFrNXMAQ33p/LxI /XZqR8JC9mcoObKrNeTSUMv/5CwlSACA2s2nDFcSKBMHfhuDZdFlymiwZsMwLB8K3/ko xcQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:message-id:subject:cc:to:from:date; bh=I3r3DkQQ6YTVdI8ZHB/JHQ1Av9j9Y5i3LsMUu1avdYU=; b=Y2K1T4lR8eocH0tdFUyuGCJwLjcbkJJm6w5r1dN4bQbYN2envF5ACD5vDv8dCHcRSt JafRful3Tm+R2JVg4JP3ZIPiX0qcPOgJWUhIgbmdgeF3211+BRuIInUYRGcWtyGVGAn8 By+YJnxJJFmot74RAk3ZOop09YNyTUA2x8ohoeM/VwhRTLz0KEuEd+g825U6k+Dg2DVH W+HHxzhOvI3ShNvYcOCQIWDwtnEHb6FNJQ14GY+xGChQY/eseM6NTasv0O3vrImJtC22 GJGKo7ycmQWvJHgJmbfQZQG/QDGcZHO+svMHyhFCzz9g6cAJWnh4Kc7/DnWgIZtpQNFB bUdw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v19si20297096pfa.80.2019.01.23.16.26.01; Wed, 23 Jan 2019 16:26:16 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727059AbfAXAZQ (ORCPT + 99 others); Wed, 23 Jan 2019 19:25:16 -0500 Received: from nautica.notk.org ([91.121.71.147]:48134 "EHLO nautica.notk.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726078AbfAXAZP (ORCPT ); Wed, 23 Jan 2019 19:25:15 -0500 Received: by nautica.notk.org (Postfix, from userid 1001) id E96C1C009; Thu, 24 Jan 2019 01:25:10 +0100 (CET) Date: Thu, 24 Jan 2019 01:24:55 +0100 From: Dominique Martinet To: Linus Torvalds , Jiri Kosina Cc: Andy Lutomirski , Josh Snyder , Dave Chinner , Matthew Wilcox , Jann Horn , Andrew Morton , Greg KH , Peter Zijlstra , Michal Hocko , Linux-MM , kernel list , Linux API Subject: Re: [PATCH] mm/mincore: allow for making sys_mincore() privileged Message-ID: <20190124002455.GA23181@nautica> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Linus Torvalds wrote on Thu, Jan 24, 2019: > I've reverted the 'let's try to just remove the code' part in my tree. > But I didn't apply the two other patches yet. Any final comments > before that should happen? I mentionned when sending the updated version that just checking file permission might not be enough, e.g. a git tree is full of read-only objects that someone might want to preload and think we might really want to check both despite the overhead in the denied case. Josh agreed and I meant to send a new version since nothing was happening but work priorities got the better of me, and I was kind of waiting for the ltp testcases[1] as well because aside from the few tests I ran by hand I'm not sure the few hours of ltp/xfstests Jiri ran did much but this is probably going to be a chicken-or-egg problem.. [1] https://github.com/linux-test-project/ltp/issues/461 Jiri Kosina wrote on Thu, Jan 24, 2019: > On Thu, 24 Jan 2019, Linus Torvalds wrote: > > > Side note: the inode_permission() addition to can_do_mincore() in that > > patch 0002, seems to be questionable. We do > > > > +static inline bool can_do_mincore(struct vm_area_struct *vma) > > +{ > > + return vma_is_anonymous(vma) > > + || (vma->vm_file && (vma->vm_file->f_mode & FMODE_WRITE)) > > + || inode_permission(file_inode(vma->vm_file), MAY_WRITE) == 0; > > +} > > > > note how it tests whether vma->vm_file is NULL for the FMODE_WRITE > > test, but not for the inode_permission() test. > > > > So either we test unnecessarily in the second line, or we don't > > properly test it in the third one. > > > > I think the "test vm_file" thing may be unnecessary, because a > > non-anonymous mapping should always have a file pointer and an inode. > > But I could imagine some odd case (vdso mapping, anyone?) that > > doesn't have a vm_file, but also isn't anonymous. > > Hmm, good point. > > So dropping the 'vma->vm_file' test and checking whether given vma is > special mapping should hopefully provide the desired semantics, shouldn't > it? I think it's probably better to keep this simple, if we're going to check something before accessing vm_file we might as well directly check it. I was thinking of something along the lines of: return vma_is_anonymous(vma) || (vma->vm_file && (inode_owner_or_capable(file_inode(vma->vm_file)) || inode_permission(file_inode(vma->vm_file), MAY_WRITE) == 0)); I dropped the first f_mode check because none of the known mincore users open the files read-write, and the check is redundant with inode_permission() so while it would probably be an optimisation in some cases I do not think it is useful in practice. On the other hand, I have no idea how expensive the inode_permission and owner checks really are - do they try to refresh attributes on a networked filesystem or would it trust the cache or is it fs dependant? Honestly this is more a case of "the people who's be interested in seeing this have no idea what they're doing" than lack of interest.. I wouldn't mind if there were tests doing mincore on a bunch of special files/mappings but I just tried on a few regular files by hand, this isn't proper coverage; I'll try to take more time to test various mappings today (JST). Thanks, -- Dominique