Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp5051150ybc;
        Tue, 26 Nov 2019 20:26:05 -0800 (PST)
X-Google-Smtp-Source: APXvYqyM3CFhE5WVU+58GT0vZPrVlZA3B55ukoiwSaPggc/4QUFN79YUYb7u7FdcfNAgONZ/UobV
X-Received: by 2002:aa7:c990:: with SMTP id c16mr29789028edt.91.1574828765398;
        Tue, 26 Nov 2019 20:26:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1574828765; cv=none;
        d=google.com; s=arc-20160816;
        b=n7mwjpJ8nRUk/MzpBdZuyYt62S8srI+kSzZ15v8apW3qLub/8jJiJ5NtTW7RBKJJuv
         L/QAkcqUqY9TdKEv9poQBMnnAEzKd5Bv9J8OYu7HZjUBz9HbfcRyHGPnzWt7bkqxZwTT
         rUpYHd7g9qqjqz+eAf+Wh7hH8EhIOv+CUMwFeGXxTq+o3ffm/LwD9wKUSjPJ/RIRibsh
         BC6y55g3yHC2gNNKJdl0V5M8EXLU1ytYMXAYOlROrp9qEWBGhOCkda1doH0DlfbGZrL1
         NRD9EMNbBE8UoWIg8MjZpDMeL9xWyw0m/rvaG78GfQnu5uJuFeiubqBJFGv/OpSMCHAL
         PoAg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date:dkim-signature;
        bh=cruZnOIQhNKwaUdTnpxXaRkPPQIJLlnQzi55bfc1FDk=;
        b=e1Oewb7DRpC02yl4TH5lvE+WRF2sPkeRkI+nmZUDiXCjdR0fAtCl3gJhg9XxBBW2/h
         8HN4JjFpzSN91doIijoHEW3Ic+c+naKnk4peqrlgv7yS+7VYvGUOZw94MrqbsppI2SDB
         ogIUoSZpvVQuesIDPtbcARxVyvc0g1LCEgLNdk8TxtYmLvFPboKoI1UXRXlvRNTCnqiB
         rQ7Ba8Wul4AF6h+a8wvBPl6JbWtI46WIfqXrxL0hg9if427XjW5bgcVYVd5fAy12Ys47
         kUhH2zcIAX8sAXJ7jpMW1fk8ZowFq5ufUgSeaRS+NmUeRDbVZvHvOMVHISpw16CY8yPt
         rNdA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="Uov/dvVa";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f6si8584185ejx.0.2019.11.26.20.25.41;
        Tue, 26 Nov 2019 20:26:05 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b="Uov/dvVa";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727746AbfK0EYp (ORCPT <rfc822;lunatang2017@gmail.com>
        + 99 others); Tue, 26 Nov 2019 23:24:45 -0500
Received: from mail-pf1-f195.google.com ([209.85.210.195]:41562 "EHLO
        mail-pf1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727738AbfK0EYo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 26 Nov 2019 23:24:44 -0500
Received: by mail-pf1-f195.google.com with SMTP id s18so1748077pfd.8
        for <linux-kernel@vger.kernel.org>; Tue, 26 Nov 2019 20:24:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:from:to:cc:subject:in-reply-to:message-id:references
         :user-agent:mime-version;
        bh=cruZnOIQhNKwaUdTnpxXaRkPPQIJLlnQzi55bfc1FDk=;
        b=Uov/dvVa+NFZre/Pxa63oFagioekbzhykEY9uC1NgQlWTmDe3MrzWWvy9Zt7KnD6nx
         JcVzMDenZzT9Jy1ubkKHf4lG9QRkvegs3efFfrUdj94O6iXMUYwg7qGxuxwubrPMXHLh
         rOgkOXAbP2OWyoEm0pSD8uHT3ho5NZhpHXOX8Hwqi5J+clekJ8dcIy/v6pAwSwpQeoeo
         9O8DofPw1gzKIJN0IpXwOxovlThNUTHxlGD/qdUnnlsoGJhuzCVHEhzFgFdVt3ljBxfV
         Fi4xdxIGx/VCFqVhmJLESMIFOZfA2bfnQmzo0CSx2RT5O7+HSjNXziEKEuP8qo4noLzf
         45/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id
         :references:user-agent:mime-version;
        bh=cruZnOIQhNKwaUdTnpxXaRkPPQIJLlnQzi55bfc1FDk=;
        b=WkGcSkpAZo9rPV33tepkGO/kGVuIF557u1cUBZG43bYXKjSwgScxVlPnWlQR9HVdeg
         37Ac2jL3/MCFxEv4KSauHbVDvHrOCPic4RYncSPWFYmNeGMiqpS+aapCUSDVQi4ZqbTg
         CcLegOBkvxi5fVFFdB6LGu7LE078vxyiyAxlyIMW+ZgbQsgMh56JaUgaB885OnAHbVl7
         xTp9limlrTA1b2T2AhoCe0zhrhFwXChJIbFz93GOJV/K3F84Tz5/8bPF65hkJTxYMrai
         Zr3OQnvUVG9ZxdRWG9PvIuxD7K4+y2F3ZUoA6qfC3fsH8iMZ4OJTTlFLBiTHP5Z+kqkv
         Zs6g==
X-Gm-Message-State: APjAAAV8v+d7Ei8BXkBVvNsqBRMzhWSZ2OX9jqlu5/y891DoAinQu8Xb
        P6lRgxBVEVEaHGBuMp/4tETKDQ==
X-Received: by 2002:a63:391:: with SMTP id 139mr2597363pgd.40.1574828682962;
        Tue, 26 Nov 2019 20:24:42 -0800 (PST)
Received: from [100.112.92.218] ([104.133.9.106])
        by smtp.gmail.com with ESMTPSA id e10sm4536872pfm.3.2019.11.26.20.24.42
        (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Tue, 26 Nov 2019 20:24:42 -0800 (PST)
Date:   Tue, 26 Nov 2019 20:24:32 -0800 (PST)
From:   Hugh Dickins <hughd@google.com>
X-X-Sender: hugh@eggly.anvils
To:     yu kuai <yukuai3@huawei.com>
cc:     hughd@google.com, akpm@linux-foundation.org, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        yi.zhang@huawei.com, zhengbin13@huawei.com
Subject: Re: [PATCH] mm/shmem.c: don't set 'seals' to 'F_SEAL_SEAL' in
 shmem_get_inode
In-Reply-To: <20191127040051.39169-1-yukuai3@huawei.com>
Message-ID: <alpine.LSU.2.11.1911262008330.2204@eggly.anvils>
References: <20191127040051.39169-1-yukuai3@huawei.com>
User-Agent: Alpine 2.11 (LSU 23 2013-08-11)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 27 Nov 2019, yu kuai wrote:

> 'seals' is set to 'F_SEAL_SEAL' in shmem_get_inode, which means "prevent
> further seals from being set", thus sealing API will be useless and many
> code in shmem.c will never be reached. For example:

The sealing API is not useless, and that code can be reached.

> 
> shmem_setattr
> 	if ((newsize < oldsize && (info->seals & F_SEAL_SHRINK)) ||
> 	    (newsize > oldsize && (info->seals & F_SEAL_GROW)))
> 		return -EPERM;
> 
> So, initialize 'seals' to zero is more reasonable.
> 
> Signed-off-by: yu kuai <yukuai3@huawei.com>

NAK.

See memfd_create in mm/memfd.c (code which originated in mm/shmem.c,
then was extended to support hugetlbfs also): sealing is for memfds,
not for tmpfs or hugetlbfs files or SHM.  Without thinking about it too
hard, I believe that to allow sealing on tmpfs files would introduce
surprising new behaviors on them, which might well raise security issues;
and also be incompatible with the guarantees intended by sealing.

> ---
>  mm/shmem.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 165fa6332993..7b032b347bda 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2256,7 +2256,6 @@ static struct inode *shmem_get_inode(struct super_block *sb, const struct inode
>  		memset(info, 0, (char *)inode - (char *)info);
>  		spin_lock_init(&info->lock);
>  		atomic_set(&info->stop_eviction, 0);
> -		info->seals = F_SEAL_SEAL;
>  		info->flags = flags & VM_NORESERVE;
>  		INIT_LIST_HEAD(&info->shrinklist);
>  		INIT_LIST_HEAD(&info->swaplist);
> -- 
> 2.17.2