Received: by 10.223.164.200 with SMTP id h8csp101946wrb;
        Sun, 5 Nov 2017 04:08:08 -0800 (PST)
X-Google-Smtp-Source: ABhQp+TGMKjlekWuvr3GW0Jq3nGu8FUcD3Opw3raItCOibbKWb/9yo9Ou6qGKzHxuKJ+jQfub0jw
X-Received: by 10.84.217.206 with SMTP id d14mr11760298plj.62.1509883688207;
        Sun, 05 Nov 2017 04:08:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1509883688; cv=none;
        d=google.com; s=arc-20160816;
        b=UNFemVus/rxfI2c0sJmCEeT75gxZTmnGR5xfCc+gODNlej2df8yXBwXqz5H3HQVPHC
         JT0J4H9yTAFdmDuIcKaH0/yN20zkJwyh55miPqrY9Z7HdWPFLYC3M6gNpzi7WfNHFs3Y
         KNhCtGKmbMpJyaCmUB2RruLQmdZLKGaH0tjGAsvEws8ZD4cbkTauxNWNUMQJq7o4qCa5
         +i2Tn4CPn27JnN8HAY5yybJYPwRWi355Tz/kPWswzBJPxs5cb1kH8S/bmKMdWxzCGATL
         dCb629KhBX8LMV85qpknUoY9FEC4FCFdywNGkmFr+fcrYD9K25E0uAu40iTkL5CgdT5S
         fVaQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:arc-authentication-results;
        bh=x6tqBCnS5E7kMQC2IQQQ1XijArp6scIeLIoGSVG59D0=;
        b=fNINNvozeM0XdGDBUn36440uJAnSM6G0uLMgb0FSs2vq7utjeIuBP25kskKvhHSAeH
         /NVGyQ5tb1jB/H+VPbnCs4BWIY4n5gCr8qOGGUdaXv6q4fpgVVWoYnH3FaICZjkdCA3h
         kYEh5DJJVNQF+fv6A6Ntbki3B8rnJYhyeSKRCYIVgTAL3TBbS7PoBaPOjGhTm8Eh7t0C
         +J4dbB9X8fKvnGK3Qt+1ljbo5lZiJb3LoHAIphAukJ+XUZmmvIDRPigrjjcSE+FU8ouM
         1YiXc5Iw0Srnr5Izcu3xHyqZ7mKeMucZjQJ4oSQ9UEX1k4EU5eXgWS+vfYA6hbOFkXar
         ynpw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=b321mMAD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b73si9955941pga.432.2017.11.05.04.07.53;
        Sun, 05 Nov 2017 04:08:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=b321mMAD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751658AbdKEMHR (ORCPT <rfc822;ttoukan.linux@gmail.com>
        + 97 others); Sun, 5 Nov 2017 07:07:17 -0500
Received: from mail-io0-f193.google.com ([209.85.223.193]:48105 "EHLO
        mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750725AbdKEMHQ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 5 Nov 2017 07:07:16 -0500
Received: by mail-io0-f193.google.com with SMTP id h70so12951348ioi.4
        for <linux-kernel@vger.kernel.org>; Sun, 05 Nov 2017 04:07:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=x6tqBCnS5E7kMQC2IQQQ1XijArp6scIeLIoGSVG59D0=;
        b=b321mMADQiGLjesVv/NNTYm5ehxjdxAOZQsv6Ha08FTBvvomHVkgj/3RdHurC4OjoA
         CCbkrxTQo1rUpYQw/cXl9jg+Q4p8wrLzwfkmD23hn8VmWz+d1WADfk7KygHuBRDLCAdf
         7bZniHMLukTBOFrmBdGJMNEtkQhpVWvjHyYotQAPl70e8nbdlhGkyuGtumm/gArqsd8N
         3OCQ3vhWnwVlMR+OF3iWQsbc2oXNM0vlHJFXrw1q24quOjseJLyIGvDs/4nNEoDu5RAR
         yOsmG6i0Lo26Hh8NaM3MSp3zyRS/Apaa8sP5o34H+ylX9o7NbSVbCEmiN9PcFU2njDTI
         MbsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=x6tqBCnS5E7kMQC2IQQQ1XijArp6scIeLIoGSVG59D0=;
        b=bkQl7c6caXYbp7LYQvAnO0XqJ7nRT3PAr3u0IwhjDdgfIQJaxlnVvInQB2VKYMiF0z
         gKkHCgRdnGzHK4u4Wzd5BUzaeVpQYR151QiMpWhgMfLZDA0WWZbr90zkX704P5ihvVtd
         j0Ib4zLDPOhlweWgrAVMBHstsOcoNMGz0+EBlfX9BOZgaBkAnI6ONBoCYc19IakPC4DX
         8c57LXyfDMaeTqaNiL237tFREqa5bgO4aIoAlsBJPGYJbFDWP2764eIGGM2/pRSZ1BD8
         lgl/JPlh+nN0JB5LDhHTTqxB8+7sT8cCvFevGfZ8zWNvF1qF8gIL37HtogQwrD6El55/
         lgCA==
X-Gm-Message-State: AMCzsaUSeHx5P7D6KlW4gzbw2mcNmptk2IHgGP6RlKXR17MOw+K7wTrp
        Og+iCV018HSWKI2iqkmL53b5KgW2N82Z5iwO4aA=
X-Received: by 10.107.111.2 with SMTP id k2mr15485512ioc.39.1509883635386;
 Sun, 05 Nov 2017 04:07:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.53.76 with HTTP; Sun, 5 Nov 2017 04:07:15 -0800 (PST)
In-Reply-To: <c6c1c10f-a572-bdda-fe5d-5c28ce1c7a11@oracle.com>
References: <20171031184052.25253-1-marcandre.lureau@redhat.com>
 <20171031184052.25253-5-marcandre.lureau@redhat.com> <CANq1E4SC8Hi4h9hxUM70+qOL4K95cXuMF9DKGw4dGhfmktrqsA@mail.gmail.com>
 <ca908533-2905-e28a-db3a-c3cf9c98bbed@oracle.com> <CANq1E4Tb5zuMxwuHFjLBJ==H219ucmO2=V7iM+K7AAuY-iinoQ@mail.gmail.com>
 <15b59408-7c4d-bbdb-7573-5789faa05e6c@oracle.com> <c6c1c10f-a572-bdda-fe5d-5c28ce1c7a11@oracle.com>
From:   David Herrmann <dh.herrmann@gmail.com>
Date:   Sun, 5 Nov 2017 13:07:15 +0100
Message-ID: <CANq1E4Q7FVpW8a_M2zzrmu+ZryLskVdpSffcPXEax2rPNubhuw@mail.gmail.com>
Subject: Re: [PATCH 4/6] hugetlbfs: implement memfd sealing
To:     Mike Kravetz <mike.kravetz@oracle.com>
Cc:     =?UTF-8?B?TWFyYy1BbmRyw6kgTHVyZWF1?= <marcandre.lureau@redhat.com>,
        linux-mm <linux-mm@kvack.org>,
        linux-kernel <linux-kernel@vger.kernel.org>, aarcange@redhat.com,
        Hugh Dickins <hughd@google.com>, nyc@holomorphy.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi

On Sat, Nov 4, 2017 at 12:31 AM, Mike Kravetz <mike.kravetz@oracle.com> wro=
te:
> On 11/03/2017 10:56 AM, Mike Kravetz wrote:
>> On 11/03/2017 10:41 AM, David Herrmann wrote:
>>> Hi
>>>
>>> On Fri, Nov 3, 2017 at 6:12 PM, Mike Kravetz <mike.kravetz@oracle.com> =
wrote:
>>>> On 11/03/2017 10:03 AM, David Herrmann wrote:
>>>>> Hi
>>>>>
>>>>> On Tue, Oct 31, 2017 at 7:40 PM, Marc-Andr=C3=A9 Lureau
>>>>> <marcandre.lureau@redhat.com> wrote:
>>>>>> Implements memfd sealing, similar to shmem:
>>>>>> - WRITE: deny fallocate(PUNCH_HOLE). mmap() write is denied in
>>>>>>   memfd_add_seals(). write() doesn't exist for hugetlbfs.
>>>>>> - SHRINK: added similar check as shmem_setattr()
>>>>>> - GROW: added similar check as shmem_setattr() & shmem_fallocate()
>>>>>>
>>>>>> Except write() operation that doesn't exist with hugetlbfs, that
>>>>>> should make sealing as close as it can be to shmem support.
>>>>>
>>>>> SEAL, SHRINK, and GROW look fine to me.
>>>>>
>>>>> Regarding WRITE
>>>>
>>>> The commit message may not be clear.  However, hugetlbfs does not supp=
ort
>>>> the write system call (or aio).  The only way to modify contents of a
>>>> hugetlbfs file is via mmap or hole punch/truncate.  So, we do not real=
ly
>>>> need to worry about those special (a)io cases for hugetlbfs.
>>>
>>> This is not about the write(2) syscall. Please consider this scenario
>>> about shmem:
>>>
>>> You create a memfd via memfd_create() and map it writable. You now
>>> call another kernel syscall that takes as input _any mapped page
>>> range_. You pass your mapped memfd-addresses to it. Those syscalls
>>> tend to use get_user_pages() to pin arbitrary user-mapped pages, as
>>> such this also affects shmem. In this case, those pages might stay
>>> mapped even if you munmap() your memfd!
>>>
>>> One example of this is using AIO-read() on any other file that
>>> supports it, passing your mapped memfd as buffer to _read into_. The
>>> operations supported on the memfd are irrelevant here.
>>> The selftests contain a FUSE-based test for this, since FUSE allows
>>> user-space to GUP pages for an arbitrary amount of time.
>>>
>>> The original fix for this is:
>>>
>>>     commit 05f65b5c70909ef686f865f0a85406d74d75f70f
>>>     Author: David Herrmann <dh.herrmann@gmail.com>
>>>     Date:   Fri Aug 8 14:25:36 2014 -0700
>>>
>>>         shm: wait for pins to be released when sealing
>>>
>>> Please have a look at this. Your patches use shmem_add_seals() almost
>>> unchanged, and as such you call into shmem_wait_for_pins() on
>>> hugetlbfs. I would really like to see an explicit ACK that this works
>>> on hugetlbfs.
>>
>> Thanks for the explanation.  I missed that in your first reply.  I'll
>> look into this for hugetlbfs.
>
> I reviewed the routines in the above commit and did not see anything that
> would prevent them from working properly with hugetlbfs.  I modified the
> fuse test to use hugetlbfs based mapping.  I also instrumented the above
> routines and verified that tags were set/checked/cleared as designed for
> hugetlb pages.  So, that is an ACK on working with hugetlbfs.
>
> This does bring up the point that the fuse seals test should also be
> modified to work with hugetlbfs as part of this series.

Perfect! Looks all good to me then!

Thanks
David

From 1583089636800001514@xxx Fri Nov 03 23:32:07 +0000 2017
X-GM-THRID: 1582799756524927158
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread