Received: by 10.223.164.221 with SMTP id h29csp74439wrb; Fri, 3 Nov 2017 10:42:45 -0700 (PDT) X-Google-Smtp-Source: ABhQp+QyGcKoRyxvpkRAlM4FoodinGznJNEDcu5dk4eYlAys7bSsduhlljqtRAvmddBps3v1l/fU X-Received: by 10.84.160.226 with SMTP id v31mr7513346plg.302.1509730965397; Fri, 03 Nov 2017 10:42:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509730965; cv=none; d=google.com; s=arc-20160816; b=zL1gYEdgZRHWeG3qefa/eE7X25iXtgK13+50rKVUC1ZjUKbGAzp/3J029dUenzP1I2 fTSbT87V3wygheQCaitlu9DAftxw9a0JQkS+ZZXSRc+tcWFcPf34toD56PAXeIV0bOZj gHtBfrONdzTAwh4PBSkcgK8jEHH0KLfFn7kTBI/aiG10kZoQYUx7vT/buw57Pz1GZjEF gy470XxsUPFYiC/bWhpuyEi9Svdkt0nvGosW7J88egu1LkJXsLqhXmzmkc8PsiyhW2LW ebw4lOWbckyaEmgIm1ylG2ghVZ68zsuh7mNu/ySiCOnvMYK0Dd5/ZcNB2Xrs4U8hGIts KWug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=U7p/+s40PIBEB9Gz5G5maIHv6nqpsxnZa78zgktxi14=; b=Yvwvq7Lf0LOZCkr8dQlvesfb9oE1+NM59pEVa2eR76KixPUGfPIJfjSE2oXBGPBxpB X8SGoPxBGthSvH2fWdogj+vxzTrajNHqOeHe5iozdxnIYUHVjFq5GCvVHqlttQN4lDJx trkdcdRlw/1kvVSZxnk8mRvdsM1/3ib2S80Ge9dKp+EEgEd35kDBHlt6SWSm2xi0pkTW uGYOBzvN9nnU11TR82JwH4ZyfchPywNcX7UBfbpQTPSJYKhJ16zijxa51K8/fB6p/U3M MZH2g24l75NrmwaD3tfzpY91GavDVCYX4gus6aUbxryavNQiG/7LwwFPppOp+DvzFbOV 5DWg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uNOK7liH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l5si4514477plk.103.2017.11.03.10.42.32; Fri, 03 Nov 2017 10:42:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=uNOK7liH; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756018AbdKCRlw (ORCPT + 93 others); Fri, 3 Nov 2017 13:41:52 -0400 Received: from mail-io0-f196.google.com ([209.85.223.196]:49487 "EHLO mail-io0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751381AbdKCRlv (ORCPT ); Fri, 3 Nov 2017 13:41:51 -0400 Received: by mail-io0-f196.google.com with SMTP id n137so7924462iod.6 for ; Fri, 03 Nov 2017 10:41:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=U7p/+s40PIBEB9Gz5G5maIHv6nqpsxnZa78zgktxi14=; b=uNOK7liHsI4NED23shr1PXPCjuzOJaPGjAz3PNQ6GYpd69vfrPK4GM8m1iTpYABHxT sT+JD6jX1vd/H3NIxcz2b5Rwvu6upwbeDfArl1PR+yD8P75CyuQ3rE1fWlk5F/ygJBYS UxJw71pJtceeeMttyZ9EjqwLKMG/bAU2isfsBOmbcbKCBMzlS8lnyt4rah+lRX7WhHM6 hBpVPUW4kL7j6lf/lsxHqs7lafb0IBrj5CJmkuOr3f0xHBwrYa687Im4RA6jQB73VO56 7rx7EP5qKtFq375mqarpeCY2LjIfFmAEvEhuTNtVpW+m60oY3ucs5/1JFNdP7EfW74s+ PtLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=U7p/+s40PIBEB9Gz5G5maIHv6nqpsxnZa78zgktxi14=; b=bOFa9mfGX1dAQ5JRniqMOLoLog3afLwMfLx1FA8IC8BjtSvK+byPqBxiW7VF2L3tdq M6tptkTvbPbyfGWn8kg1MPzPlkm00JoasFzG5+m2mr2EY8wcnNb3GOOZWbUyIvOE17Zb ZM0YSXse7XBswUy0fuyPIeZTcJCtwIj45flKO7y0ooqCI64rFo+uBJi//nxLAqjMgpXp tm3nlIgXCPs9Ao4age7d2qPvIwiF1KD39aUg+KdDfcm14H6Z04hEyNuW8n+p7d4Xs89U Ngqatzn6P3ojKkWxx8G/xV6zYdwqxRNi1KlBDUeDxinodXBuWcgFZJDKmEBk1bH8J4c/ vKbA== X-Gm-Message-State: AJaThX6cBMq19UPS/7pLeD+i5wMRDspY5Bj8X8d2PYrIqTFrodegSML1 5msrGJC4zKd8z1XPngIsResQ540WC4/i7faywtY= X-Received: by 10.107.138.204 with SMTP id c73mr9573357ioj.91.1509730910486; Fri, 03 Nov 2017 10:41:50 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.53.76 with HTTP; Fri, 3 Nov 2017 10:41:50 -0700 (PDT) In-Reply-To: References: <20171031184052.25253-1-marcandre.lureau@redhat.com> <20171031184052.25253-5-marcandre.lureau@redhat.com> From: David Herrmann Date: Fri, 3 Nov 2017 18:41:50 +0100 Message-ID: Subject: Re: [PATCH 4/6] hugetlbfs: implement memfd sealing To: Mike Kravetz Cc: =?UTF-8?B?TWFyYy1BbmRyw6kgTHVyZWF1?= , linux-mm , linux-kernel , aarcange@redhat.com, Hugh Dickins , nyc@holomorphy.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi On Fri, Nov 3, 2017 at 6:12 PM, Mike Kravetz wrot= e: > On 11/03/2017 10:03 AM, David Herrmann wrote: >> Hi >> >> On Tue, Oct 31, 2017 at 7:40 PM, Marc-Andr=C3=A9 Lureau >> wrote: >>> Implements memfd sealing, similar to shmem: >>> - WRITE: deny fallocate(PUNCH_HOLE). mmap() write is denied in >>> memfd_add_seals(). write() doesn't exist for hugetlbfs. >>> - SHRINK: added similar check as shmem_setattr() >>> - GROW: added similar check as shmem_setattr() & shmem_fallocate() >>> >>> Except write() operation that doesn't exist with hugetlbfs, that >>> should make sealing as close as it can be to shmem support. >> >> SEAL, SHRINK, and GROW look fine to me. >> >> Regarding WRITE > > The commit message may not be clear. However, hugetlbfs does not support > the write system call (or aio). The only way to modify contents of a > hugetlbfs file is via mmap or hole punch/truncate. So, we do not really > need to worry about those special (a)io cases for hugetlbfs. This is not about the write(2) syscall. Please consider this scenario about shmem: You create a memfd via memfd_create() and map it writable. You now call another kernel syscall that takes as input _any mapped page range_. You pass your mapped memfd-addresses to it. Those syscalls tend to use get_user_pages() to pin arbitrary user-mapped pages, as such this also affects shmem. In this case, those pages might stay mapped even if you munmap() your memfd! One example of this is using AIO-read() on any other file that supports it, passing your mapped memfd as buffer to _read into_. The operations supported on the memfd are irrelevant here. The selftests contain a FUSE-based test for this, since FUSE allows user-space to GUP pages for an arbitrary amount of time. The original fix for this is: commit 05f65b5c70909ef686f865f0a85406d74d75f70f Author: David Herrmann Date: Fri Aug 8 14:25:36 2014 -0700 shm: wait for pins to be released when sealing Please have a look at this. Your patches use shmem_add_seals() almost unchanged, and as such you call into shmem_wait_for_pins() on hugetlbfs. I would really like to see an explicit ACK that this works on hugetlbfs. Thanks David From 1583065925367281602@xxx Fri Nov 03 17:15:14 +0000 2017 X-GM-THRID: 1582799756524927158 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread