Received: by 10.223.164.221 with SMTP id h29csp37532wrb; Fri, 3 Nov 2017 10:05:27 -0700 (PDT) X-Google-Smtp-Source: ABhQp+TzElVtFGiwih2/Jaa9JZKdQ8bqMtQ9k8Tz87hoJDVWEFILiJlMgSJBU4lx7UnBsuyC6eqS X-Received: by 10.159.194.135 with SMTP id y7mr7478709pln.33.1509728727103; Fri, 03 Nov 2017 10:05:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1509728727; cv=none; d=google.com; s=arc-20160816; b=ZCCW7+rbFWRq/AFOJxUeGkezvRt/9OTHJw2LszDrfc/H0co9VUw845a/UeJyJyjOXC XbwhtAbSHndlFebsAf6/Dtm7K/C6XLI6PdpDnAkcrc39CwzD+JyrIcis/onVaJwRknTS qn6gwZCUHwKx8HCh9UVL7rS+voFTfwjcJjpFfcWXDhQRTom8HmVUL2n44EBiBV3oGfpj btdW8cJ+83OScRnAcKydmi5Tpn8bVVHwAGtduOougfBfLpMgUA6FYcnTeuYUcsxmU1fA TzkCUHOovUQf4aqwWkG8hN1yv0lUrVmuKPq9w0iFXkjJJfQdChC7fRdjtbuA1iDqLRy+ nqVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature:arc-authentication-results; bh=R4BJReJ/d2bvLTQ+a/kxl5uG7TFwnKJpWrYt24gwjBI=; b=FoWovhBH8C5rRHtRGVGx2YhGuq/At1ysD/G3xEhuMcTSwBDJYH86+rDbl7jKswKXQ6 nkqSwfpXXteEFFdAzG7QAYMcs4Dw4AZt8xlx3NnbzpEG7xIVew25wGC3Wo18s98Dbe3o wFCy3LPDfRw1pOLJvvKowIyOR5B2I6iAt1EqEBkymNZ4mXdEdDVsqAVO3mmk75+NiuyV KBktDbB+FowWPOrJjgZat2RXXyh+9ctyjY7o0XFnrWy23mX1FC3P5Kl3cXM3mVPeZXq4 hC9J5RBbyXZTGIu21su0mja8Nlavkrq7lXi1TXrof3YFj1hCTJuai8BAIKBwVRRfh1xa IGyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=bBucQMJB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b9si6722693pgf.689.2017.11.03.10.05.09; Fri, 03 Nov 2017 10:05:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=bBucQMJB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756133AbdKCRD5 (ORCPT + 93 others); Fri, 3 Nov 2017 13:03:57 -0400 Received: from mail-io0-f193.google.com ([209.85.223.193]:51400 "EHLO mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752885AbdKCRD4 (ORCPT ); Fri, 3 Nov 2017 13:03:56 -0400 Received: by mail-io0-f193.google.com with SMTP id b186so7678328iof.8 for ; Fri, 03 Nov 2017 10:03:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=R4BJReJ/d2bvLTQ+a/kxl5uG7TFwnKJpWrYt24gwjBI=; b=bBucQMJBoph424897FBEQclUkZZs9Xih2fGsr6kehGJjxbd7E0P9faJJvO8C8ByvRe RSNM8fjHeuYlP7JxDCABLzbapXEJFWSBnlHsbFzAP+z7Nx3oxdd8I8jg07w6c1DaDR2H hxKV5I7GjPLPoVfWOKXDQ+u2e52ojlesBwpEKb/ft5nybD++AKNOODOOsJZv5xiIOfUg yqlMrd3zXKfVvw9CkxKgur7dYiGWLFRtTG/+nsLbpf6X0Y4RcL8KAdx1pMywa5N6i746 7ebOr/qf44WDRe6SskDrHiHlf8gAT6CMriKsrF1p3eoRtVgPDuYc+Jz+Sa5RqYIm27ia F7jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=R4BJReJ/d2bvLTQ+a/kxl5uG7TFwnKJpWrYt24gwjBI=; b=TzqbueY2rrgnnM60JOBw8dMv5DsoFn+7QBHdbHiATuiZ7TSiVMxeEE9NsQIoB88HlY G3X32Y09uHeHbR/ZfEBsCPTDqONV+/PzE4URZgOpK87b3yTBZ36bdWYU2LvskQOJCbYA lW6z25XQN+IPMm/nlwEirjiKw4xtLQSNU3guVH0sFHXhHH1frLKsNo6+jAOFVuYf9e03 iRmlkXAFi3xQiXPLa5VVa5wLf1Zp6IdvlJPonTxHBJjZ1yW+xsKeOLNJqpUIxMD8FeU0 jqE7PN+UlCQrL+A7VCyfBiip23IH3gC4UmRxsygT26cWLgB8QELj3qSLYG3bGI/HO/bf V0cQ== X-Gm-Message-State: AJaThX4gI/ZcG/YXz7sWGd7QPvGbYUyOFI321dpHC09wsG2PQj2CR/+5 yXQGVe/hqEKTmDXOxQlhKZUKh/8HS9rV9Ye++8Y= X-Received: by 10.107.138.204 with SMTP id c73mr9439595ioj.91.1509728635654; Fri, 03 Nov 2017 10:03:55 -0700 (PDT) MIME-Version: 1.0 Received: by 10.107.53.76 with HTTP; Fri, 3 Nov 2017 10:03:54 -0700 (PDT) In-Reply-To: <20171031184052.25253-5-marcandre.lureau@redhat.com> References: <20171031184052.25253-1-marcandre.lureau@redhat.com> <20171031184052.25253-5-marcandre.lureau@redhat.com> From: David Herrmann Date: Fri, 3 Nov 2017 18:03:54 +0100 Message-ID: Subject: Re: [PATCH 4/6] hugetlbfs: implement memfd sealing To: =?UTF-8?B?TWFyYy1BbmRyw6kgTHVyZWF1?= Cc: linux-mm , linux-kernel , aarcange@redhat.com, Hugh Dickins , nyc@holomorphy.com, mike.kravetz@oracle.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi On Tue, Oct 31, 2017 at 7:40 PM, Marc-Andr=C3=A9 Lureau wrote: > Implements memfd sealing, similar to shmem: > - WRITE: deny fallocate(PUNCH_HOLE). mmap() write is denied in > memfd_add_seals(). write() doesn't exist for hugetlbfs. > - SHRINK: added similar check as shmem_setattr() > - GROW: added similar check as shmem_setattr() & shmem_fallocate() > > Except write() operation that doesn't exist with hugetlbfs, that > should make sealing as close as it can be to shmem support. SEAL, SHRINK, and GROW look fine to me. Regarding WRITE you need to make sure there are no page references left around. For instance, on shmem any process might trigger the kernel to GUP mapped shmem pages for asynchronous IO, then unmap the file and request F_SEAL_WRITE. In this case the seal must be rejected *iff* the pages are still pinned. shmem does this by requiring the page-refcounts to be 0. Preferably there would be some better infrastructure that tells us whether someone operates on those pages, but this does not exist right now. See shmem_wait_for_pins() for details. I have little knowledge on how hugetlbs integrate with the page-cache and radix-tree, hence I'd prefer if someone can explicitly ACK that shmem_wait_for_pins() is suitable for hugetlbfs. Otherwise, this series looks good to me (minus the #ifdef mess..). Thanks David From 1582909313731292688@xxx Wed Nov 01 23:45:57 +0000 2017 X-GM-THRID: 1582799756524927158 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread