Received: by 10.223.164.221 with SMTP id h29csp37532wrb;
        Fri, 3 Nov 2017 10:05:27 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+TzElVtFGiwih2/Jaa9JZKdQ8bqMtQ9k8Tz87hoJDVWEFILiJlMgSJBU4lx7UnBsuyC6eqS
X-Received: by 10.159.194.135 with SMTP id y7mr7478709pln.33.1509728727103;
        Fri, 03 Nov 2017 10:05:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1509728727; cv=none;
        d=google.com; s=arc-20160816;
        b=ZCCW7+rbFWRq/AFOJxUeGkezvRt/9OTHJw2LszDrfc/H0co9VUw845a/UeJyJyjOXC
         XbwhtAbSHndlFebsAf6/Dtm7K/C6XLI6PdpDnAkcrc39CwzD+JyrIcis/onVaJwRknTS
         qn6gwZCUHwKx8HCh9UVL7rS+voFTfwjcJjpFfcWXDhQRTom8HmVUL2n44EBiBV3oGfpj
         btdW8cJ+83OScRnAcKydmi5Tpn8bVVHwAGtduOougfBfLpMgUA6FYcnTeuYUcsxmU1fA
         TzkCUHOovUQf4aqwWkG8hN1yv0lUrVmuKPq9w0iFXkjJJfQdChC7fRdjtbuA1iDqLRy+
         nqVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:arc-authentication-results;
        bh=R4BJReJ/d2bvLTQ+a/kxl5uG7TFwnKJpWrYt24gwjBI=;
        b=FoWovhBH8C5rRHtRGVGx2YhGuq/At1ysD/G3xEhuMcTSwBDJYH86+rDbl7jKswKXQ6
         nkqSwfpXXteEFFdAzG7QAYMcs4Dw4AZt8xlx3NnbzpEG7xIVew25wGC3Wo18s98Dbe3o
         wFCy3LPDfRw1pOLJvvKowIyOR5B2I6iAt1EqEBkymNZ4mXdEdDVsqAVO3mmk75+NiuyV
         KBktDbB+FowWPOrJjgZat2RXXyh+9ctyjY7o0XFnrWy23mX1FC3P5Kl3cXM3mVPeZXq4
         hC9J5RBbyXZTGIu21su0mja8Nlavkrq7lXi1TXrof3YFj1hCTJuai8BAIKBwVRRfh1xa
         IGyg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=bBucQMJB;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b9si6722693pgf.689.2017.11.03.10.05.09;
        Fri, 03 Nov 2017 10:05:27 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=bBucQMJB;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756133AbdKCRD5 (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 93 others); Fri, 3 Nov 2017 13:03:57 -0400
Received: from mail-io0-f193.google.com ([209.85.223.193]:51400 "EHLO
        mail-io0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752885AbdKCRD4 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 3 Nov 2017 13:03:56 -0400
Received: by mail-io0-f193.google.com with SMTP id b186so7678328iof.8
        for <linux-kernel@vger.kernel.org>; Fri, 03 Nov 2017 10:03:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=R4BJReJ/d2bvLTQ+a/kxl5uG7TFwnKJpWrYt24gwjBI=;
        b=bBucQMJBoph424897FBEQclUkZZs9Xih2fGsr6kehGJjxbd7E0P9faJJvO8C8ByvRe
         RSNM8fjHeuYlP7JxDCABLzbapXEJFWSBnlHsbFzAP+z7Nx3oxdd8I8jg07w6c1DaDR2H
         hxKV5I7GjPLPoVfWOKXDQ+u2e52ojlesBwpEKb/ft5nybD++AKNOODOOsJZv5xiIOfUg
         yqlMrd3zXKfVvw9CkxKgur7dYiGWLFRtTG/+nsLbpf6X0Y4RcL8KAdx1pMywa5N6i746
         7ebOr/qf44WDRe6SskDrHiHlf8gAT6CMriKsrF1p3eoRtVgPDuYc+Jz+Sa5RqYIm27ia
         F7jA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=R4BJReJ/d2bvLTQ+a/kxl5uG7TFwnKJpWrYt24gwjBI=;
        b=TzqbueY2rrgnnM60JOBw8dMv5DsoFn+7QBHdbHiATuiZ7TSiVMxeEE9NsQIoB88HlY
         G3X32Y09uHeHbR/ZfEBsCPTDqONV+/PzE4URZgOpK87b3yTBZ36bdWYU2LvskQOJCbYA
         lW6z25XQN+IPMm/nlwEirjiKw4xtLQSNU3guVH0sFHXhHH1frLKsNo6+jAOFVuYf9e03
         iRmlkXAFi3xQiXPLa5VVa5wLf1Zp6IdvlJPonTxHBJjZ1yW+xsKeOLNJqpUIxMD8FeU0
         jqE7PN+UlCQrL+A7VCyfBiip23IH3gC4UmRxsygT26cWLgB8QELj3qSLYG3bGI/HO/bf
         V0cQ==
X-Gm-Message-State: AJaThX4gI/ZcG/YXz7sWGd7QPvGbYUyOFI321dpHC09wsG2PQj2CR/+5
        yXQGVe/hqEKTmDXOxQlhKZUKh/8HS9rV9Ye++8Y=
X-Received: by 10.107.138.204 with SMTP id c73mr9439595ioj.91.1509728635654;
 Fri, 03 Nov 2017 10:03:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.107.53.76 with HTTP; Fri, 3 Nov 2017 10:03:54 -0700 (PDT)
In-Reply-To: <20171031184052.25253-5-marcandre.lureau@redhat.com>
References: <20171031184052.25253-1-marcandre.lureau@redhat.com> <20171031184052.25253-5-marcandre.lureau@redhat.com>
From:   David Herrmann <dh.herrmann@gmail.com>
Date:   Fri, 3 Nov 2017 18:03:54 +0100
Message-ID: <CANq1E4SC8Hi4h9hxUM70+qOL4K95cXuMF9DKGw4dGhfmktrqsA@mail.gmail.com>
Subject: Re: [PATCH 4/6] hugetlbfs: implement memfd sealing
To:     =?UTF-8?B?TWFyYy1BbmRyw6kgTHVyZWF1?= <marcandre.lureau@redhat.com>
Cc:     linux-mm <linux-mm@kvack.org>,
        linux-kernel <linux-kernel@vger.kernel.org>, aarcange@redhat.com,
        Hugh Dickins <hughd@google.com>, nyc@holomorphy.com,
        mike.kravetz@oracle.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi

On Tue, Oct 31, 2017 at 7:40 PM, Marc-Andr=C3=A9 Lureau
<marcandre.lureau@redhat.com> wrote:
> Implements memfd sealing, similar to shmem:
> - WRITE: deny fallocate(PUNCH_HOLE). mmap() write is denied in
>   memfd_add_seals(). write() doesn't exist for hugetlbfs.
> - SHRINK: added similar check as shmem_setattr()
> - GROW: added similar check as shmem_setattr() & shmem_fallocate()
>
> Except write() operation that doesn't exist with hugetlbfs, that
> should make sealing as close as it can be to shmem support.

SEAL, SHRINK, and GROW look fine to me.

Regarding WRITE you need to make sure there are no page references
left around. For instance, on shmem any process might trigger the
kernel to GUP mapped shmem pages for asynchronous IO, then unmap the
file and request F_SEAL_WRITE. In this case the seal must be rejected
*iff* the pages are still pinned. shmem does this by requiring the
page-refcounts to be 0. Preferably there would be some better
infrastructure that tells us whether someone operates on those pages,
but this does not exist right now. See shmem_wait_for_pins() for
details.

I have little knowledge on how hugetlbs integrate with the page-cache
and radix-tree, hence I'd prefer if someone can explicitly ACK that
shmem_wait_for_pins() is suitable for hugetlbfs.

Otherwise, this series looks good to me (minus the #ifdef mess..).

Thanks
David

From 1582909313731292688@xxx Wed Nov 01 23:45:57 +0000 2017
X-GM-THRID: 1582799756524927158
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread