From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D368C77B6C for ; Wed, 5 Apr 2023 22:32:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 05DBD6B0075; Wed, 5 Apr 2023 18:32:32 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 00E0E6B0078; Wed, 5 Apr 2023 18:32:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E18D96B007B; Wed, 5 Apr 2023 18:32:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D49266B0075 for ; Wed, 5 Apr 2023 18:32:31 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 9CE08120E31 for ; Wed, 5 Apr 2023 22:32:31 +0000 (UTC) X-FDA: 80648787702.22.BBF59A6 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) by imf13.hostedemail.com (Postfix) with ESMTP id ED14920018 for ; Wed, 5 Apr 2023 22:32:28 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=Ic1+NmDL; spf=pass (imf13.hostedemail.com: domain of 3-_YtZAsKCMgoqys5zsC71uu22uzs.q20zw18B-00y9oqy.25u@flex--ackerleytng.bounces.google.com designates 209.85.210.202 as permitted sender) smtp.mailfrom=3-_YtZAsKCMgoqys5zsC71uu22uzs.q20zw18B-00y9oqy.25u@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680733949; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:dkim-signature; bh=Gu2QsUrLzhWAeLzNTmiDWMuuwgGUJt5zdF3ZUZTfDtU=; b=2lI4nZx3uYGgXC/fA0tnlammpaeyELBW1lNy6swFpY625a+3Z7pqUNdwLJ0S2BHYjBuAa2 J9PpUpujs/dssLOkb+vf+TQD56rugLMc4jF+wk5a+w6tOGJE9fhK5t2UGyqrGVEKiPa1a+ DHSrxl5V0HMePLgIt5wwH81+04Z/iEg= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=Ic1+NmDL; spf=pass (imf13.hostedemail.com: domain of 3-_YtZAsKCMgoqys5zsC71uu22uzs.q20zw18B-00y9oqy.25u@flex--ackerleytng.bounces.google.com designates 209.85.210.202 as permitted sender) smtp.mailfrom=3-_YtZAsKCMgoqys5zsC71uu22uzs.q20zw18B-00y9oqy.25u@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680733949; a=rsa-sha256; cv=none; b=psuU8werCLGjQlMXwMIGnQJZ5vlHLbh/XhzEhabw5IfylDEUMelnZc4Atk9YdA0yo2HyPO 54yabfn5bv44WvQHWuA+UgqpKf0yIHgmgvSbDs3Ti5JkJm00cXP0ClsDB9JItpPZRElYcT 9jvHvygUXj4Id3uYBVsrOMQaLWrt/E8= Received: by mail-pf1-f202.google.com with SMTP id b3-20020a62a103000000b0062d796cd5b7so14079723pff.17 for ; Wed, 05 Apr 2023 15:32:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1680733948; h=cc:to:from:subject:message-id:mime-version:in-reply-to:date:from:to :cc:subject:date:message-id:reply-to; bh=Gu2QsUrLzhWAeLzNTmiDWMuuwgGUJt5zdF3ZUZTfDtU=; b=Ic1+NmDLa5hMPtGVT8+HebQhOzm+kEy+BqEiLEtn+OlCuFrgeenhk8Ei5IhgHP7PFO eeER4W3YVU7OjGoXtDaRa2v00Q4mA4BRjRKbY+moqn9fUzpd9J3fOLNMEsAQwxZSmFAN zEtXNk6jlku/4N0COH2zXWsx/euB+01q00epSAu0jyzLc2/sltspKE3bB6roHqVjtGqg VzMHDk3si+DA6W8KXKy+W0gYsfEYxlU1JEAsppztBzx/e3ztJAFLGXUIzmY9i5iBOdlz /2zB9ElbSyQs7GT/ZG774asZvNwjHOtnCVfMMPNi5dyMxANZV96RmdxXXumeB8Gon07o jqsw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680733948; h=cc:to:from:subject:message-id:mime-version:in-reply-to:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Gu2QsUrLzhWAeLzNTmiDWMuuwgGUJt5zdF3ZUZTfDtU=; b=jvFrInEkuixJApBbIRzvcg/u6PRCHm51157teIpAFRnAcg6d4AIp6Rlrep43yuD8PG suQ1DCAGJuti26dmErHOCgazSv/Ka56P4B9g5YmKJhMpAb14dzPKMz1HhvyqWoolRHO5 vl+L5uryGi6ePbrglENZxiJP0A45Y9tmFHwYjCpN70CnPvpOceGR1dLDgU2kv7MxQ8TW k90iG9uYC4poTtO3yIbhHnFwV/oaNR+t4cSknrFzzdTamAMJT/5lWsBTQ66KfgARzpXn mcBdpfxosh0NcpCiHoOKJpe+YpDyQBiDtJJP6Ci++CtGbd8A2FEawC3yrq4FGHpNymVn kT4Q== X-Gm-Message-State: AAQBX9da6IwdiapY9hqoUUJ1ENbExWFUVOgHH/oc+QAOLRL/oD033nZa v1wb1ce4eViLoXn8iq8FSBoOfjHmmcdOHWohaw== X-Google-Smtp-Source: AKy350bu8kP+l7JHrBlhgnLqNucEG6rtKm9issrnydB2heDAMrKaEZaVtTKV56Xmq1ks6MtG/TvZQI0fxIJ6Cse1xA== X-Received: from ackerleytng-cloudtop.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:1f5f]) (user=ackerleytng job=sendgmr) by 2002:a05:6a00:2313:b0:593:fcfb:208b with SMTP id h19-20020a056a00231300b00593fcfb208bmr4149900pfh.3.1680733947764; Wed, 05 Apr 2023 15:32:27 -0700 (PDT) Date: Wed, 05 Apr 2023 22:32:26 +0000 In-Reply-To: <20230404082507.sbyfahwc4gdupmya@box.shutemov.name> (kirill@shutemov.name) Mime-Version: 1.0 Message-ID: Subject: Re: [RFC PATCH v3 1/2] mm: restrictedmem: Allow userspace to specify mount for memfd_restricted From: Ackerley Tng To: "Kirill A. Shutemov" Cc: kvm@vger.kernel.org, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, qemu-devel@nongnu.org, aarcange@redhat.com, ak@linux.intel.com, akpm@linux-foundation.org, arnd@arndb.de, bfields@fieldses.org, bp@alien8.de, chao.p.peng@linux.intel.com, corbet@lwn.net, dave.hansen@intel.com, david@redhat.com, ddutile@redhat.com, dhildenb@redhat.com, hpa@zytor.com, hughd@google.com, jlayton@kernel.org, jmattson@google.com, joro@8bytes.org, jun.nakajima@intel.com, kirill.shutemov@linux.intel.com, linmiaohe@huawei.com, luto@kernel.org, mail@maciej.szmigiero.name, mhocko@suse.com, michael.roth@amd.com, mingo@redhat.com, naoya.horiguchi@nec.com, pbonzini@redhat.com, qperret@google.com, rppt@kernel.org, seanjc@google.com, shuah@kernel.org, steven.price@arm.com, tabba@google.com, tglx@linutronix.de, vannapurve@google.com, vbabka@suse.cz, vkuznets@redhat.com, wanpengli@tencent.com, wei.w.wang@intel.com, x86@kernel.org, yu.c.zhang@linux.intel.com Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes X-Stat-Signature: e9m56i5zedag7ez9h81qgnitr8xxnr4s X-Rspam-User: X-Rspamd-Queue-Id: ED14920018 X-Rspamd-Server: rspam06 X-HE-Tag: 1680733948-99013 X-HE-Meta: U2FsdGVkX1/gdEkTyW44SRoBVU6xN23Mt9iRnHTAWjNiR5VUdkpZRGHr4ABpAl4rj3SLs7cqRMng4PIuaDrHb8NrmFgmFnetI3f35hEbc5TehI9eCIB+hJHeJbq9vlonPG/MyiItRU9GMTkOsXhmrEAUA3Qoa2T6a+L/ncjv3sXa5OIsBlTAtvwrU8MKOHEXXFUyEWsJrdFEvXjgjeGQUgKwyfTb2kXkxpOOYC8k4PO1nHdqGrCloMxRlymFolR1S5Uk2o2x8O0Z4QOrKobZ6b2edhCLb6Iv9Q1+mrva5ZhJlSWzO8kNonhS9YB2630Jz2RCvpf7+jHeFnxEPPcaf/U6TqBUIJ0XDBlsy3XHKDbZ/JcuvEDYhu7EzV3/hziq3NPq8sF4JcGbVZ9+8qNIVZmmmEXCubW3os1bbqHR7lYguTCIT3Uy5L2FRoFBsWMwInif8FdLDw+uHoENS5A9m4b56jVhHhA/gXCn2qo3E/jYEd6KFrXP5XYBtgvCJ7kpYlxm9xJDWYjwi2lWrF/cENP0EWvVaXJ5C9KizkMKp/GxRnlxXRCjuOvJygh2UtPbUVPOxAR+FwxeOfztiYvFVWlf/kDJteNcbND5FBF/hwOID6Ripd05WY23Frbp0N4oxP1HpNLUEA6Xl173wM6XaJJSVtf4TkAWEZhpw9UWGfsVUHeAdCw9QmFjaSY4bD+3E876fVnKwDRtW22VybZGE6H5DQfxgXWn5I3M5DmdKxQlRr5sd7A9/siMaV/zqgz5Ge5D19nyG5RzuOaVBqxjJMzHnEYSekVs9VpJnpdK1x/BirPOTatyvPcAzKf3kpTVtYWhlYqU084WKqfIP52Tj5iZtFknRcmkgzffzTUyYYkaQyZ3dc9neDDzEsY5PPjjSoqkxFdVtlZ7EqPIE4ZMhTkbrobhzNAQxCaSmz+iZb1J99xMJHRgfzxUlCgfLlwVjR0bfjVbuHAzH9x3v80 S4RnTVjf N9cVihU4IprpvGmPc4Rj6dWhaMOxPgXk3PVcb08mFK8OHDRgoe0bb7birUUKWzJKjp6MsE+37zjlbCTI45cysCjIrD/qYRo5pS0nDuIcECA1PpVlQ7ZszJXKZpTmuCu6+Bz2+GHBoWlE+xNiGCen5WH1f7V6SydU7W3fcczpsgTCeDPnanFeEFCCkoqIcg1n/Csb84XFiVmtoj+G6EEiJaEZYPskf5gh1SX3DjkH6D0A6i/zt4N+K6mykScnFQGus72k++J/pnbGj/QDH7s8AbwoaGsI4bWnz2DKMRSzkny4gxODswTAlKiE7dlanHceki53Uqd/RMdhHY5V8RoSQ5JFX05GEX8YkNmzeyndMAGePLZvUkT85VcislJ3oHDpJcWlVUjfHtZPoPGJ2YdB0VtbB0PsaQZXyvUWmmDWmaWTiXOxobK6iaPskf7zyZJLMgWH8IG6Yy3Wx87Ar+kARJqeDthnpZ1PQqqYLXhdFGGOxzAhfYUsRqPjbuVohwZTMj1SBwo8UOf2XsOkUgJCQ4XjSKxy+yB/oYt087p5ghfHd6rR9bU6C6rbo3OuKvRrNa4f+2Yblsupbnx3AMV7YOYnq8TWESKjAd/YjoBOXyh8EAyDmQRf9kYzYheGcqZPvwYYmJDgW40J5TRA= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Thanks for reviewing these patches! "Kirill A. Shutemov" writes: > On Fri, Mar 31, 2023 at 11:50:39PM +0000, Ackerley Tng wrote: >> ... >> +static int restrictedmem_create_on_user_mount(int mount_fd) >> +{ >> + int ret; >> + struct fd f; >> + struct vfsmount *mnt; >> + >> + f = fdget_raw(mount_fd); >> + if (!f.file) >> + return -EBADF; >> + >> + ret = -EINVAL; >> + if (!is_mount_root(f.file)) >> + goto out; >> + >> + mnt = f.file->f_path.mnt; >> + if (!is_shmem_mount(mnt)) >> + goto out; >> + >> + ret = file_permission(f.file, MAY_WRITE | MAY_EXEC); > Why MAY_EXEC? Christian pointed out that this check does not make sense, I'll be removing the entire check in the next revision. >> + if (ret) >> + goto out; >> + >> + ret = mnt_want_write(mnt); >> + if (unlikely(ret)) >> + goto out; >> + >> + ret = restrictedmem_create(mnt); >> + >> + mnt_drop_write(mnt); >> +out: >> + fdput(f); >> + >> + return ret; >> +} > We need review from fs folks. Look mostly sensible, but I have no > experience in fs. >> + >> +SYSCALL_DEFINE2(memfd_restricted, unsigned int, flags, int, mount_fd) >> +{ >> + if (flags & ~RMFD_USERMNT) >> + return -EINVAL; >> + >> + if (flags == RMFD_USERMNT) { >> + if (mount_fd < 0) >> + return -EINVAL; >> + >> + return restrictedmem_create_on_user_mount(mount_fd); >> + } else { >> + return restrictedmem_create(NULL); >> + } > Maybe restructure with single restrictedmem_create() call? > struct vfsmount *mnt = NULL; > if (flags == RMFD_USERMNT) { > ... > mnt = ...(); > } > return restrictedmem_create(mnt); Will do so in the next revision. >> +} >> + >> int restrictedmem_bind(struct file *file, pgoff_t start, pgoff_t end, >> struct restrictedmem_notifier *notifier, bool exclusive) >> { >> -- >> 2.40.0.348.gf938b09366-goog