From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3C64CC54EED for ; Mon, 30 Jan 2023 05:26:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 49F286B0072; Mon, 30 Jan 2023 00:26:38 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 44F396B0073; Mon, 30 Jan 2023 00:26:38 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 316E28E0001; Mon, 30 Jan 2023 00:26:38 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 217FA6B0072 for ; Mon, 30 Jan 2023 00:26:38 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id D3BC51C3A50 for ; Mon, 30 Jan 2023 05:26:37 +0000 (UTC) X-FDA: 80410330434.12.B9FFFA5 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) by imf28.hostedemail.com (Postfix) with ESMTP id 30D9BC000B for ; Mon, 30 Jan 2023 05:26:34 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=D7SxTMVp; spf=pass (imf28.hostedemail.com: domain of 3ClXXYwsKCDcTVdXkeXrmgZZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--ackerleytng.bounces.google.com designates 209.85.219.202 as permitted sender) smtp.mailfrom=3ClXXYwsKCDcTVdXkeXrmgZZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1675056395; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:dkim-signature; bh=b/vIkIPl5nRj/3hPy3c/U0PXxxrhFi67btaNOzIv4hA=; b=HC7GXYc4hcQgiLUMxQ0TZ3ishWM6CGRqmVCh7VITv+P5HNIC2xwpx20EaG/95NPUsMtvE7 eR4eM07+3Q9vazFw5af3fNzwPpkhhwam2EG/lIzNqwo6XfBRz3VZlOZsVbEWuA8yIKejsa J+6vlFARwv5Vj/R6l4RuxEdsKZM4M9c= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=D7SxTMVp; spf=pass (imf28.hostedemail.com: domain of 3ClXXYwsKCDcTVdXkeXrmgZZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--ackerleytng.bounces.google.com designates 209.85.219.202 as permitted sender) smtp.mailfrom=3ClXXYwsKCDcTVdXkeXrmgZZhhZeX.Vhfebgnq-ffdoTVd.hkZ@flex--ackerleytng.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675056395; a=rsa-sha256; cv=none; b=g/jM9bizCkN6ZHaN7fYW5ZQLEJlZIfSnVFMYWHVT16dBbogkVDnjk48m/3vHvv9c8WFunT 0b7OUL/+d9DDkImppcHhS5CemJXEG1qDDikgLcCxIjOsCtc0Dqg5E7iJMPrXFz6jhLb8i8 MQihCZD19JUKqP3Kf+gFS6zo6RmhNBc= Received: by mail-yb1-f202.google.com with SMTP id u186-20020a2560c3000000b007c8e2cf3668so11923317ybb.14 for ; Sun, 29 Jan 2023 21:26:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:mime-version:in-reply-to:date:from:to :cc:subject:date:message-id:reply-to; bh=b/vIkIPl5nRj/3hPy3c/U0PXxxrhFi67btaNOzIv4hA=; b=D7SxTMVpdE8OPU4Q8lhHRcsgMpDnY1lwmr2KK3l7i/bP6j+o5A3rsWdRpR2th82Tw7 3Na5KNK1Stogf6axURA9XxIaCe3/IFgJehhOLeBTGm9/p382ok+02Xo2ovXAwG+kGbvD BmYmXY5hlLXG+XKrP7NNkk58y3fUL7ev3IABImxVQG/7/RdSHdFyuSpnpPb537H0OIPo ixo6e9FQ/K1A5UG1StdJkIVOHUhcREtuoRy1Ik+eIze4N8mllpTjrSq6abcsckZ7nOZ/ sLroSxpo5sn2CdacRJ1G0xOA8ivhouUqU9Hqwci7GILS79bIuTqIG+D9QA2CHtpK2oXX ScUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:mime-version:in-reply-to:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=b/vIkIPl5nRj/3hPy3c/U0PXxxrhFi67btaNOzIv4hA=; b=0h+0OsKVNx+Au3JL3cXJkRvFlb+EXJAJSFgwOVkYd268ehhl/yFKgwICSf4eD/AvR4 fNR5bp4Ep0vpIl4+D7XWfJ4xLfGAoM3BcBS/tOXrHjhY5gk9kfk0IH3I3rSxglpeg4+O hvqhE8X12OR3excb32vNfUgI/FJIM70F8JXdaEMhXjTEwhAu9Xsh+Y9sqXhZpWkirjup r1+ThVQlCEvWHM/QUSomN35swcDBC4sQc4dZHGCl8/igN6Vw2LH1tysvrBkUE8g40PLb cIsDZqZ79BqdOU5YdY0589kZv38+DAzWFNjZGpLS/RLeH+hg62NAbntU2eCWeyj+4nDC wiHA== X-Gm-Message-State: AO0yUKVkDuQCugp8E1D2ySFB22iMIOZU9refSW0123i1nSEnBunyViOt IfWFMPYRQmFB2kjxFVkPY7lFWqfygZm/kGAiDw== X-Google-Smtp-Source: AK7set+JlXdd4+lvDMPsWLbQWxCgCdL1TWQEwkw9Zl36rvKxocVcw2BCVuEm0lbxbrZEdORCPWSOnhc/TSAGSF3Dag== X-Received: from ackerleytng-cloudtop-sg.c.googlers.com ([fda3:e722:ac3:cc00:4f:4b78:c0a8:b30]) (user=ackerleytng job=sendgmr) by 2002:a81:77d6:0:b0:506:348b:88a2 with SMTP id s205-20020a8177d6000000b00506348b88a2mr3119463ywc.400.1675056394197; Sun, 29 Jan 2023 21:26:34 -0800 (PST) Date: Mon, 30 Jan 2023 05:26:29 +0000 In-Reply-To: <20221202061347.1070246-2-chao.p.peng@linux.intel.com> (message from Chao Peng on Fri, 2 Dec 2022 14:13:39 +0800) Mime-Version: 1.0 Message-ID: Subject: Re: [PATCH v10 1/9] mm: Introduce memfd_restricted system call to create restricted user memory From: Ackerley Tng To: Chao Peng Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org, qemu-devel@nongnu.org, pbonzini@redhat.com, corbet@lwn.net, seanjc@google.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, joro@8bytes.org, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, arnd@arndb.de, naoya.horiguchi@nec.com, linmiaohe@huawei.com, x86@kernel.org, hpa@zytor.com, hughd@google.com, jlayton@kernel.org, bfields@fieldses.org, akpm@linux-foundation.org, shuah@kernel.org, rppt@kernel.org, steven.price@arm.com, mail@maciej.szmigiero.name, vbabka@suse.cz, vannapurve@google.com, yu.c.zhang@linux.intel.com, chao.p.peng@linux.intel.com, kirill.shutemov@linux.intel.com, luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, david@redhat.com, aarcange@redhat.com, ddutile@redhat.com, dhildenb@redhat.com, qperret@google.com, tabba@google.com, michael.roth@amd.com, mhocko@suse.com, wei.w.wang@intel.com Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes X-Rspam-User: X-Rspamd-Server: rspam03 X-Stat-Signature: kioowmox1rkiouoj36t5heugrm8q8rgc X-Rspamd-Queue-Id: 30D9BC000B X-HE-Tag: 1675056394-585171 X-HE-Meta: U2FsdGVkX1+XNyrWwqJJv/3b9ZOeM6wPVjTU4uszh8I/TCZCCyDuh7QTeCf6PjZJK2ZyNvlIkGhRQ2zBQFs8sqR4SqSS0kvWUfnG8OeQOB6paB3gu0EnNQnu45wX9/vCzXLpGFrBlKfaGNbTveECU9yZVq/l+/fr9eCL+cWSvTj7F1AeooOMxFNyInpA7a4fHhyGD9eSIv1cH/PvQj9N8KCq3rR8aHAl6t8vjsA61+OqFYW9hcX9KwLZBZAw+XGorMoZ5wXCmoYFkLp8PegykWb2gmg4GiSaCi1WzFZVRqf65268xmc/fyPeA4O5o+BfzjykXaSkhV/TLZWOgGV6TRA+J48JWmmJIZTvJ2Vkn3bMLDaEW9ucR0Ecqp4OKqCBiqJGn5ffEBd5pVL4HgOxwtg00E6fJlru5Q4HYede6tS/KOXo/V+mv8gRmkj3TW9EI54uRoF2REfxWu1kMYPaF2EKFxjbi19YvM55/vUnAbeNKff0CwVjNZF7JrIk5c8dva71WZJNOg1F8tBLeuOUK1PuKC3G/Zz8ulSpgP9zAU3SmuR70cz9GRoBdQaPK1B58V7uVg4Dwl+ibRZCTEQAVsoDjV3oZE0oRo/At0zi5D53RFzd6P7TeP1mW/oH2aqd58HpTtMGTd56kCqXMDWa90+snP8qPmz904ms7hyoxIxuteWwfXr9fc3V1qlIxt03VEpZCRnRM+aXSOz4s5B0Pp5iHrUbjUYvYYBibpgSC2ksq3EHgOZJDioPxczCSjSJyDoPzn6+BFe6TWSy2dEtrqIXoL7XAxRAK/F69wD3yEjeV642h1nUwzSBgKyZaQtcS1UZTh+Xiw36eoUGY9IyT+IyvNx+5IxxPZB6MREhDNLCvnnvhejz8+Fubp9EEzfbI6maytGDDB+4xDNbsyTVEfJuQiLEPlAdI4MoKkBayXQaFyJGXLhXJeM7DfMeyOisP0s1HhdUmMEUv2w/Jjn 45Jt8zWA JT8WvwEfl7rzYtPxvZ8fawAThyrFOD4Lmf99O2ztx2nhkqboEl3e7Eq8Scp2oDzusW2VNRs4O9qowt7/odt9WSD6madSSocB0/bksRAUtkco6iolNijGDBpPog9iUo1jAEZLUdD5idb4szsBKEu3kWlZxQSr34mx4vlN9zRRMqrc73lYdo9W65vsxtP4iP1wl2kLOAiDnxysuRk+eFDKZ7iunQniyp2U0X+ZCpK0nmcZ/3xVWYIoyhpSVpiNwkEBnqKgh096YwX35KiUgDgpjVbv5QLnsDXZyMXg3tBfHGaAn+JNlYpy5G9kAFLlYzNxKWo2ludCbrjERCWjd/cdJNYKWycbsvr84FSMo7bT7+PXapKek8RueXDSkirCZ3nWKFE7bKRipI70CVOdP4X6/tSd+2F9M8inSi3sX5iVPI0Sztf5O4vp0Gvfgv2Sk9ExC6dfC0H3jR2cVnBOTDphMWWj0i/JwPU4oXrcfasWsR2wIHHbLI5lOEvaMsIuPwibHgswkVTz5dctkRu6mqnEdAM7IPWYKuKefB2OlZWelpIq7CIi1SwMF0XDG78l+FaHSIrMA9BPGps5l8aYLQPGGKBaQVC+7LxgdpeZXSGc3/H2aUaqpXvJwpqhY7+G8/+Oth7I4dt2IFFB2nYg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > +static int restrictedmem_getattr(struct user_namespace *mnt_userns, > + const struct path *path, struct kstat *stat, > + u32 request_mask, unsigned int query_flags) > +{ > + struct inode *inode = d_inode(path->dentry); > + struct restrictedmem_data *data = inode->i_mapping->private_data; > + struct file *memfd = data->memfd; > + > + return memfd->f_inode->i_op->getattr(mnt_userns, path, stat, > + request_mask, query_flags); Instead of calling shmem's getattr() with path, we should be using the the memfd's path. Otherwise, shmem's getattr() will use restrictedmem's inode instead of shmem's inode. The private fields will be of the wrong type, and the host will crash when shmem_is_huge() does SHMEM_SB(inode->i_sb)->huge), since inode->i_sb->s_fs_info is NULL for the restrictedmem's superblock. Here's the patch: diff --git a/mm/restrictedmem.c b/mm/restrictedmem.c index 37191cd9eed1..06b72d593bd8 100644 --- a/mm/restrictedmem.c +++ b/mm/restrictedmem.c @@ -84,7 +84,7 @@ static int restrictedmem_getattr(struct user_namespace *mnt_userns, struct restrictedmem *rm = inode->i_mapping->private_data; struct file *memfd = rm->memfd; - return memfd->f_inode->i_op->getattr(mnt_userns, path, stat, + return memfd->f_inode->i_op->getattr(mnt_userns, &memfd->f_path, stat, request_mask, query_flags); } > +} > + > +static int restrictedmem_setattr(struct user_namespace *mnt_userns, > + struct dentry *dentry, struct iattr *attr) > +{ > + struct inode *inode = d_inode(dentry); > + struct restrictedmem_data *data = inode->i_mapping->private_data; > + struct file *memfd = data->memfd; > + int ret; > + > + if (attr->ia_valid & ATTR_SIZE) { > + if (memfd->f_inode->i_size) > + return -EPERM; > + > + if (!PAGE_ALIGNED(attr->ia_size)) > + return -EINVAL; > + } > + > + ret = memfd->f_inode->i_op->setattr(mnt_userns, > + file_dentry(memfd), attr); > + return ret; > +} > + > +static const struct inode_operations restrictedmem_iops = { > + .getattr = restrictedmem_getattr, > + .setattr = restrictedmem_setattr, > +};