linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Matthew Wilcox <willy@infradead.org>
To: Simon Ser <contact@emersion.fr>
Cc: Hugh Dickins <hughd@google.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	"Lin, Ming" <minggr@gmail.com>, Peter Xu <peterx@redhat.com>,
	"Kirill A. Shutemov" <kirill@shutemov.name>,
	Dan Williams <dan.j.williams@intel.com>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Will Deacon <will@kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	David Herrmann <dh.herrmann@gmail.com>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	Greg Kroah-Hartman <greg@kroah.com>,
	"tytso@mit.edu" <tytso@mit.edu>
Subject: Re: Sealed memfd & no-fault mmap
Date: Thu, 3 Jun 2021 14:57:40 +0100	[thread overview]
Message-ID: <YLjf1Hmrkfwc5xUW@casper.infradead.org> (raw)
In-Reply-To: <d9rpd_hm_ereswX76EqjEGkqfjFFSi-N_yj8b1pj4MZMFy-fpiicN_XrHl13sXqkkgzAJqZEy1roQsVklWEhY38-olslcbO34GB0YcjHks8=@emersion.fr>

On Thu, Jun 03, 2021 at 01:14:47PM +0000, Simon Ser wrote:
> On Saturday, May 29th, 2021 at 10:15 PM, Hugh Dickins <hughd@google.com> wrote:
> 
> > And IIUC it would have to be the recipient (Wayland compositor) doing
> > the NOFAULT business, because (going back to the original mail) we are
> > only considering this so that Wayland might satisfy clients who predate
> > or refuse Linux-only APIs.  So, an ioctl (or fcntl, as sealing chose)
> > at the client end cannot be expected; and could not be relied on anyway.
> 
> Yes, that is correct.
> 
> > NOFAULT? Does BSD use "fault" differently, and in Linux terms we
> > would say NOSIGBUS to mean the same?
> >
> > Can someone point to a specification of BSD's __MAP_NOFAULT?
> > Searching just found me references to bugs.
> 
> __MAP_NOFAULT isn't documented, sadly. The commit that introduces the
> flag [1] is the best we're going to get, I think.
> 
> > What mainly worries me about the suggestion is: what happens to the
> > zero page inserted into NOFAULT mappings, when later a page for that
> > offset is created and added to page cache?
> 
> Not 100% sure exactly this means what I think it means, but from my PoV,
> it's fine if the contents of an expanded shm file aren't visible from the
> process that has mapped it with MAP_NOFAULT/MAP_NOSIGBUS. In other words,
> it's fine if:
> 
> - The client sets up a 1KiB shm file and sends it to the compositor.
> - The compositor maps it with MAP_NOFAULT/MAP_NOSIGBUS.
> - The client expands the file to 2KiB and writes interesting data in it.
> - The compositor still sees zeros past the 1KiB mark. The compositor needs
>   to unmap and re-map the file to see the data past the 1KiB mark.
> 
> If the MAP_NOFAULT/MAP_NOSIGBUS flag only affects the mapping itself and
> nothing else, this should be fine?

This is going to operate at a page boundary, so the example you gave
will work.  How about this:

 - The client sets up a 1KiB shm file and sends it to the compositor.
 - The client expands the file to 5KiB
 - The compositor sees the new data up to 4KiB but zeroes past the 4KiB
   mark.

Does that still make userspace happy?

  reply	other threads:[~2021-06-03 13:58 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-27  8:24 Sealed memfd & no-fault mmap Simon Ser
2021-04-27 16:51 ` Linus Torvalds
2021-04-29 15:48   ` Kirill A. Shutemov
2021-04-29 18:38     ` Peter Xu
2021-05-04  9:29       ` Simon Ser
2021-05-04 16:08         ` Linus Torvalds
2021-05-05 10:21           ` Simon Ser
2021-05-05 18:42             ` Linus Torvalds
2021-05-28 17:07               ` Lin, Ming
2021-05-29  1:03                 ` Linus Torvalds
2021-05-29  7:31                   ` Lin, Ming
2021-05-29 15:44                     ` Linus Torvalds
2021-05-29 20:15                       ` Hugh Dickins
2021-05-29 23:36                         ` Ming Lin
2021-05-31 21:13                           ` Ming Lin
2021-06-01  6:24                             ` Linus Torvalds
2021-06-01  7:08                               ` Ming Lin
2021-06-03 13:01                                 ` Simon Ser
2021-06-03 20:07                                   ` Ming Lin
2021-06-03 20:49                                     ` Simon Ser
2021-06-03 13:14                         ` Simon Ser
2021-06-03 13:57                           ` Matthew Wilcox [this message]
2021-06-03 14:48                             ` Simon Ser

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YLjf1Hmrkfwc5xUW@casper.infradead.org \
    --to=willy@infradead.org \
    --cc=contact@emersion.fr \
    --cc=dan.j.williams@intel.com \
    --cc=dh.herrmann@gmail.com \
    --cc=greg@kroah.com \
    --cc=hughd@google.com \
    --cc=kirill.shutemov@linux.intel.com \
    --cc=kirill@shutemov.name \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=minggr@gmail.com \
    --cc=peterx@redhat.com \
    --cc=torvalds@linux-foundation.org \
    --cc=tytso@mit.edu \
    --cc=will@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).