From: Andrew Morton <akpm@linux-foundation.org>
To: Joel Fernandes <joel@joelfernandes.org>
Cc: Andy Lutomirski <luto@kernel.org>,
Stephen Rothwell <sfr@canb.auug.org.au>,
LKML <linux-kernel@vger.kernel.org>,
Hugh Dickins <hughd@google.com>, Jann Horn <jannh@google.com>,
Khalid Aziz <khalid.aziz@oracle.com>,
Linux API <linux-api@vger.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@vger.kernel.org>, Linux-MM <linux-mm@kvack.org>,
marcandre.lureau@redhat.com, Matthew Wilcox <willy@infradead.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Shuah Khan <shuah@kernel.org>
Subject: Re: [PATCH -next 1/2] mm/memfd: make F_SEAL_FUTURE_WRITE seal more robust
Date: Sat, 24 Nov 2018 16:42:29 -0800 [thread overview]
Message-ID: <20181124164229.89c670b6e7a3530ef7b0a40c@linux-foundation.org> (raw)
In-Reply-To: <20181122230906.GA198127@google.com>
On Thu, 22 Nov 2018 15:09:06 -0800 Joel Fernandes <joel@joelfernandes.org> wrote:
> Android uses ashmem for sharing memory regions. We are looking forward to
> migrating all usecases of ashmem to memfd so that we can possibly remove
> the ashmem driver in the future from staging while also benefiting from
> using memfd and contributing to it. Note staging drivers are also not ABI
> and generally can be removed at anytime.
>
> One of the main usecases Android has is the ability to create a region and
> mmap it as writeable, then add protection against making any "future"
> writes while keeping the existing already mmap'ed writeable-region active.
> This allows us to implement a usecase where receivers of the shared
> memory buffer can get a read-only view, while the sender continues to
> write to the buffer. See CursorWindow documentation in Android for more
> details:
> https://developer.android.com/reference/android/database/CursorWindow
>
> This usecase cannot be implemented with the existing F_SEAL_WRITE seal.
> To support the usecase, this patch adds a new F_SEAL_FUTURE_WRITE seal
> which prevents any future mmap and write syscalls from succeeding while
> keeping the existing mmap active.
>
> A better way to do F_SEAL_FUTURE_WRITE seal was discussed [1] last week
> where we don't need to modify core VFS structures to get the same
> behavior of the seal. This solves several side-effects pointed by Andy.
> self-tests are provided in later patch to verify the expected semantics.
>
> [1] https://lore.kernel.org/lkml/20181111173650.GA256781@google.com/
This changelog doesn't have the nifty test case code which was in
earlier versions?
WARNING: multiple messages have this Message-ID (diff)
From: akpm at linux-foundation.org (Andrew Morton)
Subject: [PATCH -next 1/2] mm/memfd: make F_SEAL_FUTURE_WRITE seal more robust
Date: Sat, 24 Nov 2018 16:42:29 -0800 [thread overview]
Message-ID: <20181124164229.89c670b6e7a3530ef7b0a40c@linux-foundation.org> (raw)
In-Reply-To: <20181122230906.GA198127@google.com>
On Thu, 22 Nov 2018 15:09:06 -0800 Joel Fernandes <joel at joelfernandes.org> wrote:
> Android uses ashmem for sharing memory regions. We are looking forward to
> migrating all usecases of ashmem to memfd so that we can possibly remove
> the ashmem driver in the future from staging while also benefiting from
> using memfd and contributing to it. Note staging drivers are also not ABI
> and generally can be removed at anytime.
>
> One of the main usecases Android has is the ability to create a region and
> mmap it as writeable, then add protection against making any "future"
> writes while keeping the existing already mmap'ed writeable-region active.
> This allows us to implement a usecase where receivers of the shared
> memory buffer can get a read-only view, while the sender continues to
> write to the buffer. See CursorWindow documentation in Android for more
> details:
> https://developer.android.com/reference/android/database/CursorWindow
>
> This usecase cannot be implemented with the existing F_SEAL_WRITE seal.
> To support the usecase, this patch adds a new F_SEAL_FUTURE_WRITE seal
> which prevents any future mmap and write syscalls from succeeding while
> keeping the existing mmap active.
>
> A better way to do F_SEAL_FUTURE_WRITE seal was discussed [1] last week
> where we don't need to modify core VFS structures to get the same
> behavior of the seal. This solves several side-effects pointed by Andy.
> self-tests are provided in later patch to verify the expected semantics.
>
> [1] https://lore.kernel.org/lkml/20181111173650.GA256781 at google.com/
This changelog doesn't have the nifty test case code which was in
earlier versions?
WARNING: multiple messages have this Message-ID (diff)
From: akpm@linux-foundation.org (Andrew Morton)
Subject: [PATCH -next 1/2] mm/memfd: make F_SEAL_FUTURE_WRITE seal more robust
Date: Sat, 24 Nov 2018 16:42:29 -0800 [thread overview]
Message-ID: <20181124164229.89c670b6e7a3530ef7b0a40c@linux-foundation.org> (raw)
Message-ID: <20181125004229.PpREylDyRf70-UU3hEwA33WNwMeCIDHYyM-lHRi8cNg@z> (raw)
In-Reply-To: <20181122230906.GA198127@google.com>
On Thu, 22 Nov 2018 15:09:06 -0800 Joel Fernandes <joel@joelfernandes.org> wrote:
> Android uses ashmem for sharing memory regions. We are looking forward to
> migrating all usecases of ashmem to memfd so that we can possibly remove
> the ashmem driver in the future from staging while also benefiting from
> using memfd and contributing to it. Note staging drivers are also not ABI
> and generally can be removed at anytime.
>
> One of the main usecases Android has is the ability to create a region and
> mmap it as writeable, then add protection against making any "future"
> writes while keeping the existing already mmap'ed writeable-region active.
> This allows us to implement a usecase where receivers of the shared
> memory buffer can get a read-only view, while the sender continues to
> write to the buffer. See CursorWindow documentation in Android for more
> details:
> https://developer.android.com/reference/android/database/CursorWindow
>
> This usecase cannot be implemented with the existing F_SEAL_WRITE seal.
> To support the usecase, this patch adds a new F_SEAL_FUTURE_WRITE seal
> which prevents any future mmap and write syscalls from succeeding while
> keeping the existing mmap active.
>
> A better way to do F_SEAL_FUTURE_WRITE seal was discussed [1] last week
> where we don't need to modify core VFS structures to get the same
> behavior of the seal. This solves several side-effects pointed by Andy.
> self-tests are provided in later patch to verify the expected semantics.
>
> [1] https://lore.kernel.org/lkml/20181111173650.GA256781 at google.com/
This changelog doesn't have the nifty test case code which was in
earlier versions?
next prev parent reply other threads:[~2018-11-25 0:42 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-20 5:21 [PATCH -next 1/2] mm/memfd: make F_SEAL_FUTURE_WRITE seal more robust Joel Fernandes (Google)
2018-11-20 5:21 ` Joel Fernandes (Google)
2018-11-20 5:21 ` joel
2018-11-20 5:21 ` [PATCH -next 2/2] selftests/memfd: modify tests for F_SEAL_FUTURE_WRITE seal Joel Fernandes (Google)
2018-11-20 5:21 ` Joel Fernandes (Google)
2018-11-20 5:21 ` joel
2018-11-22 23:21 ` Joel Fernandes
2018-11-22 23:21 ` Joel Fernandes
2018-11-22 23:21 ` joel
2018-11-20 15:13 ` [PATCH -next 1/2] mm/memfd: make F_SEAL_FUTURE_WRITE seal more robust Andy Lutomirski
2018-11-20 15:13 ` Andy Lutomirski
2018-11-20 15:13 ` Andy Lutomirski
2018-11-20 15:13 ` luto
2018-11-20 18:39 ` Joel Fernandes
2018-11-20 18:39 ` Joel Fernandes
2018-11-20 18:39 ` Joel Fernandes
2018-11-20 18:39 ` joel
2018-11-20 20:07 ` Stephen Rothwell
2018-11-20 20:07 ` Stephen Rothwell
2018-11-20 20:07 ` Stephen Rothwell
2018-11-20 20:07 ` sfr
2018-11-20 20:33 ` Andy Lutomirski
2018-11-20 20:33 ` Andy Lutomirski
2018-11-20 20:33 ` Andy Lutomirski
2018-11-20 20:33 ` luto
2018-11-20 20:47 ` Joel Fernandes
2018-11-20 20:47 ` Joel Fernandes
2018-11-20 20:47 ` Joel Fernandes
2018-11-20 20:47 ` joel
2018-11-20 21:02 ` Andy Lutomirski
2018-11-20 21:02 ` Andy Lutomirski
2018-11-20 21:02 ` Andy Lutomirski
2018-11-20 21:02 ` luto
2018-11-20 21:13 ` Joel Fernandes
2018-11-20 21:13 ` Joel Fernandes
2018-11-20 21:13 ` Joel Fernandes
2018-11-20 21:13 ` Joel Fernandes
2018-11-20 21:13 ` joel
2018-11-22 2:27 ` Andrew Morton
2018-11-22 2:27 ` Andrew Morton
2018-11-22 2:27 ` Andrew Morton
2018-11-22 2:27 ` akpm
2018-11-22 3:25 ` Andy Lutomirski
2018-11-22 3:25 ` Andy Lutomirski
2018-11-22 3:25 ` Andy Lutomirski
2018-11-22 3:25 ` luto
2018-11-22 23:09 ` Joel Fernandes
2018-11-22 23:09 ` Joel Fernandes
2018-11-22 23:09 ` Joel Fernandes
2018-11-22 23:09 ` joel
2018-11-25 0:42 ` Andrew Morton [this message]
2018-11-25 0:42 ` Andrew Morton
2018-11-25 0:42 ` Andrew Morton
2018-11-25 0:42 ` akpm
2018-11-25 0:47 ` Matthew Wilcox
2018-11-25 0:47 ` Matthew Wilcox
2018-11-25 0:47 ` Matthew Wilcox
2018-11-25 0:47 ` willy
2018-11-26 13:35 ` Joel Fernandes
2018-11-26 13:35 ` Joel Fernandes
2018-11-26 13:35 ` Joel Fernandes
2018-11-26 13:35 ` joel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181124164229.89c670b6e7a3530ef7b0a40c@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=hughd@google.com \
--cc=jannh@google.com \
--cc=joel@joelfernandes.org \
--cc=khalid.aziz@oracle.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=marcandre.lureau@redhat.com \
--cc=mike.kravetz@oracle.com \
--cc=sfr@canb.auug.org.au \
--cc=shuah@kernel.org \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.