All of lore.kernel.org
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@kernel.org>
To: Lorenzo Stoakes <lstoakes@gmail.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>,
	Matthew Wilcox <willy@infradead.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Muchun Song <muchun.song@linux.dev>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Christian Brauner <brauner@kernel.org>,
	linux-fsdevel@vger.kernel.org, Jan Kara <jack@suse.cz>,
	Hugh Dickins <hughd@google.com>
Subject: Re: [PATCH v2 3/3] mm: perform the mapping_map_writable() check after call_mmap()
Date: Mon, 1 May 2023 12:02:00 -0700	[thread overview]
Message-ID: <CALCETrV1QWSjZR_PQgQdyS8rrg4hhrs1u+FyJh43H-gA7CzkFg@mail.gmail.com> (raw)
In-Reply-To: <6f3aea05c9cc46094b029cbd1138d163c1ae7f9d.1682890156.git.lstoakes@gmail.com>

On Sun, Apr 30, 2023 at 3:26 PM Lorenzo Stoakes <lstoakes@gmail.com> wrote:
>
> In order for a F_SEAL_WRITE sealed memfd mapping to have an opportunity to
> clear VM_MAYWRITE, we must be able to invoke the appropriate vm_ops->mmap()
> handler to do so. We would otherwise fail the mapping_map_writable() check
> before we had the opportunity to avoid it.

Is there any reason this can't go before patch 3?

If I'm understanding correctly, a comment like the following might
make this a lot more comprehensible:

>
> This patch moves this check after the call_mmap() invocation. Only memfd
> actively denies write access causing a potential failure here (in
> memfd_add_seals()), so there should be no impact on non-memfd cases.
>
> This patch makes the userland-visible change that MAP_SHARED, PROT_READ
> mappings of an F_SEAL_WRITE sealed memfd mapping will now succeed.
>
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=217238
> Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com>
> ---
>  mm/mmap.c | 12 ++++++------
>  1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/mm/mmap.c b/mm/mmap.c
> index 646e34e95a37..1608d7f5a293 100644
> --- a/mm/mmap.c
> +++ b/mm/mmap.c
> @@ -2642,17 +2642,17 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
>         vma->vm_pgoff = pgoff;
>
>         if (file) {
> -               if (is_shared_maywrite(vm_flags)) {
> -                       error = mapping_map_writable(file->f_mapping);
> -                       if (error)
> -                               goto free_vma;
> -               }
> -
>                 vma->vm_file = get_file(file);
>                 error = call_mmap(file, vma);
>                 if (error)
>                         goto unmap_and_free_vma;
>

/* vm_ops->mmap() may have changed vma->flags.  Check for writability now. */

> +               if (vma_is_shared_maywrite(vma)) {
> +                       error = mapping_map_writable(file->f_mapping);
> +                       if (error)
> +                               goto close_and_free_vma;
> +               }
> +

Alternatively, if anyone is nervous about the change in ordering here,
there could be a whole new vm_op like adjust_vma_flags() that happens
before any of this.

--Andy

  reply	other threads:[~2023-05-01 19:02 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-30 22:26 [PATCH v2 0/3] permit write-sealed memfd read-only shared mappings Lorenzo Stoakes
2023-04-30 22:26 ` [PATCH v2 1/3] mm: drop the assumption that VM_SHARED always implies writable Lorenzo Stoakes
2023-04-30 22:26 ` [PATCH v2 2/3] mm: update seal_check_[future_]write() to include F_SEAL_WRITE as well Lorenzo Stoakes
2023-04-30 22:26 ` [PATCH v2 3/3] mm: perform the mapping_map_writable() check after call_mmap() Lorenzo Stoakes
2023-05-01 19:02   ` Andy Lutomirski [this message]
2023-05-02  7:57     ` Lorenzo Stoakes
2023-05-16  5:52   ` kernel test robot
2023-10-07 20:07     ` Lorenzo Stoakes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALCETrV1QWSjZR_PQgQdyS8rrg4hhrs1u+FyJh43H-gA7CzkFg@mail.gmail.com \
    --to=luto@kernel.org \
    --cc=akpm@linux-foundation.org \
    --cc=brauner@kernel.org \
    --cc=hughd@google.com \
    --cc=jack@suse.cz \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=lstoakes@gmail.com \
    --cc=mike.kravetz@oracle.com \
    --cc=muchun.song@linux.dev \
    --cc=viro@zeniv.linux.org.uk \
    --cc=willy@infradead.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.