Re: Sealed memfd & no-fault mmap

From: "Lin, Ming" <minggr@gmail.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
	Hugh Dickins <hughd@google.com>
Cc: Simon Ser <contact@emersion.fr>, Peter Xu <peterx@redhat.com>,
	"Kirill A. Shutemov" <kirill@shutemov.name>,
	Matthew Wilcox <willy@infradead.org>,
	Dan Williams <dan.j.williams@intel.com>,
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
	Will Deacon <will@kernel.org>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	David Herrmann <dh.herrmann@gmail.com>,
	"linux-mm@kvack.org" <linux-mm@kvack.org>,
	Greg Kroah-Hartman <greg@kroah.com>,
	"tytso@mit.edu" <tytso@mit.edu>
Subject: Re: Sealed memfd & no-fault mmap
Date: Sat, 29 May 2021 00:31:39 -0700	[thread overview]
Message-ID: <80c87e6b-6050-bf23-2185-ded408df4d0f@gmail.com> (raw)
In-Reply-To: <CAHk-=wjv3-eP7mSDJbuvaB+CbyyKc4g_nEzhQLcueOd0_YuiBg@mail.gmail.com>

On 5/28/2021 6:03 PM, Linus Torvalds wrote:
> On Fri, May 28, 2021 at 7:07 AM Lin, Ming <minggr@gmail.com> wrote:
>>
>> Does something like following draft patch on the right track?
> 
> No, I don't think this can work:
> 
>> +               _dst_pte = pte_mkspecial(pfn_pte(my_zero_pfn(dst_addr),
>> +                                        vma->vm_page_prot));
> 
> You can't just blindly insert the zero pfn - for a shared write
> mapping, that would actually allow writes to the zeropage. That would
> be horrible.

I should check the vma is not writable.

diff --git a/mm/shmem.c b/mm/shmem.c
index 856d2d8d4cdf..fa23e38bc692 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1820,7 +1820,7 @@ static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
                 spinlock_t *ptl;
                 int ret;
  
-               if (!IS_NOFAULT(inode))
+               if (!IS_NOFAULT(inode) || (vma->vm_flags & VM_WRITE))
                         return -EINVAL;
  
                 _dst_pte = pte_mkspecial(pfn_pte(my_zero_pfn(dst_addr)


