From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9557EC47098 for ; Thu, 3 Jun 2021 13:58:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 79150613E7 for ; Thu, 3 Jun 2021 13:58:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231459AbhFCOAW (ORCPT ); Thu, 3 Jun 2021 10:00:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231415AbhFCOAV (ORCPT ); Thu, 3 Jun 2021 10:00:21 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C856DC06174A for ; Thu, 3 Jun 2021 06:58:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=+FpiVrMEbOqRGaeMB09DrnctJgDKR4e1rzAT2/F3j5Y=; b=NzEdjOLTc4TIfA385DUiwiv9uV tBRBe3N2XKdxbiVKP2gfi1QztN63Cup2qCX3MbRjB/QeuyreB1xU+/uVGph1xSO5bUCz60LdN4xXH om/LQGbAcdREA/zxcdr4Tn1ZzKZ9D9LpxDJzfEtC1VRNGjce5AKHdEFnb95/hIu5vhUrcgsXYZFvf uR089iqb2JiFxtDsv5yLPfjcVvVLWeUpkam2Puv48OcScdMikD0QxxIjMQiha9mSm9xAvWuQFa5BL j7z6SdJMZQt7i55LI2t8fiEe9cdguaeaCp/TfFNzrRzkK3787Sf4Jww6V5iLlY+nu0JqKYqV+DjlC uXuOymzA==; Received: from willy by casper.infradead.org with local (Exim 4.94 #2 (Red Hat Linux)) id 1lonqu-00CDEP-Lu; Thu, 03 Jun 2021 13:57:45 +0000 Date: Thu, 3 Jun 2021 14:57:40 +0100 From: Matthew Wilcox To: Simon Ser Cc: Hugh Dickins , Linus Torvalds , "Lin, Ming" , Peter Xu , "Kirill A. Shutemov" , Dan Williams , "Kirill A. Shutemov" , Will Deacon , Linux Kernel Mailing List , David Herrmann , "linux-mm@kvack.org" , Greg Kroah-Hartman , "tytso@mit.edu" Subject: Re: Sealed memfd & no-fault mmap Message-ID: References: <7718ec5b-0a9e-ffa6-16f2-bc0b6afbd9ab@gmail.com> <80c87e6b-6050-bf23-2185-ded408df4d0f@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jun 03, 2021 at 01:14:47PM +0000, Simon Ser wrote: > On Saturday, May 29th, 2021 at 10:15 PM, Hugh Dickins wrote: > > > And IIUC it would have to be the recipient (Wayland compositor) doing > > the NOFAULT business, because (going back to the original mail) we are > > only considering this so that Wayland might satisfy clients who predate > > or refuse Linux-only APIs. So, an ioctl (or fcntl, as sealing chose) > > at the client end cannot be expected; and could not be relied on anyway. > > Yes, that is correct. > > > NOFAULT? Does BSD use "fault" differently, and in Linux terms we > > would say NOSIGBUS to mean the same? > > > > Can someone point to a specification of BSD's __MAP_NOFAULT? > > Searching just found me references to bugs. > > __MAP_NOFAULT isn't documented, sadly. The commit that introduces the > flag [1] is the best we're going to get, I think. > > > What mainly worries me about the suggestion is: what happens to the > > zero page inserted into NOFAULT mappings, when later a page for that > > offset is created and added to page cache? > > Not 100% sure exactly this means what I think it means, but from my PoV, > it's fine if the contents of an expanded shm file aren't visible from the > process that has mapped it with MAP_NOFAULT/MAP_NOSIGBUS. In other words, > it's fine if: > > - The client sets up a 1KiB shm file and sends it to the compositor. > - The compositor maps it with MAP_NOFAULT/MAP_NOSIGBUS. > - The client expands the file to 2KiB and writes interesting data in it. > - The compositor still sees zeros past the 1KiB mark. The compositor needs > to unmap and re-map the file to see the data past the 1KiB mark. > > If the MAP_NOFAULT/MAP_NOSIGBUS flag only affects the mapping itself and > nothing else, this should be fine? This is going to operate at a page boundary, so the example you gave will work. How about this: - The client sets up a 1KiB shm file and sends it to the compositor. - The client expands the file to 5KiB - The compositor sees the new data up to 4KiB but zeroes past the 4KiB mark. Does that still make userspace happy?