From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=FJul=NS=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1103EC43214
	for <linux-mm@archiver.kernel.org>; Fri, 27 Aug 2021 23:10:25 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 8AF4060FE6
	for <linux-mm@archiver.kernel.org>; Fri, 27 Aug 2021 23:10:24 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 8AF4060FE6
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=suse.de
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kvack.org
Received: by kanga.kvack.org (Postfix)
	id E40226B006C; Fri, 27 Aug 2021 19:10:23 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id DEF8E8D0001; Fri, 27 Aug 2021 19:10:23 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id CDE156B0072; Fri, 27 Aug 2021 19:10:23 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0245.hostedemail.com [216.40.44.245])
	by kanga.kvack.org (Postfix) with ESMTP id B166D6B006C
	for <linux-mm@kvack.org>; Fri, 27 Aug 2021 19:10:23 -0400 (EDT)
Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id D47B025F3B
	for <linux-mm@kvack.org>; Fri, 27 Aug 2021 23:10:22 +0000 (UTC)
X-FDA: 78522406284.01.74C9FF7
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
	by imf09.hostedemail.com (Postfix) with ESMTP id 6089E3000100
	for <linux-mm@kvack.org>; Fri, 27 Aug 2021 23:10:22 +0000 (UTC)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id E422B1FF4C;
	Fri, 27 Aug 2021 23:10:20 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
	t=1630105820; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=WYbq1NneIVkLuIYGBZZdCrJ1kTQXpgMd3oOVJl3BDig=;
	b=MmbN7fxYOCZu26ad7DTGliARr83akIVsKI0v7+5Ri5atGldJWx7NLhRENUYlIWBQvbCK+6
	FQv3AvFf3fR+NWypVMWOit5l/XOQWEtcmIYlMrTJ96gAIV14TIv2Al3uiGk4XXtP0r3bqp
	JoHeSIbnPeKLwNvcIFKTB6eebJ1X8wc=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
	s=susede2_ed25519; t=1630105820;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=WYbq1NneIVkLuIYGBZZdCrJ1kTQXpgMd3oOVJl3BDig=;
	b=ZxdYj19DO/3coBHKotZV75i5Tm9O7H6FQCwZ78geKqVS28ZeHmaxElrAGSifSdXA1Kk6OY
	ptTW5wH+heLuocDQ==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 3F16E13D7D;
	Fri, 27 Aug 2021 23:10:17 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
	by imap2.suse-dmz.suse.de with ESMTPSA
	id 6rQRO9lwKWFpJgAAMHmgww
	(envelope-from <neilb@suse.de>); Fri, 27 Aug 2021 23:10:17 +0000
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
From: "NeilBrown" <neilb@suse.de>
To: "Christoph Hellwig" <hch@lst.de>
Cc: "Darrick J. Wong" <darrick.wong@oracle.com>,
 "Christoph Hellwig" <hch@lst.de>, "David Howells" <dhowells@redhat.com>,
 torvalds@linux-foundation.org, trond.myklebust@primarydata.com,
 linux-nfs@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org,
 linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Don't block writes to swap-files with ETXTBSY.
In-reply-to: <20210827151644.GB19199@lst.de>
References: <162993585927.7591.10174443410031404560@noble.neil.brown.name>,
 <20210827151644.GB19199@lst.de>
Date: Sat, 28 Aug 2021 09:10:15 +1000
Message-id: <163010581548.7591.7557563272768619093@noble.neil.brown.name>
Authentication-Results: imf09.hostedemail.com;
	dkim=pass header.d=suse.de header.s=susede2_rsa header.b=MmbN7fxY;
	dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=ZxdYj19D;
	spf=pass (imf09.hostedemail.com: domain of neilb@suse.de designates 195.135.220.29 as permitted sender) smtp.mailfrom=neilb@suse.de;
	dmarc=pass (policy=none) header.from=suse.de
X-Stat-Signature: upzqddqbtupdp4e7fhuzcegr67f1bccj
X-Rspamd-Queue-Id: 6089E3000100
X-Rspamd-Server: rspam04
X-HE-Tag: 1630105822-980649
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Sat, 28 Aug 2021, Christoph Hellwig wrote:
> On Thu, Aug 26, 2021 at 09:57:39AM +1000, NeilBrown wrote:
> > 
> > Commit dc617f29dbe5 ("vfs: don't allow writes to swap files")
> > broke swap-over-NFS as it introduced an ETXTBSY error when NFS tries to
> > swap-out using ->direct_IO().
> > 
> > There is no sound justification for this error.  File permissions are
> > sufficient to stop non-root users from writing to a swap file, and root
> > must always be cautious not to do anything dangerous.
> > 
> > These checks effectively provide a mandatory write lock on swap, and
> > mandatory locks are not supported in Linux.
> > 
> > So remove all the checks that return ETXTBSY when attempts are made to
> > write to swap.
> 
> Swap files are not just any files and do need a mandatory write lock
> as they are part of the kernel VM and writing to them will mess up
> the kernel badly.  David Howells actually has sent various patches
> to fix swap over NFS in the last weeks.
> 
> 
There are lots of different things root can do which will mess up the
kernel badly.  The backing-store can still be changed through some other
means.
Do you have a particular threat or risk scenario other than "root might
get careless"?

Yes, I've seen David's patches.  I posted this one because I think the
original patch which broke swap-over-NFS was not just unfortunate, but
wrong.  Permissions are how we protect files, not ETXTBSY.

NeilBrown