From: Mike Rapoport <rppt@kernel.org>
To: Jonathan Corbet <corbet@lwn.net>
Cc: linux-kernel@vger.kernel.org, Alan Cox <alan@linux.intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@kernel.org>,
Christopher Lameter <cl@linux.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
James Bottomley <jejb@linux.ibm.com>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Matthew Wilcox <willy@infradead.org>,
Peter Zijlstra <peterz@infradead.org>,
"Reshetova, Elena" <elena.reshetova@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Tycho Andersen <tycho@tycho.ws>,
linux-api@vger.kernel.org, linux-mm@kvack.org
Subject: Re: [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas
Date: Sun, 16 Feb 2020 08:46:50 +0200 [thread overview]
Message-ID: <20200216064650.GB22092@hump.haifa.ibm.com> (raw)
In-Reply-To: <20200212141029.7b89acee@lwn.net>
On Wed, Feb 12, 2020 at 02:10:29PM -0700, Jonathan Corbet wrote:
> On Thu, 30 Jan 2020 18:23:41 +0200
> Mike Rapoport <rppt@kernel.org> wrote:
>
> > Hi,
> >
> > This is essentially a resend of my attempt to implement "secret" mappings
> > using a file descriptor [1].
>
> So one little thing I was curious about as I read through the patch...
>
> > +static int secretmem_check_limits(struct vm_fault *vmf)
> > +{
> > + struct secretmem_state *state = vmf->vma->vm_file->private_data;
> > + struct inode *inode = file_inode(vmf->vma->vm_file);
> > + unsigned long limit;
> > +
> > + if (((loff_t)vmf->pgoff << PAGE_SHIFT) >= i_size_read(inode))
> > + return -EINVAL;
> > +
> > + limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT;
> > + if (state->nr_pages + 1 >= limit)
> > + return -EPERM;
> > +
> > + return 0;
> > +}
>
> If I'm not mistaken, this means each memfd can be RLIMIT_MEMLOCK in length,
> with no global limit on the number of locked pages. What's keeping me from
> creating 1000 of these things and locking down lots of RAM?
Indeed, it's possible to lock down RLIMIT_MEMLOCK * RLIMIT_NOFILE of RAM
with this implementation, thanks for catching this.
I'll surely update the resource limiting once we've settle on the API
selection :)
> Thanks,
>
> jon
>
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2020-02-16 6:47 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-30 16:23 [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas Mike Rapoport
2020-02-06 18:51 ` Dave Hansen
2020-02-08 17:39 ` Mike Rapoport
2020-02-10 8:06 ` Reshetova, Elena
2020-02-11 19:52 ` Edgecombe, Rick P
2020-02-12 21:10 ` Jonathan Corbet
2020-02-16 6:46 ` Mike Rapoport [this message]
2020-08-14 17:46 ` Andy Lutomirski
2020-08-14 18:09 ` Dave Hansen
2020-08-26 16:54 ` Andy Lutomirski
2020-08-26 19:01 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200216064650.GB22092@hump.haifa.ibm.com \
--to=rppt@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=alan@linux.intel.com \
--cc=cl@linux.com \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=elena.reshetova@intel.com \
--cc=jejb@linux.ibm.com \
--cc=kirill@shutemov.name \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tycho@tycho.ws \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).