From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7123C7619C for ; Sun, 16 Feb 2020 06:47:00 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 9C5DB22522 for ; Sun, 16 Feb 2020 06:47:00 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="FeIN6dVV" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9C5DB22522 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 23A8F6B0003; Sun, 16 Feb 2020 01:47:00 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 1C3456B0006; Sun, 16 Feb 2020 01:47:00 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0B23F6B0007; Sun, 16 Feb 2020 01:47:00 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0034.hostedemail.com [216.40.44.34]) by kanga.kvack.org (Postfix) with ESMTP id E1A656B0003 for ; Sun, 16 Feb 2020 01:46:59 -0500 (EST) Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 84A85180AD80F for ; Sun, 16 Feb 2020 06:46:59 +0000 (UTC) X-FDA: 76495057758.21.pie36_5a1a824fe7259 X-HE-Tag: pie36_5a1a824fe7259 X-Filterd-Recvd-Size: 3268 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf35.hostedemail.com (Postfix) with ESMTP for ; Sun, 16 Feb 2020 06:46:59 +0000 (UTC) Received: from hump.haifa.ibm.com (nesher1.haifa.il.ibm.com [195.110.40.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 400CF20659; Sun, 16 Feb 2020 06:46:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1581835618; bh=0Glmy2rHz9Nf2Jk6JgoRKqRnT6KMFXNB47KY1ashgzA=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=FeIN6dVVEIRThZ2RgK/fA7L8n90zXVh6xftACf3uAvtFfHrlNAPq66yQ1RfEX3fJT XEbXDLFzjWyFXbnapOP1OCC3WbScqsUtAPrQi5qvRmLQscnMJO1AWyavFd4VwQi5/L 51D+zQAcS/gs6QwAQIZBdOE9r22m+xCJtA/hvX7w= Date: Sun, 16 Feb 2020 08:46:50 +0200 From: Mike Rapoport To: Jonathan Corbet Cc: linux-kernel@vger.kernel.org, Alan Cox , Andrew Morton , Andy Lutomirski , Christopher Lameter , Dave Hansen , James Bottomley , "Kirill A. Shutemov" , Matthew Wilcox , Peter Zijlstra , "Reshetova, Elena" , Thomas Gleixner , Tycho Andersen , linux-api@vger.kernel.org, linux-mm@kvack.org Subject: Re: [RFC PATCH] mm: extend memfd with ability to create "secret" memory areas Message-ID: <20200216064650.GB22092@hump.haifa.ibm.com> References: <20200130162340.GA14232@rapoport-lnx> <20200212141029.7b89acee@lwn.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200212141029.7b89acee@lwn.net> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Feb 12, 2020 at 02:10:29PM -0700, Jonathan Corbet wrote: > On Thu, 30 Jan 2020 18:23:41 +0200 > Mike Rapoport wrote: > > > Hi, > > > > This is essentially a resend of my attempt to implement "secret" mappings > > using a file descriptor [1]. > > So one little thing I was curious about as I read through the patch... > > > +static int secretmem_check_limits(struct vm_fault *vmf) > > +{ > > + struct secretmem_state *state = vmf->vma->vm_file->private_data; > > + struct inode *inode = file_inode(vmf->vma->vm_file); > > + unsigned long limit; > > + > > + if (((loff_t)vmf->pgoff << PAGE_SHIFT) >= i_size_read(inode)) > > + return -EINVAL; > > + > > + limit = rlimit(RLIMIT_MEMLOCK) >> PAGE_SHIFT; > > + if (state->nr_pages + 1 >= limit) > > + return -EPERM; > > + > > + return 0; > > +} > > If I'm not mistaken, this means each memfd can be RLIMIT_MEMLOCK in length, > with no global limit on the number of locked pages. What's keeping me from > creating 1000 of these things and locking down lots of RAM? Indeed, it's possible to lock down RLIMIT_MEMLOCK * RLIMIT_NOFILE of RAM with this implementation, thanks for catching this. I'll surely update the resource limiting once we've settle on the API selection :) > Thanks, > > jon > -- Sincerely yours, Mike.