From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C14B4C3F2D1 for ; Tue, 3 Mar 2020 22:51:29 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 7FD6B2072A for ; Tue, 3 Mar 2020 22:51:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="JD1txqd3" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7FD6B2072A Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 1A2EF6B0007; Tue, 3 Mar 2020 17:51:29 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 12CA36B0008; Tue, 3 Mar 2020 17:51:29 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id F34F46B000A; Tue, 3 Mar 2020 17:51:28 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0042.hostedemail.com [216.40.44.42]) by kanga.kvack.org (Postfix) with ESMTP id D800B6B0007 for ; Tue, 3 Mar 2020 17:51:28 -0500 (EST) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 904E45DF5 for ; Tue, 3 Mar 2020 22:51:28 +0000 (UTC) X-FDA: 76555549056.22.fowl08_8141fac689b5e X-HE-Tag: fowl08_8141fac689b5e X-Filterd-Recvd-Size: 7525 Received: from mail-wm1-f66.google.com (mail-wm1-f66.google.com [209.85.128.66]) by imf16.hostedemail.com (Postfix) with ESMTP for ; Tue, 3 Mar 2020 22:51:28 +0000 (UTC) Received: by mail-wm1-f66.google.com with SMTP id e26so4608174wme.5 for ; Tue, 03 Mar 2020 14:51:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:subject:to:cc:from:message-id; bh=laP7MxKBVV8c2S6Jis3XJOTsg2fYmzkinHKDY5LAHSk=; b=JD1txqd3IOGqSsEqt8swCfUFgbBgrPmhiSEutbN0R9gWxPYPjvJGz7I+lufHRQFhzZ 230hUW4irIpjhepNk5MHpNvzC6Azn0NKKId0AZFSs0Ud1yYc/aa3rot6w4szQi3ZQ+bn dAQuZ0cG/rz4//MiUtHKdS1qOimj5UeSOopTeBh+9H/hRnOmQbfrDrQcp5SXA+a9hHz2 hGJicNpF0L+lw3V2XqXAE9wihOueNXKNIcc+e/QIiiIvWks2YVgN0t0uZ4N4l50EI41k E+/8GhLa/rGjLL0eHS/PgQyT6uRHxHncWOG8qbQeWVkM1U/+D04dGuDJ73YI1bN8E1l6 iCdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:user-agent:in-reply-to:references :mime-version:content-transfer-encoding:subject:to:cc:from :message-id; bh=laP7MxKBVV8c2S6Jis3XJOTsg2fYmzkinHKDY5LAHSk=; b=EcmdiraEwnhFgGLxy05q/wdm/wer5ByTwRo2BoqJNWn9PtkH6TY5gi4831NBqLcNXj iKpFaqI0FMY6B1QyQ3/tQFllKmRwFo0Z2LI9g9RLJPLNCkTIiHRlkXPuRbTUk9VECEFl X9HaA+lBN9sU+HKAwjlptVMiFpCIB8a9YogkIxuPZGr632GEB0liSmfTJhugO9LtB0j0 5i6EycKkBu+A/DkN7n0/aUhwjFd3LNIlmtskLhowRb1MhuqjIJDAplA+bgSNSYgOzimo z/UY49PdBXy7RZK4Z3MSDMxl+jVx24oL69QorqQejPr+6c2aWCA3jXJZFFsgFLW5pnOf WhmQ== X-Gm-Message-State: ANhLgQ2+gaVUH8xtHiLSPmm0a8MkRns/MZpOPT5pCneL+qXoUHR1VR95 8Gkd6vvdfiIMDEmR+76no78= X-Google-Smtp-Source: ADFU+vsxB4sIIDqZMMAXSkE88XTGtmj3FYVjpd4o7rClO/ylj6m4q6JJ2hinEfE1z/DBpSVtYkgMvg== X-Received: by 2002:a1c:7ed0:: with SMTP id z199mr760362wmc.52.1583275886930; Tue, 03 Mar 2020 14:51:26 -0800 (PST) Received: from localhost ([185.220.101.77]) by smtp.gmail.com with ESMTPSA id b18sm36280260wrm.86.2020.03.03.14.51.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 03 Mar 2020 14:51:26 -0800 (PST) Date: Tue, 03 Mar 2020 22:51:22 +0000 User-Agent: K-9 Mail for Android In-Reply-To: <20200303190212.GC8037@magnolia> References: <20200229170825.GX8045@magnolia> <20200229180716.GA31323@dumbo> <20200229183820.GA8037@magnolia> <20200229200200.GA10970@dumbo> <20200303190212.GC8037@magnolia> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PATCH] hibernate: unlock swap bdev for writing when uswsusp is active To: "Darrick J. Wong" ,"Rafael J. Wysocki" CC: Domenico Andreoli ,Linux PM ,Linux Memory Management List ,linux-fsdevel@vger.kernel.org,mkleinsoft@gmail.com,Christoph Hellwig ,Andrew Morton ,"Rafael J. Wysocki" ,Len Brown ,Pavel Machek From: Domenico Andreoli Message-ID: <9E4A0457-39B1-45E2-AEA2-22C730BF2C4F@gmail.com> X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On March 3, 2020 7:02:12 PM UTC, "Darrick J=2E Wong" wrote: >On Sun, Mar 01, 2020 at 10:35:36PM +0100, Rafael J=2E Wysocki wrote: >> On Sat, Feb 29, 2020 at 9:02 PM Domenico Andreoli >> wrote: >> > >> > On Sat, Feb 29, 2020 at 10:38:20AM -0800, Darrick J=2E Wong wrote: >> > > On Sat, Feb 29, 2020 at 07:07:16PM +0100, Domenico Andreoli >wrote: >> > > > On Sat, Feb 29, 2020 at 09:08:25AM -0800, Darrick J=2E Wong >wrote: >> > > > > From: Darrick J=2E Wong >> > > > > >> > > > > It turns out that there /is/ one use case for programs being >able to >> > > > > write to swap devices, and that is the userspace hibernation >code=2E The >> > > > > uswsusp ioctls allow userspace to lease parts of swap >devices, so turn >> > > > > S_SWAPFILE off when invoking suspend=2E >> > > > > >> > > > > Fixes: 1638045c3677 ("mm: set S_SWAPFILE on blockdev swap >devices") >> > > > > Reported-by: Domenico Andreoli >> > > > > Reported-by: Marian Klein >> > > > >> > > > I also tested it yesterday but was not satisfied, unfortunately >I did >> > > > not come with my comment in time=2E >> > > > >> > > > Yes, I confirm that the uswsusp works again but also checked >that >> > > > swap_relockall() is not triggered at all and therefore after >the first >> > > > hibernation cycle the S_SWAPFILE bit remains cleared and the >whole >> > > > swap_relockall() is useless=2E >> > > > >> > > > I'm not sure this patch should be merged in the current form=2E >> > > >> > > NNGGHHGGHGH /me is rapidly losing his sanity and will soon just >revert >> > > the whole security feature because I'm getting fed up with people >> > > yelling at me *while I'm on vacation* trying to *restore* my >sanity=2E I >> > > really don't want to be QAing userspace-directed hibernation >right now=2E >> > >> > Maybe we could proceed with the first patch to amend the regression >and >> > postpone the improved fix to a later patch? Don't loose sanity for >this=2E >>=20 >> I would concur here=2E >>=20 >> > > =2E=2E=2Eright, the patch is broken because we have to relock the >swapfiles in >> > > whatever code executes after we jump back to the restored kernel, >not in >> > > the one that's doing the restoring=2E Does this help? >> > >> > I made a few unsuccessful attempts in kernel/power/hibernate=2Ec and >> > eventually I'm switching to qemu to speed up the test cycle=2E >> > >> > > OTOH, maybe we should just leave the swapfiles unlocked after >resume=2E >> > > Userspace has clearly demonstrated the one usecase for writing to >the >> > > swapfile, which means anyone could have jumped in while uswsusp >was >> > > running and written whatever crap they wanted to the parts of the >swap >> > > file that weren't leased for the hibernate image=2E >> > >> > Essentially, if the hibernation is supported the swapfile is not >totally >> > safe=2E >>=20 >> But that's only the case with the userspace variant, isn't it? > >Yes=2E > >> > Maybe user-space hibernation should be a separate option=2E >>=20 >> That actually is not a bad idea at all in my view=2E > >The trouble with kconfig options is that the distros will be pressued >into setting CONFIG_HIBERNATE_USERSPACE=3Dy to avoid regressing their >uswsusp users, which makes the added security code pointless=2E As this True but there are not only distros otherwise the kernel would not have an= y option at all=2E It's actually very nice that if hibernation is disabled no userspace is ev= er allowed to write to the swap=2E >has clearly sucked me into a conflict that I don't have the resources >to >pursue, I'm going to revert the write patch checks and move on with >life=2E I don't see the need of reverting anything, I can deal with these issues i= f you are busy on something else=2E > >--D > >> Thanks!