From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Z8q0=JY=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-10.8 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 020C3C433B4
	for <linux-mm@archiver.kernel.org>; Tue, 27 Apr 2021 16:52:20 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 84AF2613B0
	for <linux-mm@archiver.kernel.org>; Tue, 27 Apr 2021 16:52:19 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 84AF2613B0
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=linux-foundation.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id EC2316B0075; Tue, 27 Apr 2021 12:52:18 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id E72626B0078; Tue, 27 Apr 2021 12:52:18 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id CECBA6B0082; Tue, 27 Apr 2021 12:52:18 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id B1F2A6B0075
	for <linux-mm@kvack.org>; Tue, 27 Apr 2021 12:52:18 -0400 (EDT)
Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with ESMTP id 731C0485C
	for <linux-mm@kvack.org>; Tue, 27 Apr 2021 16:52:18 +0000 (UTC)
X-FDA: 78078739956.01.C1D9C72
Received: from mail-lj1-f171.google.com (mail-lj1-f171.google.com [209.85.208.171])
	by imf02.hostedemail.com (Postfix) with ESMTP id 0AC0240002C3
	for <linux-mm@kvack.org>; Tue, 27 Apr 2021 16:51:47 +0000 (UTC)
Received: by mail-lj1-f171.google.com with SMTP id b38so27800154ljf.5
        for <linux-mm@kvack.org>; Tue, 27 Apr 2021 09:52:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=FWgiXXfQaK0E33cCutMhNkSO5fLITDBcM8ObK3fClQs=;
        b=JSoo1Q6Ux6YVilEdDbBvktfmzKgysH8k6pccBG6Qan8acirVHJn4ANbg4FH2qQ4Pou
         DojPQcZAWe1Pf17RFLfyAgzQSfqa26ZYj+nYt9DhnbJYYfefGNCaCv8u70BhOf7menPv
         tPpOwGsgE/DLkHJ9nUE/mt+94Rx8RnOP2eSLk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=FWgiXXfQaK0E33cCutMhNkSO5fLITDBcM8ObK3fClQs=;
        b=IihMPutmtTsJSm5lwlKwwbazCHN7ij4mCI3Pc79KE5PS0uLvFGJJpgO4UPMr7HpnKi
         GCth1UzMOWw3hbauQrsvysMQyQR10+mjH90AZ5Pp9JBXs2acNK44k0b8W1piD4NXhusi
         fmVME8xQCoxB3nu82Fxt7zODvYfPB3vWx8KvgTmtVZuIHC1Sv5nGw5CqUu4+i71WECN8
         U8omnOsYZmYH17oR2Btd29QDaiUVcg6w6AHBzDh6mwUoAerm1mo+pKti/tdu3QUGy0ui
         RRL3vsJwSDQJ1retWBccBwgE86CQ7IOC74jCfYJFFZ0X5Wt05BMQPhZQGsuVhr/DbRuO
         2unA==
X-Gm-Message-State: AOAM532sScPI/GpWx98El8yIgxV7eHQGVpZOae5rgJybgwOr1U7szSct
	R+Ej4QPr/mVdTc02N6+jLkXhTMpH9qEjyOHQ
X-Google-Smtp-Source: ABdhPJzMae9pg9G+u/zMY2d0wf+PU5y+8tDz98UFye//BLtKLLZUQFlGp/lRAz3Pa0uWVJ4353n9wQ==
X-Received: by 2002:a2e:9a0a:: with SMTP id o10mr17666954lji.216.1619542336178;
        Tue, 27 Apr 2021 09:52:16 -0700 (PDT)
Received: from mail-lj1-f176.google.com (mail-lj1-f176.google.com. [209.85.208.176])
        by smtp.gmail.com with ESMTPSA id g14sm89892lfr.274.2021.04.27.09.52.14
        for <linux-mm@kvack.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 27 Apr 2021 09:52:14 -0700 (PDT)
Received: by mail-lj1-f176.google.com with SMTP id o16so68939893ljp.3
        for <linux-mm@kvack.org>; Tue, 27 Apr 2021 09:52:14 -0700 (PDT)
X-Received: by 2002:a2e:880f:: with SMTP id x15mr15524458ljh.507.1619542334557;
 Tue, 27 Apr 2021 09:52:14 -0700 (PDT)
MIME-Version: 1.0
References: <vs1Us2sm4qmfvLOqNat0-r16GyfmWzqUzQ4KHbXJwEcjhzeoQ4sBTxx7QXDG9B6zk5AeT7FsNb3CSr94LaKy6Novh1fbbw8D_BBxYsbPLms=@emersion.fr>
In-Reply-To: <vs1Us2sm4qmfvLOqNat0-r16GyfmWzqUzQ4KHbXJwEcjhzeoQ4sBTxx7QXDG9B6zk5AeT7FsNb3CSr94LaKy6Novh1fbbw8D_BBxYsbPLms=@emersion.fr>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 27 Apr 2021 09:51:58 -0700
X-Gmail-Original-Message-ID: <CAHk-=wgmGv2EGscKSi8SrQWtEVpEQyk-ZN1Xj4EoAB87Dmx1gA@mail.gmail.com>
Message-ID: <CAHk-=wgmGv2EGscKSi8SrQWtEVpEQyk-ZN1Xj4EoAB87Dmx1gA@mail.gmail.com>
Subject: Re: Sealed memfd & no-fault mmap
To: Simon Ser <contact@emersion.fr>, 
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, Peter Xu <peterx@redhat.com>, 
	Will Deacon <will@kernel.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>, David Herrmann <dh.herrmann@gmail.com>, 
	"linux-mm@kvack.org" <linux-mm@kvack.org>, Greg Kroah-Hartman <greg@kroah.com>, "tytso@mit.edu" <tytso@mit.edu>
Content-Type: multipart/mixed; boundary="0000000000008cfa7505c0f7158a"
X-Rspamd-Server: rspam03
X-Rspamd-Queue-Id: 0AC0240002C3
X-Stat-Signature: w6u998aimgwddys516mkj1pzc1675mkt
Received-SPF: none (linuxfoundation.org>: No applicable sender policy available) receiver=imf02; identity=mailfrom; envelope-from="<torvalds@linuxfoundation.org>"; helo=mail-lj1-f171.google.com; client-ip=209.85.208.171
X-HE-DKIM-Result: pass/pass
X-HE-Tag: 1619542307-687480
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

--0000000000008cfa7505c0f7158a
Content-Type: text/plain; charset="UTF-8"

On Tue, Apr 27, 2021 at 1:25 AM Simon Ser <contact@emersion.fr> wrote:
>
> Rather than requiring changes in all compositors *and* clients, can we
> maybe only require changes in compositors? For instance, OpenBSD has a
> __MAP_NOFAULT flag. When passed to mmap, it means that out-of-bound
> accesses will read as zeroes instead of triggering SIGBUS. Such a flag
> would be very helpful to unblock the annoying SIGBUS situation.
>
> Would something among these lines be welcome in the Linux kernel?

Hmm. It doesn't look too hard to do. The biggest problem is actually
that we've run out of flags in the vma (on 32-bit architectures), but
you could try this UNTESTED patch that just does the MAP_NOFAULT thing
unconditionally.

NOTE! Not only is it untested, not only is this a "for your testing
only" (because it does it unconditionally rather than only for
__MAP_NOFAULT), but it might be bogus for other reasons. In
particular, this patch depends on "vmf->address" not being changed by
the ->fault() infrastructure, so that we can just re-use the vmf for
the anonymous case if we get a SIGBUS.

I think that's all ok these days, because Kirill and Peter Xu cleaned
up those paths, but I didn't actually check. So I'm cc'ing Kirill,
Peter and Will, who have been working in this area for other reasons
fairly recently.

Side note: this will only ever work for non-shared mappings. That's
fundamental. We won't add an anonymous page to a shared mapping, and
do_anonymous_page() does verify that. So a MAP_SHARED mappign will
still return SIGBUS even with this patch (although it's not obvious
from the patch - the VM_FAULT_SIGBUS will just be re-created by
do_anonymous_page()).

So if you want a _shared_ mapping to honor __MAP_NOFAULT and insert
random anonymous pages into it, I think the answer is "no, that's not
going to be viable".

So _if_ this works for you, and if it's ok that only MAP_PRIVATE can
have __MAP_NOFAULT, and if Kirill/Peter/Will don't say "Oh, Linus,
you're completely off your rocker and clearly need to be taking your
meds", something like this - if we figure out the conditional bit -
might be doable.

That's a fair number of "ifs".

Ok, back to the merge window for me, I'll be throwing away this crazy
untested patch immediately after hitting "send". This is very much a
"throw the idea over to other people" patch, in other words.

            Linus

--0000000000008cfa7505c0f7158a
Content-Type: text/x-patch; charset="US-ASCII"; name="patch.diff"
Content-Disposition: attachment; filename="patch.diff"
Content-Transfer-Encoding: base64
Content-ID: <f_ko09ogpl0>
X-Attachment-Id: f_ko09ogpl0

IG1tL21lbW9yeS5jIHwgMTkgKysrKysrKysrKysrKysrLS0tLQogMSBmaWxlIGNoYW5nZWQsIDE1
IGluc2VydGlvbnMoKyksIDQgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvbW0vbWVtb3J5LmMg
Yi9tbS9tZW1vcnkuYwppbmRleCA1NTA0MDVmYzNiNWUuLmJiZWRlNmI1MmY3YSAxMDA2NDQKLS0t
IGEvbW0vbWVtb3J5LmMKKysrIGIvbW0vbWVtb3J5LmMKQEAgLTQzMTIsMTAgKzQzMTIsMjEgQEAg
c3RhdGljIHZtX2ZhdWx0X3QgaGFuZGxlX3B0ZV9mYXVsdChzdHJ1Y3Qgdm1fZmF1bHQgKnZtZikK
IAl9CiAKIAlpZiAoIXZtZi0+cHRlKSB7Ci0JCWlmICh2bWFfaXNfYW5vbnltb3VzKHZtZi0+dm1h
KSkKLQkJCXJldHVybiBkb19hbm9ueW1vdXNfcGFnZSh2bWYpOwotCQllbHNlCi0JCQlyZXR1cm4g
ZG9fZmF1bHQodm1mKTsKKwkJaWYgKCF2bWFfaXNfYW5vbnltb3VzKHZtZi0+dm1hKSkgeworCQkJ
dm1fZmF1bHRfdCByZXQgPSBkb19mYXVsdCh2bWYpOworCQkJaWYgKHJldCAmIFZNX0ZBVUxUX1JF
VFJZKQorCQkJCXJldHVybiByZXQ7CisJCQlpZiAoIShyZXQgJiBWTV9GQVVMVF9TSUdCVVMpKQor
CQkJCXJldHVybiByZXQ7CisvKiBGSVhNRSEgV2UgZG9uJ3QgaGF2ZSBhIFZNX05PRkFVTFQgYml0
ICovCisjaWYgMAorCQkJLyogU2VlIGlmIHdlIHNob3VsZCB0dXJuIGEgU0lHQlVTIGludG8gYW4g
YW5vbnltb3VzIHBhZ2UgKi8KKwkJCWlmICghKHZtYS0+dm1fZmxhZ3MgJiBWTV9OT0ZBVUxUKSkK
KwkJCQlyZXR1cm4gcmV0OworI2VuZGlmCisvKiBGYWxsIGJhY2sgb24gZG9fYW5vbnltb3VzX3Bh
Z2UoKSBpbnN0ZWFkIG9mIFNJR0JVUyAqLworCQl9CisJCXJldHVybiBkb19hbm9ueW1vdXNfcGFn
ZSh2bWYpOwogCX0KIAogCWlmICghcHRlX3ByZXNlbnQodm1mLT5vcmlnX3B0ZSkpCg==
--0000000000008cfa7505c0f7158a--