From: Hugh Dickins <hughd@google.com> To: Andrew Morton <akpm@linux-foundation.org> Cc: Hugh Dickins <hughd@google.com>, Shakeel Butt <shakeelb@google.com>, "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, Yang Shi <shy828301@gmail.com>, Miaohe Lin <linmiaohe@huawei.com>, Mike Kravetz <mike.kravetz@oracle.com>, Michal Hocko <mhocko@suse.com>, Rik van Riel <riel@surriel.com>, Christoph Hellwig <hch@infradead.org>, Matthew Wilcox <willy@infradead.org>, "Eric W. Biederman" <ebiederm@xmission.com>, Alexey Gladkov <legion@kernel.org>, Chris Wilson <chris@chris-wilson.co.uk>, Matthew Auld <matthew.auld@intel.com>, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, linux-mm@kvack.org Subject: [PATCH 12/16] tmpfs: refuse memlock when fallocated beyond i_size Date: Fri, 30 Jul 2021 01:00:16 -0700 (PDT) [thread overview] Message-ID: <3e5b2999-a27d-3590-46d9-80841b9427a9@google.com> (raw) In-Reply-To: <2862852d-badd-7486-3a8e-c5ea9666d6fb@google.com> F_MEM_LOCK is accounted by i_size, but fallocate(,FALLOC_FL_KEEP_SIZE,,) could have added many pages beyond i_size, which would also be held as Unevictable from memory. The mlock_ucounts check in shmem_fallocate() is fine, but shmem_memlock_fcntl() needs to check fallocend too. We could change F_MEM_LOCK accounting to use the max of i_size and fallocend, but fallocend is obscure: I think it's better just to refuse the F_MEM_LOCK (with EPERM) if fallocend exceeds (page-rounded) i_size. Signed-off-by: Hugh Dickins <hughd@google.com> --- mm/shmem.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index 6e53dabe658b..35c0f5c7120e 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -2304,7 +2304,10 @@ static int shmem_memlock_fcntl(struct file *file, unsigned int cmd) inode_lock(inode); if (cmd == F_MEM_LOCK) { - if (!info->mlock_ucounts) { + if (info->fallocend > DIV_ROUND_UP(inode->i_size, PAGE_SIZE)) { + /* locking is accounted by i_size: disallow excess */ + retval = -EPERM; + } else if (!info->mlock_ucounts) { struct ucounts *ucounts = current_ucounts(); /* capability/rlimit check is down in user_shm_lock */ retval = shmem_lock(file, 1, ucounts); @@ -2854,9 +2857,10 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset, spin_unlock(&inode->i_lock); /* - * info->fallocend is only relevant when huge pages might be + * info->fallocend is mostly relevant when huge pages might be * involved: to prevent split_huge_page() freeing fallocated * pages when FALLOC_FL_KEEP_SIZE committed beyond i_size. + * But it is also checked in F_MEM_LOCK validation. */ undo_fallocend = info->fallocend; if (info->fallocend < end) -- 2.26.2
next prev parent reply other threads:[~2021-07-30 8:00 UTC|newest] Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-07-30 7:22 [PATCH 00/16] tmpfs: HUGEPAGE and MEM_LOCK fcntls and memfds Hugh Dickins 2021-07-30 7:25 ` [PATCH 01/16] huge tmpfs: fix fallocate(vanilla) advance over huge pages Hugh Dickins 2021-07-30 21:36 ` Yang Shi 2021-08-01 3:38 ` Hugh Dickins 2021-08-02 20:36 ` Yang Shi 2021-07-30 7:28 ` [PATCH 02/16] huge tmpfs: fix split_huge_page() after FALLOC_FL_KEEP_SIZE Hugh Dickins 2021-07-30 23:48 ` Yang Shi 2021-07-30 7:30 ` [PATCH 03/16] huge tmpfs: remove shrinklist addition from shmem_setattr() Hugh Dickins 2021-07-30 21:50 ` Yang Shi 2021-07-30 7:36 ` [PATCH 04/16] huge tmpfs: revert shmem's use of transhuge_vma_enabled() Hugh Dickins 2021-07-30 21:56 ` Yang Shi 2021-08-01 4:01 ` Hugh Dickins 2021-08-02 20:39 ` Yang Shi 2021-07-30 7:39 ` [PATCH 05/16] huge tmpfs: move shmem_huge_enabled() upwards Hugh Dickins 2021-07-30 21:57 ` Yang Shi 2021-07-30 7:42 ` [PATCH 06/16] huge tmpfs: shmem_is_huge(vma, inode, index) Hugh Dickins 2021-07-30 23:34 ` Yang Shi 2021-08-01 5:22 ` Hugh Dickins 2021-08-01 5:37 ` Hugh Dickins 2021-08-02 21:14 ` Yang Shi 2021-08-04 8:28 ` Hugh Dickins 2021-08-04 19:01 ` Yang Shi 2021-08-06 5:21 ` Hugh Dickins 2021-08-06 17:41 ` Yang Shi 2021-08-05 23:04 ` Yang Shi 2021-08-06 5:43 ` Hugh Dickins 2021-08-06 17:57 ` Yang Shi 2021-08-12 18:19 ` Yang Shi 2021-07-30 7:45 ` [PATCH 07/16] memfd: memfd_create(name, MFD_HUGEPAGE) for shmem huge pages Hugh Dickins 2021-08-04 14:03 ` Kirill A. Shutemov 2021-08-06 3:33 ` Hugh Dickins 2021-07-30 7:48 ` [PATCH 08/16] huge tmpfs: fcntl(fd, F_HUGEPAGE) and fcntl(fd, F_NOHUGEPAGE) Hugh Dickins 2021-08-04 14:08 ` Kirill A. Shutemov 2021-08-06 4:34 ` Hugh Dickins 2021-07-30 7:51 ` [PATCH 09/16] huge tmpfs: decide stat.st_blksize by shmem_is_huge() Hugh Dickins 2021-07-30 23:40 ` Yang Shi 2021-07-30 7:55 ` [PATCH 10/16] tmpfs: fcntl(fd, F_MEM_LOCK) to memlock a tmpfs file Hugh Dickins 2021-08-03 1:38 ` Matthew Wilcox 2021-08-04 9:15 ` Hugh Dickins 2021-07-30 7:57 ` [PATCH 11/16] tmpfs: fcntl(fd, F_MEM_LOCKED) to test if memlocked Hugh Dickins 2021-07-30 8:00 ` Hugh Dickins [this message] 2021-07-30 8:03 ` [PATCH 13/16] mm: bool user_shm_lock(loff_t size, struct ucounts *) Hugh Dickins 2021-07-30 8:06 ` [PATCH 14/16] mm: user_shm_lock(,,getuc) and user_shm_unlock(,,putuc) Hugh Dickins 2021-07-30 8:09 ` [PATCH 15/16] tmpfs: permit changing size of memlocked file Hugh Dickins 2021-07-30 8:13 ` [PATCH 16/16] memfd: memfd_create(name, MFD_MEM_LOCK) for memlocked shmem Hugh Dickins
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=3e5b2999-a27d-3590-46d9-80841b9427a9@google.com \ --to=hughd@google.com \ --cc=akpm@linux-foundation.org \ --cc=chris@chris-wilson.co.uk \ --cc=ebiederm@xmission.com \ --cc=hch@infradead.org \ --cc=kirill.shutemov@linux.intel.com \ --cc=legion@kernel.org \ --cc=linmiaohe@huawei.com \ --cc=linux-api@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=matthew.auld@intel.com \ --cc=mhocko@suse.com \ --cc=mike.kravetz@oracle.com \ --cc=riel@surriel.com \ --cc=shakeelb@google.com \ --cc=shy828301@gmail.com \ --cc=willy@infradead.org \ --subject='Re: [PATCH 12/16] tmpfs: refuse memlock when fallocated beyond i_size' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).