From: Domenico Andreoli <domenico.andreoli@linux.com>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: linux-pm@vger.kernel.org, linux-mm@kvack.org,
linux-fsdevel@vger.kernel.org, mkleinsoft@gmail.com, hch@lst.de,
akpm@linux-foundation.org, rjw@rjwysocki.net,
len.brown@intel.com, pavel@ucw.cz
Subject: Re: [PATCH] hibernate: unlock swap bdev for writing when uswsusp is active
Date: Sat, 29 Feb 2020 21:02:00 +0100 [thread overview]
Message-ID: <20200229200200.GA10970@dumbo> (raw)
In-Reply-To: <20200229183820.GA8037@magnolia>
On Sat, Feb 29, 2020 at 10:38:20AM -0800, Darrick J. Wong wrote:
> On Sat, Feb 29, 2020 at 07:07:16PM +0100, Domenico Andreoli wrote:
> > On Sat, Feb 29, 2020 at 09:08:25AM -0800, Darrick J. Wong wrote:
> > > From: Darrick J. Wong <darrick.wong@oracle.com>
> > >
> > > It turns out that there /is/ one use case for programs being able to
> > > write to swap devices, and that is the userspace hibernation code. The
> > > uswsusp ioctls allow userspace to lease parts of swap devices, so turn
> > > S_SWAPFILE off when invoking suspend.
> > >
> > > Fixes: 1638045c3677 ("mm: set S_SWAPFILE on blockdev swap devices")
> > > Reported-by: Domenico Andreoli <domenico.andreoli@linux.com>
> > > Reported-by: Marian Klein <mkleinsoft@gmail.com>
> >
> > I also tested it yesterday but was not satisfied, unfortunately I did
> > not come with my comment in time.
> >
> > Yes, I confirm that the uswsusp works again but also checked that
> > swap_relockall() is not triggered at all and therefore after the first
> > hibernation cycle the S_SWAPFILE bit remains cleared and the whole
> > swap_relockall() is useless.
> >
> > I'm not sure this patch should be merged in the current form.
>
> NNGGHHGGHGH /me is rapidly losing his sanity and will soon just revert
> the whole security feature because I'm getting fed up with people
> yelling at me *while I'm on vacation* trying to *restore* my sanity. I
> really don't want to be QAing userspace-directed hibernation right now.
Maybe we could proceed with the first patch to amend the regression and
postpone the improved fix to a later patch? Don't loose sanity for this.
> ...right, the patch is broken because we have to relock the swapfiles in
> whatever code executes after we jump back to the restored kernel, not in
> the one that's doing the restoring. Does this help?
I made a few unsuccessful attempts in kernel/power/hibernate.c and
eventually I'm switching to qemu to speed up the test cycle.
> OTOH, maybe we should just leave the swapfiles unlocked after resume.
> Userspace has clearly demonstrated the one usecase for writing to the
> swapfile, which means anyone could have jumped in while uswsusp was
> running and written whatever crap they wanted to the parts of the swap
> file that weren't leased for the hibernate image.
Essentially, if the hibernation is supported the swapfile is not totally
safe. Maybe user-space hibernation should be a separate option.
>
> --D
--
rsa4096: 3B10 0CA1 8674 ACBA B4FE FCD2 CE5B CF17 9960 DE13
ed25519: FFB4 0CC3 7F2E 091D F7DA 356E CC79 2832 ED38 CB05
next prev parent reply other threads:[~2020-02-29 20:02 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-29 17:08 [PATCH] hibernate: unlock swap bdev for writing when uswsusp is active Darrick J. Wong
2020-02-29 18:07 ` Domenico Andreoli
2020-02-29 18:38 ` Darrick J. Wong
2020-02-29 20:02 ` Domenico Andreoli [this message]
2020-03-01 21:35 ` Rafael J. Wysocki
2020-03-02 4:51 ` Marian Klein
2020-03-03 19:02 ` Darrick J. Wong
2020-03-03 22:51 ` Domenico Andreoli
2020-03-03 22:51 ` Domenico Andreoli
2020-03-04 1:18 ` Darrick J. Wong
2020-03-04 8:23 ` [PATCH] hibernate: Allow uswsusp to write to swap Domenico Andreoli
2020-03-04 15:45 ` Darrick J. Wong
2020-03-04 16:31 ` Domenico Andreoli
2020-03-04 8:34 ` [PATCH] hibernate: unlock swap bdev for writing when uswsusp is active Domenico Andreoli
2020-04-20 18:52 ` Domenico Andreoli
2020-04-21 15:43 ` Darrick J. Wong
2020-04-21 18:39 ` Domenico Andreoli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200229200200.GA10970@dumbo \
--to=domenico.andreoli@linux.com \
--cc=akpm@linux-foundation.org \
--cc=darrick.wong@oracle.com \
--cc=hch@lst.de \
--cc=len.brown@intel.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pm@vger.kernel.org \
--cc=mkleinsoft@gmail.com \
--cc=pavel@ucw.cz \
--cc=rjw@rjwysocki.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.