From: Matthew Wilcox <willy@infradead.org>
To: Phillip Susi <phill@thesusis.net>
Cc: Jan Kara <jack@suse.cz>, Christian Brauner <brauner@kernel.org>,
lsf-pc@lists.linux-foundation.org, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, linux-btrfs@vger.kernel.org,
linux-block@vger.kernel.org,
Christoph Hellwig <hch@infradead.org>
Subject: Re: [LSF/MM/BPF TOPIC] Dropping page cache of individual fs
Date: Wed, 17 Jan 2024 20:58:59 +0000 [thread overview]
Message-ID: <Zag_k-csqVRuHpyK@casper.infradead.org> (raw)
In-Reply-To: <87il3rvg2u.fsf@vps.thesusis.net>
On Wed, Jan 17, 2024 at 03:51:37PM -0500, Phillip Susi wrote:
> Matthew Wilcox <willy@infradead.org> writes:
>
> > We have numerous ways to intercept file reads and make them either
> > block or fail. The obvious one to me is security_file_permission()
> > called from rw_verify_area(). Can we do everything we need with an LSM?
>
> I like the idea. That runs when someone opens a file right? What about
Every read() and write() call goes through there. eg ksys_read ->
vfs_read -> rw_verify_area -> security_file_permission
It wouldn't cover mmap accesses. So if you had the file mmaped
before suspend, you'd still be able to load from the mmap. There's
no security_ hook for that right now, afaik.
> Is that in addition to, or instead of throwing out the key and
> suspending IO at the block layer? If it is in addition, then that would
> mean that trying to open a file would fail cleanly, but accessing a page
> that is already mapped could hang the task. In an unkillable state.
> For a long time. Even the OOM killer can't kill a task blocked like
> that can it? Or did that get fixed at some point?
TASK_KILLABLE was added in 2008, but it's up to each individual call
site whether to use killable or uninterruptible sleep.
next prev parent reply other threads:[~2024-01-17 20:59 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-16 10:50 [LSF/MM/BPF TOPIC] Dropping page cache of individual fs Christian Brauner
2024-01-16 11:45 ` Jan Kara
2024-01-17 12:53 ` Christian Brauner
2024-01-17 14:35 ` Jan Kara
2024-01-17 14:52 ` Matthew Wilcox
2024-01-17 20:51 ` Phillip Susi
2024-01-17 20:58 ` Matthew Wilcox [this message]
2024-01-18 14:26 ` Christian Brauner
2024-01-30 0:13 ` Adrian Vovk
2024-02-15 13:57 ` Jan Kara
2024-02-15 19:46 ` Adrian Vovk
2024-02-15 23:17 ` Dave Chinner
2024-02-16 1:14 ` Adrian Vovk
2024-02-16 20:38 ` init_on_alloc digression: " John Hubbard
2024-02-16 21:11 ` Adrian Vovk
2024-02-16 21:19 ` John Hubbard
2024-01-16 15:25 ` James Bottomley
2024-01-16 15:40 ` Matthew Wilcox
2024-01-16 15:54 ` James Bottomley
2024-01-16 20:56 ` Dave Chinner
2024-01-17 6:17 ` Theodore Ts'o
2024-01-30 1:14 ` Adrian Vovk
2024-01-17 13:19 ` Christian Brauner
2024-01-17 22:26 ` Dave Chinner
2024-01-18 14:09 ` Christian Brauner
2024-02-05 17:39 ` Russell Haley
2024-02-17 4:04 ` Kent Overstreet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zag_k-csqVRuHpyK@casper.infradead.org \
--to=willy@infradead.org \
--cc=brauner@kernel.org \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=linux-block@vger.kernel.org \
--cc=linux-btrfs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lsf-pc@lists.linux-foundation.org \
--cc=phill@thesusis.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).