From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A091EC47258 for ; Wed, 17 Jan 2024 20:59:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0AD936B007B; Wed, 17 Jan 2024 15:59:07 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 05DF06B007E; Wed, 17 Jan 2024 15:59:07 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E8E986B0080; Wed, 17 Jan 2024 15:59:06 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id D9F536B007B for ; Wed, 17 Jan 2024 15:59:06 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id A59291A036F for ; Wed, 17 Jan 2024 20:59:06 +0000 (UTC) X-FDA: 81690017892.08.26AFFFE Received: from casper.infradead.org (casper.infradead.org [90.155.50.34]) by imf15.hostedemail.com (Postfix) with ESMTP id B7533A002F for ; Wed, 17 Jan 2024 20:59:04 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=beCoH6fw; spf=none (imf15.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1705525145; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=pkNWLL2Ut4cYQL6nLJM8ERU7VpEkSUkQghkmIkDx9X4=; b=GAc7d6VVBOAU8oeLRTpdyvtqA/dLPlguy1CvH8Q7zrnm98yFlBnHXoPDHBVPqfcxqU4ya2 DlQFu9ndNzSD0HQyp6oMSGKloHnYiox5AO8Ko7UPKLotGSBzlbuzbCGI6pIdvraSLeaKXC zFiGKpOsFgzP4tgiVuNsA0RLK9CV4vg= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1705525145; a=rsa-sha256; cv=none; b=q3pegyZNwGKf/ZgL2ojxYPCtT35/+ta5y2d4gawyNj6Wxrygm7UE06Bn7S+QpjyEEs3oBN epmsR0pA+pzpTmNHGbcidDrt88TNs710FReEcgBjRfQOznZ3pnXztAi9MEakV3kl/dTXM2 J+zSIxDUPFQdrrvi/r2+iPWzFv8hKBw= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=infradead.org header.s=casper.20170209 header.b=beCoH6fw; spf=none (imf15.hostedemail.com: domain of willy@infradead.org has no SPF policy when checking 90.155.50.34) smtp.mailfrom=willy@infradead.org; dmarc=none DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=pkNWLL2Ut4cYQL6nLJM8ERU7VpEkSUkQghkmIkDx9X4=; b=beCoH6fwCVVp5Cb9B40CGR4rt7 1Os8tB3vYOYg1/5X1vAcDcrLvCjUVvVZFJSCVoV/ezCe3o4wt9RbNny/xjhihFQ40q9CRtCe6nuRY gVELu/wGM/Aqyg6jYoTiHGQT/7wQgGmqUuxgZNYFKKlt33mbXmLFTNovAmNv+L18ki7qvjF6Duc+v a8S287LV3IUwIkJjLzlxrHRSvjqKXA+mS7u58xSE3SU99x+VD70UZYjkrm1DF3+VWivjvB2uimjjM J6Rhd4o6/wmzZpBSgKKJOIbjaJgl5XvbQxYwhnaf6dcCrqOJreBWxouUMKg++gSXxRf/fQGSatWBa 7CjDfUGQ==; Received: from willy by casper.infradead.org with local (Exim 4.97.1 #2 (Red Hat Linux)) id 1rQCzz-00000000kRy-1kqe; Wed, 17 Jan 2024 20:58:59 +0000 Date: Wed, 17 Jan 2024 20:58:59 +0000 From: Matthew Wilcox To: Phillip Susi Cc: Jan Kara , Christian Brauner , lsf-pc@lists.linux-foundation.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-btrfs@vger.kernel.org, linux-block@vger.kernel.org, Christoph Hellwig Subject: Re: [LSF/MM/BPF TOPIC] Dropping page cache of individual fs Message-ID: References: <20240116-tagelang-zugnummer-349edd1b5792@brauner> <20240116114519.jcktectmk2thgagw@quack3> <20240117-tupfen-unqualifiziert-173af9bc68c8@brauner> <20240117143528.idmyeadhf4yzs5ck@quack3> <87il3rvg2u.fsf@vps.thesusis.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87il3rvg2u.fsf@vps.thesusis.net> X-Rspamd-Queue-Id: B7533A002F X-Rspam-User: X-Stat-Signature: h7zonrn8ou4r3fen1j5h9a4atrdistnx X-Rspamd-Server: rspam03 X-HE-Tag: 1705525144-197706 X-HE-Meta: U2FsdGVkX19VtRyfQoItLslML/TxWxQWMX4ihedS48nxVd8IilKOH/oF33c4auDtii8OGQfFJYwlp1LACobi2YzbHFmvCQMHEQWHVSInfVV30Ka28J9WTFn/b1FSDyIouPiy1bwLXoK6jA2sqGxp4b91h47a6XKfNAjCHiIa2AL5zoR12hOWk6a89EygFDuGobJjHptbFDPAiDwADkNoUwvFiII2+EJSBeE/+J3jYdy7XSUxinydgK9JsxL787LKQ6ksqUBkFcRg/lPJn6W1gCaSb1nuJ74na/v0YOk/ZZ+IBpNek9XLzKKQgUR2Y5XCZqPdgBhryWAp1clogg+Lkispra912eRGW9gETYQYA/0HdQwgJRFGlV5Zk6aW7+2enFdIWaxD0gB2K1SxYkLVJsKYdHKaBS/WjxUj7cqIu1kDWRZ8CS5kNnt6DlcHFG6L22nUg9jeeWOCOFG8LKrmc9wdvaGJQSpNOasjGlV5l/ECABuXLmxWpwYzd+RgRKvx66vulq0Te/KMeQnN9amw4pLDNwbv228jckZPqzzR0So81LlmLv4nbwmRp9CPBKuIluN5RQqL1cUzDKOspRiX3siED+uyD6hCOcCAz57MMQZSAxwVu/pvk9fRnD2PL2Rxujv1zMWU8yhM46Y3TF2nkGym4i57F/0P/xGvnIdR8pPGs5b9KTUw/Mhwf6y0erTcKNgVHOPnWTv84K2hPshF2a5P+GOef5YZE/QGLr2MHsiSRou5HBi4YfU1P8hi9qus4qL8nirWmPLDp7ZedUU0YfNdgDkqf2zvXrf+KZPT7JwNIrQ7zA90+gDiAdriakGeF8CXOSBVe3KYxMFaDsIP3vyWWP08LSvInsJUI4opzmk2ioQAOJoeZczi6+VYGoiA1+sJPgbpJfoDcxkty2ZBq/4ErGi3wI1u+o4tmjslnNkuhWH8gccAqfJFVK37YXlRX6JnO0UPmjVlmyUpLIS WKz0ZuDQ A7M5m65DBDX4nPO7o7KUBMiBlHJ95++0EwKi6f0yZLMSjtKpSHwdnRmAhWSj0QCUAWsGuxz37LXErUsmZkye7nBPPakttmL7SLccDUQEY2RtrrAADjL2EQtm21BTH/bdtOlBYRUTrhN38gtlAeg4HNu+MR/2NkQZDGEL3+GPaGOq2pD6reNMkMp1lEpVgOhrin6/Z X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Jan 17, 2024 at 03:51:37PM -0500, Phillip Susi wrote: > Matthew Wilcox writes: > > > We have numerous ways to intercept file reads and make them either > > block or fail. The obvious one to me is security_file_permission() > > called from rw_verify_area(). Can we do everything we need with an LSM? > > I like the idea. That runs when someone opens a file right? What about Every read() and write() call goes through there. eg ksys_read -> vfs_read -> rw_verify_area -> security_file_permission It wouldn't cover mmap accesses. So if you had the file mmaped before suspend, you'd still be able to load from the mmap. There's no security_ hook for that right now, afaik. > Is that in addition to, or instead of throwing out the key and > suspending IO at the block layer? If it is in addition, then that would > mean that trying to open a file would fail cleanly, but accessing a page > that is already mapped could hang the task. In an unkillable state. > For a long time. Even the OOM killer can't kill a task blocked like > that can it? Or did that get fixed at some point? TASK_KILLABLE was added in 2008, but it's up to each individual call site whether to use killable or uninterruptible sleep.