From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80E4DC76188 for ; Mon, 3 Apr 2023 22:28:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AA3846B0071; Mon, 3 Apr 2023 18:28:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A2D436B0074; Mon, 3 Apr 2023 18:28:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8CCA06B0075; Mon, 3 Apr 2023 18:28:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 7A4BE6B0071 for ; Mon, 3 Apr 2023 18:28:45 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 270E6A07E3 for ; Mon, 3 Apr 2023 22:28:45 +0000 (UTC) X-FDA: 80641520610.25.C793753 Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by imf17.hostedemail.com (Postfix) with ESMTP id 5FA7340018 for ; Mon, 3 Apr 2023 22:28:43 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=ZB4YtgtH; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf17.hostedemail.com: domain of lstoakes@gmail.com designates 209.85.128.54 as permitted sender) smtp.mailfrom=lstoakes@gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1680560923; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=OioxhUaBsoagdWKYjA8WltvG/ViKSROcFBG3zkltOsQ=; b=vCUeGD6I2MffY9Ti8MuNNGTiu6wP4GVD2TygGsP9IdWgucEdy19Y91p1ndZ4wt3mF3lSTA Y50gdzD+1Exa21S8ezppgK2cKcc/h0ONKpoOzysnagKMLPMgR+wTL/K+Jp4NXisOQyDHBt /CbHs+L4npjNSAi3bbd9qm5bcWurz+E= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=ZB4YtgtH; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (imf17.hostedemail.com: domain of lstoakes@gmail.com designates 209.85.128.54 as permitted sender) smtp.mailfrom=lstoakes@gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1680560923; a=rsa-sha256; cv=none; b=wlvBwLT+95aap0AVSOmJvgIY9daCeCHdAz6WjJtUfdY5x1bIPyC6Y+n/69MFChyP8/MFhE 0+Cl9+XHPLsc81mYoC6KuZd3AE86GxzIE4bg/TlLJOBoRxhuo0hOnmEiXX9i0QylFYNrQk a/4zK1U5lN8J9NtKSn7Z0NfgOVbUSmg= Received: by mail-wm1-f54.google.com with SMTP id n19so17948078wms.0 for ; Mon, 03 Apr 2023 15:28:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1680560921; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=OioxhUaBsoagdWKYjA8WltvG/ViKSROcFBG3zkltOsQ=; b=ZB4YtgtHuGTtxSQnDSNuKDwOX9f/ubCsGGjYYgGbHGMjD1/Zm2nfVmEfT8lpOKa63S zidEBr3cA8hPgiuN1gO+MV4hCsXk+UryUgsmsijFfo1OUioR68BEpJw0WuohlJ+WYFci CdE8ppoSRZXkRrVURkVZwR+TcWTgMEvbwmWgrg6NOwO3qtWQZyZRQb+drrDJ6oBAl+yv d/xuKm8vT4TnfRGHbKFjI5BR16g58gwN9CkSaZ0mcy7gqKt8/nmv6viJk2rKtAJ8/x7/ ZRFVLjTSv7C2iMkatIyuJdevtZqzCWM8ma9hDw92/D/2tlOEdZkU0/cYmDpgeWLeVNfi sS2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1680560921; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=OioxhUaBsoagdWKYjA8WltvG/ViKSROcFBG3zkltOsQ=; b=i01ASHvvvyPK0BXyXNlqlQvBqovROdUoF5lZph5yivB/FIj/kyScjnLm4n0/+RTGdx fttzycG3hThr4+VRmmJZntdcG6g2rDahpHIja+NPhXs1ywZI+CWufvNoWJtyY+POLpeB iDugEVstMj0eos5JAorvJWW4VKITWNgif50bBvnzcClt73MBoNhk/4BIhZJp/U0FmddV /S3JcwOzxPpUWu4zFilBs1uhNlwK6er3R5o5BJrsNuC+qvmbLXSInviyiX5onxUik74c PHjqEXWzPNMRcXH6vrf0s7u0TYTmo0ntSZcrX2lKRrRFsWGL1hv3LyPPWeZ61U/379yf Z4kw== X-Gm-Message-State: AAQBX9du7fwhcJyeKCTGlW6dh3I3Y1qVrC0R1wKwWpvw4bTmEfzKh5wh iAFu9aIxNpSsQodE2TemU5BPbSPTCBk= X-Google-Smtp-Source: AKy350ZkH1dPvYtp77wPws1P2clzBLOW5//H6DXVOew0yN/++Jz7DRIMoyCO9kjYsKhgv8orz7HDpg== X-Received: by 2002:a7b:c4c6:0:b0:3ed:5a12:5641 with SMTP id g6-20020a7bc4c6000000b003ed5a125641mr585231wmk.36.1680560921186; Mon, 03 Apr 2023 15:28:41 -0700 (PDT) Received: from lucifer.home (host86-156-84-164.range86-156.btcentralplus.com. [86.156.84.164]) by smtp.googlemail.com with ESMTPSA id u17-20020a05600c19d100b003dd1bd0b915sm20731309wmq.22.2023.04.03.15.28.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 03 Apr 2023 15:28:40 -0700 (PDT) From: Lorenzo Stoakes To: linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Andrew Morton Cc: Matthew Wilcox , Mike Kravetz , Muchun Song , Alexander Viro , Christian Brauner , Andy Lutomirski , Lorenzo Stoakes Subject: [RFC PATCH 0/3] permit write-sealed memfd read-only shared mappings Date: Mon, 3 Apr 2023 23:28:29 +0100 Message-Id: X-Mailer: git-send-email 2.40.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 5FA7340018 X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: twby765io7j4dukok53e1dc57atw8uxi X-HE-Tag: 1680560923-608153 X-HE-Meta: U2FsdGVkX1+ruJiQN6EcyLbG8Rw2/4mpXsC4jG83ai2QR25BXWsaDQeNQ0GB1al+Ij0WwCPmilUgdimuf4afTEC8KPljug6Z+Wt0m0RjZQg4NJgrwPo3Xd88xVTqVEVcMA/7IBcN9q36ndCjsC6o88mlCa6uuyNKaq6oDxza2hy+9udLrwCuUzJzBSfar4g/Gg6G0I3J+GAAPsZRPoki1/Utm36tyJabloklw3owP0pp8+euM/OxXkdQKyMo0SwOJ6U8HAdK01bQlUkMT5toSOgZoQZQrtBfetku+/oIFQi4ehSuC1Wc4OxE9kysrtDMYPveJWlg4HTQMEf/aJgwOUycBY6t/gPVPNsi6x/HBkh4iY72uRNFz0c8E8BLXFlgslpm+WGMZzKxB52RmoIRLRMLU3ZlYjAi8uokaF4/XsU1zQOEcQwZLWvwt/85+QAwqVLUnTAS54Stq5djva/9wcdTf6lgPFlP7VLLSyWl0gBfHmMP6isnDiN1S1i1lAUBWEcb5npEviuibMQ9DvSIeFswYgq4Jd9k6F40Rl0vqKGygJ1jlEhcwZEZLUyoj91FLSf/YfSELzIlCtBHKt+itAnlFRw8xJ4G9v4g8Y/yDFVIILIIMDKhKgBGURKAkjHOOOvAAChPGnTyc/luOev556PUeAZSfGf8FMZxzAkzIvKT/wcG/R3gSbEr4bU4nfBQr6KMM3NsSRmenklV+SVk/PPCRUNg3cmdlWD1QiUAkzAFZe3fTURf5p33pf+BB611gwU4/7qpoEl5P6Jt1azEhB7aqNyOk7AmmLu7UM+EDTak0/ShKHFv1+KLa8X3ZiLtPx50keAkchV+toyn+Lu6Ktsk3iq0QdulUwpA8ZhmdoT2QS4qzuDfdZft3jQlIJVg8Wsz8L+9ZIgICl4FKfHyrQemIdvlokni36Wgcy4GyoIwLifZA060gEGVmee7N4phz5V+nnjyXwAsnpCxku9 g8PScCIC GdMFMCSpaUvn+r0uF9WV1lg5qD4ypIH4gvQivxWVyN6Ep9V0oO2wV51lnZGpjUf8ZUNHMuCgQamQ6EGjWihi8Guu7T4fa79YhHpvkPR7rif+JDIXXYxsV/ntMJ7jHQ+lml0xe7ckJYaAXZqo2mFGD/zv0tzHcRSyYI8h8Ayfvh3zk4s/tFJ7f2MfVb2awW5npMQU0pD3kYS/PQUKQj9zs5SWoDhyhouRUTcpcKOABznGFmwJOGQhQdKugJ5xt0iBGXXyIhQt+R5kLxONfe9JYPi777TT8vwMrsJloNt+uEaJa2Mm0Gr+r1qk4wbIUD2huTakf+vaPyg5Yrq+1O/JMvr5/HA8pMqYmcx+yIlxLQarnU71p6JILZzmUx+lAao78CxwA1BVmkcRTT+quDk448Amwo+UrOD7RlzWw3zMeXlURzEFS/03PcSndEQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000039, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This patch series is in two parts:- 1. Currently there are a number of places in the kernel where we assume VM_SHARED implies that a mapping is writable. Let's be slightly less strict and relax this restriction in the case that VM_MAYWRITE is not set. This should have no noticeable impact as the lack of VM_MAYWRITE implies that the mapping can not be made writable via mprotect() or any other means. 2. Align the behaviour of F_SEAL_WRITE and F_SEAL_FUTURE_WRITE on mmap(). The latter already clears the VM_MAYWRITE flag for a sealed read-only mapping, we simply extend this to F_SEAL_WRITE too. For this to have effect, we must also invoke call_mmap() before mapping_map_writable(). As this is quite a fundamental change on the assumptions around VM_SHARED and since this causes a visible change to userland (in permitting read-only shared mappings on F_SEAL_WRITE mappings), I am putting forward as an RFC to see if there is anything terribly wrong with it. I suspect even if the patch series as a whole is unpalatable, there are probably things we can salvage from it in any case. Thanks to Andy Lutomirski who inspired the series! Lorenzo Stoakes (3): mm: drop the assumption that VM_SHARED always implies writable mm: update seal_check_[future_]write() to include F_SEAL_WRITE as well mm: perform the mapping_map_writable() check after call_mmap() fs/hugetlbfs/inode.c | 2 +- include/linux/fs.h | 4 ++-- include/linux/mm.h | 24 ++++++++++++++++++------ kernel/fork.c | 2 +- mm/filemap.c | 2 +- mm/madvise.c | 2 +- mm/mmap.c | 22 +++++++++++----------- mm/shmem.c | 2 +- 8 files changed, 36 insertions(+), 24 deletions(-) -- 2.40.0