From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A0382321428
	for <linux-kernel@vger.kernel.org>; Tue, 10 Feb 2026 13:10:49 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1770729049; cv=none; b=tURhGPfxtFbGbhOtUcS6JLxleFVodsh3byc1Z/Pg7cN22+wEyajNFj8CiXesZxh2vP5hz/TOjqJ1RdC20jT9pSaY/atydMVyFQbKGSwUBLFfUf6WHzZjK9StI316qQ1CbeCYl/8eiFpIOsvph7NS3UiwlbHuGhSojGRKlxDncwA=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1770729049; c=relaxed/simple;
	bh=y/HJEMaa/rbv0tW6eu8usmweDN19KKP/8uDNCBZhhIk=;
	h=From:To:Cc:Subject:In-Reply-To:References:Date:Message-ID:
	 MIME-Version:Content-Type; b=mPQ7Z70NTE3+Wj2uLiJ9TZGgdXRbrhqsVOy8ydVnwaIaJhY+yi+ztLttwsKbBTBfrqLmB2Gb1v6VvluXVhiaeE3lcxEynBMFFkUcZ2D4kOI3fZhWlfuraBYpShIOoTOga8iDNGmYS28wN1zVB3Ncz2s07AGXewr/id2NzGb35qM=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=YAK2dF3e; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="YAK2dF3e"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 34F91C19423;
	Tue, 10 Feb 2026 13:10:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1770729049;
	bh=y/HJEMaa/rbv0tW6eu8usmweDN19KKP/8uDNCBZhhIk=;
	h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
	b=YAK2dF3e6lqB6pnmA+92RZmQ0JxS3hdmtrlWH7Jz+RnEUeWsrg3LJAlPHl0GcrSPf
	 my0Bd3/hU8KVKgVRr8mk3XkU42cjfs7f/8ciBFxBoxeDYXWLAx+2bZTTkPsx1P55d9
	 YYVWLtMai04SQzbJBBrCHbgEJdcL0PR7Ck7B5H8f6ihl46obqnBWV9l5W14fWQObk1
	 0NSh4d6EpTsapeDSGqPVuBK+9SyLfyNrJaKSFL1sQYnkH/LsvWUeEayowKhUorndES
	 JEdDncgOcjnhgUgHsZ+cA+TMccqh1vJqyUBBoV78whC6k2Gu9R5OqwcJzOheqBow8c
	 CWN/XFgXUw8yQ==
From: Pratyush Yadav <pratyush@kernel.org>
To: Jason Gunthorpe <jgg@nvidia.com>
Cc: Mike Rapoport <rppt@kernel.org>,  Pratyush Yadav <pratyush@kernel.org>,
  Alexander Graf <graf@amazon.com>,  Pasha Tatashin
 <pasha.tatashin@soleen.com>,  Hugh Dickins <hughd@google.com>,  Baolin
 Wang <baolin.wang@linux.alibaba.com>,  Andrew Morton
 <akpm@linux-foundation.org>,  Samiullah Khawaja <skhawaja@google.com>,
  kexec@lists.infradead.org,  linux-mm@kvack.org,
  linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/2] mm: memfd_luo: preserve file seals
In-Reply-To: <20260126183115.GU1134360@nvidia.com> (Jason Gunthorpe's message
	of "Mon, 26 Jan 2026 14:31:15 -0400")
References: <20260123095854.535058-1-pratyush@kernel.org>
	<20260123095854.535058-3-pratyush@kernel.org>
	<aXYGkb-QtYNaWYw4@kernel.org> <20260126183115.GU1134360@nvidia.com>
Date: Tue, 10 Feb 2026 14:10:45 +0100
Message-ID: <2vxzseb8u4kq.fsf@kernel.org>
User-Agent: Gnus/5.13 (Gnus v5.13)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain

Hi Jason,

On Mon, Jan 26 2026, Jason Gunthorpe wrote:

> On Sun, Jan 25, 2026 at 02:03:29PM +0200, Mike Rapoport wrote:
>> > @@ -67,11 +72,13 @@ struct memfd_luo_folio_ser {
>> >  struct memfd_luo_ser {
>> >  	u64 pos;
>> >  	u64 size;
>> > +	u64 seals:8;
>> 
>> Kernel uABI defines seals as unsigned int, I think we can spare u32 for
>> them and reserve a u32 flags for other memfd flags (MFD_CLOEXEC,
>> MFD_HUGETLB etc).
>
> It is a bit worse than that, the "v2" version is only going to support
> some set of seals (probably the set defined in v6.19) and if there are
> new seals down the road then this needs a version bump.

If we are running say kernel X, then X + 1 will always support a
superset of the seals, since the seals are UAPI. So it should be able to
handle all the seals that are given to it by X. This only becomes a
problem on rollbacks. Is this what you are worried about or am I missing
something?

>
> So I'd check that only supported seals are set here:
>
>> > +     seals = memfd_get_seals(args->file);
>> > +     if (seals < 0) {
>> > +             err = seals;
>> > +             goto err_free_ser;
>> > +     }
>> > +
>> >       ser->pos = args->file->f_pos;
>> >       ser->size = i_size_read(inode);
>> > +     ser->seals = seals;
>
> ..
>
>> > @@ -444,13 +453,23 @@ static int memfd_luo_retrieve(struct liveupdate_file_op_args *args)
>> >  	if (!ser)
>> >  		return -EINVAL;
>> >  
>> > -	file = memfd_alloc_file("", 0);
>> > +	/*
>> > +	 * The seals are preserved. Allow sealing here so they can be added
>> > +	 * later.
>> > +	 */
>> > +	file = memfd_alloc_file("", MFD_ALLOW_SEALING);
>> >  	if (IS_ERR(file)) {
>> >  		pr_err("failed to setup file: %pe\n", file);
>> >  		err = PTR_ERR(file);
>> >  		goto free_ser;
>> >  	}
>> >  
>> > +	err = memfd_add_seals(file, ser->seals);
>
> Because we really don't want this to fail :\
>
> Jason

-- 
Regards,
Pratyush Yadav