From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 901EDC433F5
	for <linux-mm@archiver.kernel.org>; Fri, 30 Sep 2022 16:23:18 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 31FAA8D0002; Fri, 30 Sep 2022 12:23:18 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 2CF458D0001; Fri, 30 Sep 2022 12:23:18 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 197318D0002; Fri, 30 Sep 2022 12:23:18 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 073098D0001
	for <linux-mm@kvack.org>; Fri, 30 Sep 2022 12:23:18 -0400 (EDT)
Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay03.hostedemail.com (Postfix) with ESMTP id CAAC0A15FA
	for <linux-mm@kvack.org>; Fri, 30 Sep 2022 16:23:17 +0000 (UTC)
X-FDA: 79969271634.24.E3E42F1
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
	by imf11.hostedemail.com (Postfix) with ESMTP id 247144000F
	for <linux-mm@kvack.org>; Fri, 30 Sep 2022 16:23:15 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1664554996; x=1696090996;
  h=date:from:to:cc:subject:message-id:references:
   mime-version:in-reply-to;
  bh=aPat+vyuzHmTIY+ssdYQgbZFBJqiO2JzUm9LnYYjyXo=;
  b=Dn8M2QgH6Int6F21RiVCy9r9lvPG5Je6Q05PN7OT+Dk3eNXqn3GE6rIV
   PAMaEN1QHrXSveM5o7PK/awa7eAAIhUNCnSB6+jZPO+JyddmN4wkfCxDf
   tk/WZINFMpvsMYEhGHELdTVr0zBDr4pHVvDjDUT1CqIbV04LRqAGYo+Y6
   mjkNKn2wrS/19HNh/TatRqteWeGB7JbSbZhUavpu7XevwTRcBXGuqu2YW
   LbmH35gtXh5HWQUmad8KTqE+CyhvwR6a/6JcMoeLHu1oP2STa5gwtZEqO
   N8MO1AfUPnG86EOCCcq23VlmFV+0UddRhBsxCBr72jvpACL9J3MM0xFFB
   w==;
X-IronPort-AV: E=McAfee;i="6500,9779,10486"; a="303139955"
X-IronPort-AV: E=Sophos;i="5.93,358,1654585200"; 
   d="scan'208";a="303139955"
Received: from orsmga004.jf.intel.com ([10.7.209.38])
  by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2022 09:23:14 -0700
X-IronPort-AV: E=McAfee;i="6500,9779,10486"; a="748280523"
X-IronPort-AV: E=Sophos;i="5.93,358,1654585200"; 
   d="scan'208";a="748280523"
Received: from herrerop-mobl1.ger.corp.intel.com (HELO box.shutemov.name) ([10.252.38.128])
  by orsmga004-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Sep 2022 09:23:04 -0700
Received: by box.shutemov.name (Postfix, from userid 1000)
	id DF624104BD6; Fri, 30 Sep 2022 19:23:01 +0300 (+03)
Date: Fri, 30 Sep 2022 19:23:01 +0300
From: "Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>
To: Fuad Tabba <tabba@google.com>
Cc: Chao Peng <chao.p.peng@linux.intel.com>, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org,
	linux-doc@vger.kernel.org, qemu-devel@nongnu.org,
	Paolo Bonzini <pbonzini@redhat.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Sean Christopherson <seanjc@google.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	x86@kernel.org, "H . Peter Anvin" <hpa@zytor.com>,
	Hugh Dickins <hughd@google.com>, Jeff Layton <jlayton@kernel.org>,
	"J . Bruce Fields" <bfields@fieldses.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Shuah Khan <shuah@kernel.org>, Mike Rapoport <rppt@kernel.org>,
	Steven Price <steven.price@arm.com>,
	"Maciej S . Szmigiero" <mail@maciej.szmigiero.name>,
	Vlastimil Babka <vbabka@suse.cz>,
	Vishal Annapurve <vannapurve@google.com>,
	Yu Zhang <yu.c.zhang@linux.intel.com>, luto@kernel.org,
	jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com,
	david@redhat.com, aarcange@redhat.com, ddutile@redhat.com,
	dhildenb@redhat.com, Quentin Perret <qperret@google.com>,
	Michael Roth <michael.roth@amd.com>, mhocko@suse.com,
	Muchun Song <songmuchun@bytedance.com>, wei.w.wang@intel.com
Subject: Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd
Message-ID: <20220930162301.i226o523teuikygq@box.shutemov.name>
References: <20220915142913.2213336-1-chao.p.peng@linux.intel.com>
 <20220915142913.2213336-2-chao.p.peng@linux.intel.com>
 <CA+EHjTyrexb_LX7Jm9-MGwm4DBvfjCrADH4oumFyAvs2_0oSYw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+EHjTyrexb_LX7Jm9-MGwm4DBvfjCrADH4oumFyAvs2_0oSYw@mail.gmail.com>
ARC-Authentication-Results: i=1;
	imf11.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=Dn8M2QgH;
	spf=none (imf11.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.24) smtp.mailfrom=kirill.shutemov@linux.intel.com;
	dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none)
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1664554996; a=rsa-sha256;
	cv=none;
	b=oVGI9ugMgolER4slZuMyR1RCA0rPPNKlIrCNPOGwfeqSKmrQ6o5XJTJ7+z4n1itAGEuVOn
	eLFDC3CByVlS3kZjoQR+o6xR+8fhiwAxG+AGgLtOst2daKqoaAJb7dhll+REWt7QGjsXNc
	kW6KAOB/F+YLKb4v04M6u2cAvQJ/Ue4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1664554996;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=8hgnBHOnzjH2/xDuAHlrA5hUrdf+D9mEcWE5ZKsBIGo=;
	b=R8OF/hIk++t1jOUHChLr6ZQOtK8lABnSa8n9C7dj+WTOLAWnFuh44HSmMVNdHKm/gNbm5t
	Jf0fAhEkuXP7r4XBHp55klIFmgFb13IvgXGSOMwMeDZtcLybK8cPcS3kPLC0C7uWOcdCqd
	rwSRDdROkVjBkD3sXDxnksat3N+7V6I=
Authentication-Results: imf11.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b=Dn8M2QgH;
	spf=none (imf11.hostedemail.com: domain of kirill.shutemov@linux.intel.com has no SPF policy when checking 134.134.136.24) smtp.mailfrom=kirill.shutemov@linux.intel.com;
	dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none)
X-Rspam-User: 
X-Stat-Signature: agxroaxi518o9s3rx5n4pnxioa3e64jj
X-Rspamd-Queue-Id: 247144000F
X-Rspamd-Server: rspam05
X-HE-Tag: 1664554995-532809
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Sep 30, 2022 at 05:14:00PM +0100, Fuad Tabba wrote:
> Hi,
> 
> <...>
> 
> > diff --git a/mm/memfd_inaccessible.c b/mm/memfd_inaccessible.c
> > new file mode 100644
> > index 000000000000..2d33cbdd9282
> > --- /dev/null
> > +++ b/mm/memfd_inaccessible.c
> > @@ -0,0 +1,219 @@
> > +// SPDX-License-Identifier: GPL-2.0
> > +#include "linux/sbitmap.h"
> > +#include <linux/memfd.h>
> > +#include <linux/pagemap.h>
> > +#include <linux/pseudo_fs.h>
> > +#include <linux/shmem_fs.h>
> > +#include <uapi/linux/falloc.h>
> > +#include <uapi/linux/magic.h>
> > +
> > +struct inaccessible_data {
> > +       struct mutex lock;
> > +       struct file *memfd;
> > +       struct list_head notifiers;
> > +};
> > +
> > +static void inaccessible_notifier_invalidate(struct inaccessible_data *data,
> > +                                pgoff_t start, pgoff_t end)
> > +{
> > +       struct inaccessible_notifier *notifier;
> > +
> > +       mutex_lock(&data->lock);
> > +       list_for_each_entry(notifier, &data->notifiers, list) {
> > +               notifier->ops->invalidate(notifier, start, end);
> > +       }
> > +       mutex_unlock(&data->lock);
> > +}
> > +
> > +static int inaccessible_release(struct inode *inode, struct file *file)
> > +{
> > +       struct inaccessible_data *data = inode->i_mapping->private_data;
> > +
> > +       fput(data->memfd);
> > +       kfree(data);
> > +       return 0;
> > +}
> > +
> > +static long inaccessible_fallocate(struct file *file, int mode,
> > +                                  loff_t offset, loff_t len)
> > +{
> > +       struct inaccessible_data *data = file->f_mapping->private_data;
> > +       struct file *memfd = data->memfd;
> > +       int ret;
> > +
> > +       if (mode & FALLOC_FL_PUNCH_HOLE) {
> > +               if (!PAGE_ALIGNED(offset) || !PAGE_ALIGNED(len))
> > +                       return -EINVAL;
> > +       }
> > +
> > +       ret = memfd->f_op->fallocate(memfd, mode, offset, len);
> 
> I think that shmem_file_operations.fallocate is only set if
> CONFIG_TMPFS is enabled (shmem.c). Should there be a check at
> initialization that fallocate is set, or maybe a config dependency, or
> can we count on it always being enabled?

It is already there:

	config MEMFD_CREATE
		def_bool TMPFS || HUGETLBFS

And we reject inaccessible memfd_create() for HUGETLBFS.

But if we go with a separate syscall, yes, we need the dependency.

> > +       inaccessible_notifier_invalidate(data, offset, offset + len);
> > +       return ret;
> > +}
> > +
> 
> <...>
> 
> > +void inaccessible_register_notifier(struct file *file,
> > +                                   struct inaccessible_notifier *notifier)
> > +{
> > +       struct inaccessible_data *data = file->f_mapping->private_data;
> > +
> > +       mutex_lock(&data->lock);
> > +       list_add(&notifier->list, &data->notifiers);
> > +       mutex_unlock(&data->lock);
> > +}
> > +EXPORT_SYMBOL_GPL(inaccessible_register_notifier);
> 
> If the memfd wasn't marked as inaccessible, or more generally
> speaking, if the file isn't a memfd_inaccessible file, this ends up
> accessing an uninitialized pointer for the notifier list. Should there
> be a check for that here, and have this function return an error if
> that's not the case?

I think it is "don't do that" category. inaccessible_register_notifier()
caller has to know what file it operates on, no?

-- 
  Kiryl Shutsemau / Kirill A. Shutemov