From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E3719C77B61 for ; Fri, 28 Apr 2023 16:09:41 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 54E666B0071; Fri, 28 Apr 2023 12:09:41 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4FF236B0074; Fri, 28 Apr 2023 12:09:41 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 3C74F6B0075; Fri, 28 Apr 2023 12:09:41 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 2E56A6B0071 for ; Fri, 28 Apr 2023 12:09:41 -0400 (EDT) Received: from smtpin22.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id DB35B1401A8 for ; Fri, 28 Apr 2023 16:09:40 +0000 (UTC) X-FDA: 80731285320.22.90E67B8 Received: from wnew2-smtp.messagingengine.com (wnew2-smtp.messagingengine.com [64.147.123.27]) by imf22.hostedemail.com (Postfix) with ESMTP id 6E9E0C000A for ; Fri, 28 Apr 2023 16:09:37 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=shutemov.name header.s=fm1 header.b="U TKTcGQ"; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=KwoQuMAh; dmarc=none; spf=pass (imf22.hostedemail.com: domain of kirill@shutemov.name designates 64.147.123.27 as permitted sender) smtp.mailfrom=kirill@shutemov.name ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1682698177; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=cbTkCGhDldgonJsiL/EQyO8MV5eih+uB/j3ETloCYi8=; b=BcdkaGKx/AoAM6xuc0E2VrHXj40TuPqlVKiFzCqmPZjKuXt5OT8XvgdcF1HvNO6f5NM8iz nCqhZ1zWtS2JfhP2X1GtogRsmrFrC+SLqAro4q55qI5kg1Us3zZMFP6UvTrNQXVsEjDyL7 2hilrqWzdSuTfDSvao3r1bY1FvfUH2A= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=shutemov.name header.s=fm1 header.b="U TKTcGQ"; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=KwoQuMAh; dmarc=none; spf=pass (imf22.hostedemail.com: domain of kirill@shutemov.name designates 64.147.123.27 as permitted sender) smtp.mailfrom=kirill@shutemov.name ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1682698177; a=rsa-sha256; cv=none; b=4YnuSooEOX921iBTeeIwySY6zxm+GtDaHer0F8kafs4aL+03WMTg5k0pHebfJ8/gwHPxI/ Y6gj7sdVZCMXX4CwHTd0weNIbpJ/2kovd0CX46njKSiHh6A4jzJI/4uavaZvEAKLj4X4xh PzCQMwJNS+uwJe7FtyfW38a/ozXVNsY= Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailnew.west.internal (Postfix) with ESMTP id 645C72B0694E; Fri, 28 Apr 2023 12:09:32 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Fri, 28 Apr 2023 12:09:35 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shutemov.name; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm1; t=1682698172; x= 1682705372; bh=cbTkCGhDldgonJsiL/EQyO8MV5eih+uB/j3ETloCYi8=; b=U TKTcGQ8yytq19css891tWK51auYev0Reld9bJ2my3BP3Ifw8+k1H1f8i/2a2JcwW 4tUKfHWVGOe2XMolnZknhJILbtoA9XhdE7Pz/fuDtvzGQwm5l/ePS4LPlHWCIJ9H igWwwG/T18AJtu6qcnbiJ06P1t4JZTVoKFg0hmp96woab3Wen/tOgb18Slzot/Zs KT6dSF/51ILQfun3/pGQ+5g8RjJO1SswYg+tdzZhQ2vN3lw0b5o9YEU6xymzcVf+ xMZNDwY7kk7JA+ml7SgZn+Ls05W1+MmnllgCx8xaVgalQNH+nwTeqDq+mIflZwaI PGzKAOeMLzsosAbl99HUw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1682698172; x=1682705372; bh=cbTkCGhDldgon JsiL/EQyO8MV5eih+uB/j3ETloCYi8=; b=KwoQuMAh1OWYUsQgYguWDapvbenN+ NPb1xxRBlTpeCEUB06Fmt1l8S5j051HrQN0bMWCA30PS/5c5y6x+JicySX2X1SML nXjP2gqaVmpN3OHeFX19ZG2OfkP9XhkJFeG/8nBNWVJoDeU7Ytd7B21sMbraVKAJ xpzmJviZg59T4n60trgG4+aXTgZUe2cPxyWOtiCPF4+aHa6/RIvDASNVjBxpM6P8 Hq5bMIPkTkfjhkXXzjcl3GqKwux6BGiC7FI8UWSAhpctF21GjFfYVyu9rF1zsi5Y 4pqy8t80fkltCAvjQr3KCe57qRmNjdnZkrak5kLMp45AvJrtV098LKWLQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfedukedgleekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvfevuffkfhggtggujgesthdttddttddtvdenucfhrhhomhepfdfmihhr ihhllhcutecurdcuufhhuhhtvghmohhvfdcuoehkihhrihhllhesshhhuhhtvghmohhvrd hnrghmvgeqnecuggftrfgrthhtvghrnhepgfdtveeugeethfffffeklefgkeelgfekfedt heeileetuefhkeefleduvddtkeevnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrg hmpehmrghilhhfrhhomhepkhhirhhilhhlsehshhhuthgvmhhovhdrnhgrmhgv X-ME-Proxy: Feedback-ID: ie3994620:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 28 Apr 2023 12:09:28 -0400 (EDT) Received: by box.shutemov.name (Postfix, from userid 1000) id 856481041AE; Fri, 28 Apr 2023 19:09:25 +0300 (+03) Date: Fri, 28 Apr 2023 19:09:25 +0300 From: "Kirill A . Shutemov" To: David Hildenbrand Cc: Lorenzo Stoakes , Jason Gunthorpe , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Jens Axboe , Matthew Wilcox , Dennis Dalessandro , Leon Romanovsky , Christian Benvenuti , Nelson Escobar , Bernard Metzler , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Bjorn Topel , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Christian Brauner , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Oleg Nesterov , John Hubbard , Jan Kara , Pavel Begunkov , Mika Penttila , David Howells , Christoph Hellwig Subject: Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default Message-ID: <20230428160925.5medjfxkyvmzfyhq@box.shutemov.name> References: <6b73e692c2929dc4613af711bdf92e2ec1956a66.1682638385.git.lstoakes@gmail.com> <094d2074-5b69-5d61-07f7-9f962014fa68@redhat.com> <400da248-a14e-46a4-420a-a3e075291085@redhat.com> <077c4b21-8806-455f-be98-d7052a584259@lucifer.local> <62ec50da-5f73-559c-c4b3-bde4eb215e08@redhat.com> <6ddc7ac4-4091-632a-7b2c-df2005438ec4@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6ddc7ac4-4091-632a-7b2c-df2005438ec4@redhat.com> X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 6E9E0C000A X-Stat-Signature: t6er9gudjpuiocdca3mndx56byhsdg66 X-HE-Tag: 1682698177-805490 X-HE-Meta: U2FsdGVkX18XI2zfukwCJ5FzQDJ85WAhpTQtrXfqIKRR8CNjZ0w0fA2liFBrukfTRFM4r/acsaHsNl0IAr4yVWzNCnVa5kWZV782e+Qj7a0t/rcPX8OswsuAhK1vtB0shn3lpFhqkTs5XVRs2wlLYtjEEDJmYGAoBmqxrkFr2LCpVUQfBA9r/abJAM4nlAzv91YMqqj1X83Et1Idfji2XniW5K6S16K4w1Qz1j7THRdxMdXWaSFgvzEQ8BukI3OlMCYt7byNxrKlv+llNQJDbrev4Cej7CqsYf1ip2QoLaC3BBkSAGBCwSYSC2TGeyXS+LbYFUnOcVRa07FISpNcURO3LSfqeZIyTU+aDou21+X9GRALUJ3xyU3+YI53gYxL/Of/3rUN9Obxvy8u7SxTMyChNZgKwH4gC3Q+jeISiPa5XiQ2aG5MFVFO7Y8pLVmk3rQB0fr5GzRUHzcAycoj+bX1AGzSu8HPRuiXPDdsebxhWzrFtLWHxXLQiDwogFv4IhzLwDC4HG6n6RtEtaMlZD55iEarXujgsoESqAbq5gcdERdhxU33s2qJwu1D1hGFu5KMrazsvh89qnGW01QqbTGB6GNWYKIGbYSNzDkkIJn+/XpbJkA+/oscTAn0i6mAiWVrd79ymf33wbFV3zi0rPn0d6i4G5YLeEuPEtG9QmNK3nLiP49WWPO2YY7tnWLyXQS43csqd7xccXAjRS+S7u11R9e2m7hSudwYUVkW3AWBaPer2JOelvyrl49r5+x2YSXpQQ8yWiblZxcDHEpcz4WwDyP6IpRDv6SGb7I6QiS/mFW5qdj2bEhf6DBb+hp1NCOuUx+WOZCiCU2b7pNH1+fVt89FtmDu+S7fSwDaiaDG6rrBNtp8VVzi+xbT1z07NdAIZs7b1LojF6LTkjOYwLJqrM+p+Ix9bSY5KvnjA/1EpTGDGproliDg998sC5cCcjLIWQMVc3wcZ3SrNPs c1jsDB24 EYCGWbPx9pz0pf21hYXR1uo7CxuRZq3ky8W86c5EicpjCEIbhLacr2k9cu7jp+2BP7zB/ioMUrl78Mo2CFXTI5UnJ7yzH8rLLEXTzA0zlyk+ArcpGvkIHP+Kvc9CojohVuC4Z637AuJ/prZsq+WbKicUnxCdSUCR8wczTH6YWZI0REFf6e29Q9W6YjWheJacOKL9UrE8GqhvXZWeym9XEz/pYzVEJszKAlbJPxEuqXH5J22xZKPQP4k5EsU7J9Eblrq/MhFUveuQAfco0XG7wwrX9spqEIkZYrsbPH0s0bEocOXQ92J52XpICfEqOlTDQqUemBpqzYlC7Unqm7SjKF8opIkbHniZVhQxd1lKLH+m8rSI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Apr 28, 2023 at 05:43:52PM +0200, David Hildenbrand wrote: > On 28.04.23 17:34, David Hildenbrand wrote: > > On 28.04.23 17:33, Lorenzo Stoakes wrote: > > > On Fri, Apr 28, 2023 at 05:23:29PM +0200, David Hildenbrand wrote: > > > > > > > > > > > > Security is the primary case where we have historically closed uAPI > > > > > > items. > > > > > > > > > > As this patch > > > > > > > > > > 1) Does not tackle GUP-fast > > > > > 2) Does not take care of !FOLL_LONGTERM > > > > > > > > > > I am not convinced by the security argument in regard to this patch. > > > > > > > > > > > > > > > If we want to sells this as a security thing, we have to block it > > > > > *completely* and then CC stable. > > > > > > > > Regarding GUP-fast, to fix the issue there as well, I guess we could do > > > > something similar as I did in gup_must_unshare(): > > > > > > > > If we're in GUP-fast (no VMA), and want to pin a !anon page writable, > > > > fallback to ordinary GUP. IOW, if we don't know, better be safe. > > > > > > How do we determine it's non-anon in the first place? The check is on the > > > VMA. We could do it by following page tables down to folio and checking > > > folio->mapping for PAGE_MAPPING_ANON I suppose? > > > > PageAnon(page) can be called from GUP-fast after grabbing a reference. > > See gup_must_unshare(). > > IIRC, PageHuge() can also be called from GUP-fast and could special-case > hugetlb eventually, as it's table while we hold a (temporary) reference. > Shmem might be not so easy ... page->mapping->a_ops should be enough to whitelist whatever fs you want. -- Kiryl Shutsemau / Kirill A. Shutemov