From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4E200CDB482
	for <linux-mm@archiver.kernel.org>; Fri, 13 Oct 2023 10:32:15 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 77DEA80011; Fri, 13 Oct 2023 06:32:14 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 7046F8D0015; Fri, 13 Oct 2023 06:32:14 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5A4A180011; Fri, 13 Oct 2023 06:32:14 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17])
	by kanga.kvack.org (Postfix) with ESMTP id 470BA8D0015
	for <linux-mm@kvack.org>; Fri, 13 Oct 2023 06:32:14 -0400 (EDT)
Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay09.hostedemail.com (Postfix) with ESMTP id 1699C801BC
	for <linux-mm@kvack.org>; Fri, 13 Oct 2023 10:32:14 +0000 (UTC)
X-FDA: 81340073388.04.C002EE4
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
	by imf24.hostedemail.com (Postfix) with ESMTP id 9569618002D
	for <linux-mm@kvack.org>; Fri, 13 Oct 2023 10:32:11 +0000 (UTC)
Authentication-Results: imf24.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=GzPUTXkK;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b="KRkE/GJn";
	dmarc=none;
	spf=pass (imf24.hostedemail.com: domain of jack@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=jack@suse.cz
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1697193132;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=66B4eH+VSglevS0FFJUbqlfaivXzDyXujiWgnWbKsn0=;
	b=Bu3AttJYBn6Pj1vKM6fGA3CNIWUJxkxhwow3xS0iiTcL93gOJAlPp0iRQa5HFamfFr5M6L
	AcOnIrLd751V1pYfi6uDOB9GoKNtPyFFuQDpNIV23JxNWmB00hdNc0eCo6Nf1RP3T6l9Bx
	HBTb+zXQvt2fdfRnz4TR2NwUITpLdRw=
ARC-Authentication-Results: i=1;
	imf24.hostedemail.com;
	dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=GzPUTXkK;
	dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b="KRkE/GJn";
	dmarc=none;
	spf=pass (imf24.hostedemail.com: domain of jack@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=jack@suse.cz
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697193132; a=rsa-sha256;
	cv=none;
	b=RXudHmLvNfMaK8ZO809mEjzt86Goipc0gICQ0gimRmohRmwzAqO8OKdlB1FVajybW1qt8o
	/ggirOnWyS+uQOTWMwW6XBxOoVPnW6CT+Pm2Zs2o7LBIR7C3ApGXyP58hGXyU8rjAAhY7y
	7mkpCXhJhCSjKd+y3q9CNogdMOnWYLk=
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by smtp-out2.suse.de (Postfix) with ESMTPS id CB4991F37E;
	Fri, 13 Oct 2023 10:32:08 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa;
	t=1697193128; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=66B4eH+VSglevS0FFJUbqlfaivXzDyXujiWgnWbKsn0=;
	b=GzPUTXkKn6AZFQGjDKin2eF0ALSipmF8QhOq+wKShSHdUM4pyXff0HoSjkzHgl0ILNFnrt
	0ylBSy+c5OBebJmS00aKBcPckR149JRtqf9c9TX9zNeQyq4jsUE/T28W8luwYtTibxbeoT
	EYRQYFZNGWnmOg5BXIVewxMraQ3BLSc=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz;
	s=susede2_ed25519; t=1697193128;
	h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
	 mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=66B4eH+VSglevS0FFJUbqlfaivXzDyXujiWgnWbKsn0=;
	b=KRkE/GJnaQzE12WFx22/2vpu1a25IfI/GaPJQa5Awjb4ic5Jm4rBt153Td8maYEyerLFyK
	ohh3fn+NvA+bPYAA==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
	(No client certificate requested)
	by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id BA3B7138EF;
	Fri, 13 Oct 2023 10:32:08 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
	by imap2.suse-dmz.suse.de with ESMTPSA
	id cRFxLagcKWU2NAAAMHmgww
	(envelope-from <jack@suse.cz>); Fri, 13 Oct 2023 10:32:08 +0000
Received: by quack3.suse.cz (Postfix, from userid 1000)
	id 54305A05C4; Fri, 13 Oct 2023 12:32:08 +0200 (CEST)
Date: Fri, 13 Oct 2023 12:32:08 +0200
From: Jan Kara <jack@suse.cz>
To: Lorenzo Stoakes <lstoakes@gmail.com>
Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org,
	Andrew Morton <akpm@linux-foundation.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Muchun Song <muchun.song@linux.dev>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Christian Brauner <brauner@kernel.org>,
	Matthew Wilcox <willy@infradead.org>,
	Hugh Dickins <hughd@google.com>, Andy Lutomirski <luto@kernel.org>,
	Jan Kara <jack@suse.cz>, linux-fsdevel@vger.kernel.org,
	bpf@vger.kernel.org
Subject: Re: [PATCH v4 2/3] mm: update memfd seal write check to include
 F_SEAL_WRITE
Message-ID: <20231013103208.kdffpyerufr4ygnw@quack3>
References: <cover.1697116581.git.lstoakes@gmail.com>
 <913628168ce6cce77df7d13a63970bae06a526e0.1697116581.git.lstoakes@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <913628168ce6cce77df7d13a63970bae06a526e0.1697116581.git.lstoakes@gmail.com>
X-Rspam-User: 
X-Rspamd-Server: rspam12
X-Rspamd-Queue-Id: 9569618002D
X-Stat-Signature: o15tazmo7p8s6n1duzs9umibmndus73u
X-HE-Tag: 1697193131-211255
X-HE-Meta: U2FsdGVkX1/NWScX4fMKP5hgEWar2mXOLJ/3QMAIcPWWm4mfDl1m8IyJlmTdSRzCEeWsoBYCxqZMQsyCNFm+Z31UMP4LiQczFKawphdQNC16KJRur7kCaLIOJgi3pHC1/n8/SIICexOj/LSnyvzz9f5hBRkS1712QtlQMBtyVF3/TpSRNwIv6Pb1ey8YVPHUzDcT24Y+eVMX9v++WN6xbqWW44cJt6ll3SnQY1msWCDbBpKtvJJEcZ3ryMzhDUWE9VTqnCFdK0F/LogF1NAFV46DJLBooUZwAb5holMKVFCuQAk1CyoxCha8bbPZmJVWJyvlRiabS5UrgfFBWncRLbPToJRgIriNrPvi03SN+lXq4+Nt5pGzuD1JNJ9lDs/ApFbEclk3f4udNagjgDFSoc1lg4qQKq7WaEF+l1su1Y14B1PBY292FTAILu7/+1iloYXGiVHrvaXKI4Vf5uMXMYb9b9rhFZlCwXV6/ZlAn2JsEcak9PyTvjeE31YmC/bO/404DtGCBnQ62tf+vRrxJRKFQjjjod9NzVaRRJwIttbVXYefQbJv1eQ3rvzRwka07XKe1zIrf8WLw1PNITcWNemc3pyHH8mdkjWoN+mtwMSlQBHxqrOLFqWxCDvr61PaJG1RsEV6diZpX7h6/sFySDqQnK4ZCCjN7uN/O23gsrDAliVkLiL4j1b1zdOmv0ZtaRACgQ//Q6BQ6DFQZA4z5cyXgs5xfEn8jAUWJmg+f8AJolngTB5kd2IPoZ4Kro1c50AvL7/JCelvUloZfT2WoSUISSRzOue7Ppy99hCXeDnPwGNaVJU1HEH96uDyA1lCWJzungtC2sKFVKp/qgafQfcVDgazIRCj4YybczLT3NKqMCQriM48E58cIdEWuZQ26E7XX4AZ3uM3/Y6EAjeoUtWFyFhMIoLxs4JgIQdg2R6YTS+FnEl8lSVGSrIZMGlhBoKiwyyWax3e1+bxmHC
 35Wpf2T5
 qu/20avEtIIZ2BCQfZzf74xxfo5bJ5mFaR/+/mF8ce1Wo85Ux4NHv0Pj//C0OQ/tlzEm6bjdL9eFD9yx36b/CwoYzrlshCuQvZClF9wTC8ni5Y1uKpQtw0p3ec8rWwFxAvgMBMILBrGeCPNoUovejrTBOUKzEVHo4fbzKiLUA+4qv+Z3kfB2SDO5/JFwZ2SUla+aNXgWKfrKbuu4RE58+S05ForDAtT+7iAP+Yb+ksMUgkKcBiUZKWv36hh7rn+EwSgvltxqJ3qUMrZ33EsM4HZMFUcLAiLR+K8mBR55DrXRiRRNICctXHdLr9JWDHFF7XtxV
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Thu 12-10-23 18:04:29, Lorenzo Stoakes wrote:
> The seal_check_future_write() function is called by shmem_mmap() or
> hugetlbfs_file_mmap() to disallow any future writable mappings of an memfd
> sealed this way.
> 
> The F_SEAL_WRITE flag is not checked here, as that is handled via the
> mapping->i_mmap_writable mechanism and so any attempt at a mapping would
> fail before this could be run.
> 
> However we intend to change this, meaning this check can be performed for
> F_SEAL_WRITE mappings also.
> 
> The logic here is equally applicable to both flags, so update this function
> to accommodate both and rename it accordingly.
> 
> Signed-off-by: Lorenzo Stoakes <lstoakes@gmail.com>

For some reason only this one patch landed in my inbox but I've checked all
three on lore and they look good to me. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

to all of them. Thanks!

								Honza

> ---
>  fs/hugetlbfs/inode.c |  2 +-
>  include/linux/mm.h   | 15 ++++++++-------
>  mm/shmem.c           |  2 +-
>  3 files changed, 10 insertions(+), 9 deletions(-)
> 
> diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c
> index 06693bb1153d..5c333373dcc9 100644
> --- a/fs/hugetlbfs/inode.c
> +++ b/fs/hugetlbfs/inode.c
> @@ -112,7 +112,7 @@ static int hugetlbfs_file_mmap(struct file *file, struct vm_area_struct *vma)
>  	vm_flags_set(vma, VM_HUGETLB | VM_DONTEXPAND);
>  	vma->vm_ops = &hugetlb_vm_ops;
>  
> -	ret = seal_check_future_write(info->seals, vma);
> +	ret = seal_check_write(info->seals, vma);
>  	if (ret)
>  		return ret;
>  
> diff --git a/include/linux/mm.h b/include/linux/mm.h
> index bae234d18d81..26d7dc3b342b 100644
> --- a/include/linux/mm.h
> +++ b/include/linux/mm.h
> @@ -4078,25 +4078,26 @@ static inline void mem_dump_obj(void *object) {}
>  #endif
>  
>  /**
> - * seal_check_future_write - Check for F_SEAL_FUTURE_WRITE flag and handle it
> + * seal_check_write - Check for F_SEAL_WRITE or F_SEAL_FUTURE_WRITE flags and
> + *                    handle them.
>   * @seals: the seals to check
>   * @vma: the vma to operate on
>   *
> - * Check whether F_SEAL_FUTURE_WRITE is set; if so, do proper check/handling on
> - * the vma flags.  Return 0 if check pass, or <0 for errors.
> + * Check whether F_SEAL_WRITE or F_SEAL_FUTURE_WRITE are set; if so, do proper
> + * check/handling on the vma flags.  Return 0 if check pass, or <0 for errors.
>   */
> -static inline int seal_check_future_write(int seals, struct vm_area_struct *vma)
> +static inline int seal_check_write(int seals, struct vm_area_struct *vma)
>  {
> -	if (seals & F_SEAL_FUTURE_WRITE) {
> +	if (seals & (F_SEAL_WRITE | F_SEAL_FUTURE_WRITE)) {
>  		/*
>  		 * New PROT_WRITE and MAP_SHARED mmaps are not allowed when
> -		 * "future write" seal active.
> +		 * write seals are active.
>  		 */
>  		if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_WRITE))
>  			return -EPERM;
>  
>  		/*
> -		 * Since an F_SEAL_FUTURE_WRITE sealed memfd can be mapped as
> +		 * Since an F_SEAL_[FUTURE_]WRITE sealed memfd can be mapped as
>  		 * MAP_SHARED and read-only, take care to not allow mprotect to
>  		 * revert protections on such mappings. Do this only for shared
>  		 * mappings. For private mappings, don't need to mask
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 6503910b0f54..cab053831fea 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2405,7 +2405,7 @@ static int shmem_mmap(struct file *file, struct vm_area_struct *vma)
>  	struct shmem_inode_info *info = SHMEM_I(inode);
>  	int ret;
>  
> -	ret = seal_check_future_write(info->seals, vma);
> +	ret = seal_check_write(info->seals, vma);
>  	if (ret)
>  		return ret;
>  
> -- 
> 2.42.0
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR