From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08D9EC77B75 for ; Tue, 18 Apr 2023 21:51:27 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 80DA88E0002; Tue, 18 Apr 2023 17:51:26 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7BE3D8E0001; Tue, 18 Apr 2023 17:51:26 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 685F48E0002; Tue, 18 Apr 2023 17:51:26 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 55CA78E0001 for ; Tue, 18 Apr 2023 17:51:26 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 3149E1403C0 for ; Tue, 18 Apr 2023 21:51:26 +0000 (UTC) X-FDA: 80695858572.14.A334AE0 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) by imf16.hostedemail.com (Postfix) with ESMTP id 8869718000E for ; Tue, 18 Apr 2023 21:51:24 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=tLrHj4dp; spf=none (imf16.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1681854684; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ClDY4zHXRxRv2R7Gk0yxGFQ9XOyZD63mK1Ox3vqagFk=; b=fb9Noi5oebYTgKVsen7fikPPPXN0ls9v6yOG5PAB8Ms0WZg4/GHHrHwSl+gqyAweTRXair 3t7Ukg1aqLqZLegbOIFRanRkOxnuBYs1xjDBkmbdMOWnwyMMhUks8g4etU/z+TMqtiR8SG CQMA2+npxASZr4uIXV/og+VDoFB0on4= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=pass header.d=infradead.org header.s=bombadil.20210309 header.b=tLrHj4dp; spf=none (imf16.hostedemail.com: domain of mcgrof@infradead.org has no SPF policy when checking 198.137.202.133) smtp.mailfrom=mcgrof@infradead.org; dmarc=fail reason="No valid SPF, DKIM not aligned (relaxed)" header.from=kernel.org (policy=none) ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681854684; a=rsa-sha256; cv=none; b=yISFJjofVvPl37Qstq4lJ8Y+RiFN9loVoFnOmGBfCw0mTmQrVm6wBWPDscOU/a9cxvzD7U MR/Jy9Dfx6d4HEYPsDF627Hw2gwH+NYa08d/UbbuvdLa6WpNaiDq+d6p/M5SHsBJafxWsf UlmI5Bgr3qxLyZP96TkUcGHTDl28jNE= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=ClDY4zHXRxRv2R7Gk0yxGFQ9XOyZD63mK1Ox3vqagFk=; b=tLrHj4dpnxEso0zEI7YDFkRe8c ccFF/qmeH0RhHBIz3uv6kHhvZCxc2qY6avkIHU6R2A4DI7lyB4C2vyszGoON7OELrM18pDKzcOf+x 6V3NjGz5FcREQN1Rt3T7yReInwnEYFl7ve2fLcXs5A+UzX0oPcsEDH2MbmWx7CGLwIVnDRmPuaSSb vFuqm5As8EbB7LF+Hrk/UH4w8yxfaFdeiY6ZZz38NF/ujIMZ+opaidxDOZu3v0lMkeGDdWiePSEzR XDpgUX/FzPEt1EwQegGHRWoQBT47xC2RlFe/WAi2hLF30NkOso6UMWnwbJ75pExjMRt+dNuFCqRkk 6mGiSQDQ==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.96 #2 (Red Hat Linux)) id 1potEP-003RhZ-23; Tue, 18 Apr 2023 21:51:21 +0000 Date: Tue, 18 Apr 2023 14:51:21 -0700 From: Luis Chamberlain To: Christian Brauner Cc: Hugh Dickins , akpm@linux-foundation.org, willy@infradead.org, linux-mm@kvack.org, p.raghav@samsung.com, da.gomez@samsung.com, a.manzanares@samsung.com, dave@stgolabs.net, yosryahmed@google.com, keescook@chromium.org, patches@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2 6/6] shmem: add support to ignore swap Message-ID: References: <20230309230545.2930737-1-mcgrof@kernel.org> <20230309230545.2930737-7-mcgrof@kernel.org> <79eae9fe-7818-a65c-89c6-138b55d609a@google.com> <20230418-zynisch-satzglied-55821361f70a@brauner> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230418-zynisch-satzglied-55821361f70a@brauner> X-Stat-Signature: 6n4syacmma13thmdq8nccszuoqdw6eqa X-Rspam-User: X-Rspamd-Queue-Id: 8869718000E X-Rspamd-Server: rspam06 X-HE-Tag: 1681854684-359141 X-HE-Meta: U2FsdGVkX1/JQoXf+6CMC8uULWxQ4gQio05Wd7QkkX9mzywwBK8OQe1p30x4HCmhA+wa5TkiCaHR45QLKzPj7PIDCsHIpuiEXH89wuZrDNav8sbD3T1GdmuEspox5b76o+tBqUzQFuxQ5FooIP0eOAhCP+V0zBJMCU9OvCQoz2HqxY2c6yzQudiIXigLKhFkGT6vg5aVCPIayiYaJ7XoZEa/ubxpRsKOroPzLVvdpuuRgPSokeu1syV+ExmHFbeMjfZvnLRbR4DzrSJcEeYDwsQpyl4OgR10FLImOS0EWZ5ZMb740dPUMPI8rnnlEbwFi/6umzWkbTgKEgrwi0scBH92kLAq1aFl8G2KnRxSM4u+5PQAHmmMVRCDCPnv4XgYMWTQNgE3xFb86c5QZ/7mjHrHlPwYnXqpV3N+UjdyV550Yut6gc0unugR5TSVSaDoYP0hdOndJhmgq6P/ixdoXnKPSjeO5ZLRFMPDl4OJOguIusD8KCQZh7fz8vLva4ZqjtE/dTnl2DeoIY65tYF56s9QZ3qbzRvsz9LBt/12fDamLtJD8FVFp1xrOkCjNWAex+xSDjZiM6ADzZgAwCWht9IvamWtUyYh0neZIvTHLV24tOzhByPijsh5EWJ03zkQL3ArqGUWX5UCU4rYzGXm6jQVgYuepPpcMZXlTEt3c1Riz202vm0MyVN2Qj1MRH1hi6DtbAemQIC9vR5d3y+WIX6YNPd01yWVdLur/HVXfdPlWcObnpuz/mqQcmJSnlL7Tm8ZTH78+YAmC3TaKZfLfDSO/T7/LlvpblWMw9HOVD2uS4Kz0Sag5Z07hOc+LsMd6YKGfyyLx0O78o1nJc6P8lTwbw1/ebNDSjfogM1di6alpBCjhNCubtLnv0kyq3zhhcuP5CfETahCfXPAp7bgtaDorbeD3Uy++g7QqLw2GsBjQxIEXGwgy1uq1FBCGkPbUIYZbsNVkr2K0jeSru9 DSYBLhSP RQ/nX04a121waYPbh4wtRFs4UuEzFTCO0D1MFu2LrTNiEVma1Cm5jfhoR6qtxNHRdwqBJ8J47wq2gRm5ET/faNcom608w9dlgLGgct/b5AWO5NytLA5qPdT17oAv23qJy4/Wyo4lUAmpNABrtHfc+kCyS4Sg0gPPyxcEBmgM24VofDZP3t2RZLuihx3imqk9HCihZ62da03Qvu/XdqU0HTgbIpiQglsKrVO46MBlBMk4LhWqxUWpfd5W4dCCI1bhbwWz857tuvty3mH0IbjCUZby1+1w0AspSqmoDtuZKTy49L1mfEcZtVKruh0TXONR26YfAW+SwYA7QHow= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Apr 18, 2023 at 09:38:10AM +0200, Christian Brauner wrote: > On Mon, Apr 17, 2023 at 10:50:59PM -0700, Hugh Dickins wrote: > > On Thu, 9 Mar 2023, Luis Chamberlain wrote: > > > > > In doing experimentations with shmem having the option to avoid swap > > > becomes a useful mechanism. One of the *raves* about brd over shmem is > > > you can avoid swap, but that's not really a good reason to use brd if > > > we can instead use shmem. Using brd has its own good reasons to exist, > > > but just because "tmpfs" doesn't let you do that is not a great reason > > > to avoid it if we can easily add support for it. > > > > > > I don't add support for reconfiguring incompatible options, but if > > > we really wanted to we can add support for that. > > > > > > To avoid swap we use mapping_set_unevictable() upon inode creation, > > > and put a WARN_ON_ONCE() stop-gap on writepages() for reclaim. > > > > I have one big question here, which betrays my ignorance: > > I hope that you or Christian can reassure me on this. > > > > tmpfs has fs_flags FS_USERNS_MOUNT. I know nothing about namespaces, > > nothing; but from overhearings, wonder if an ordinary user in a namespace > > might be able to mount their own tmpfs with "noswap", and thereby evade > > all accounting of the locked memory. > > > > That would be an absolute no-no for this patch; but I assume that even > > if so, it can be easily remedied by inserting an appropriate (unknown > > to me!) privilege check where the "noswap" option is validated. > > Oh, good catch. Thanks! So you would just need sm like: > > diff --git a/mm/shmem.c b/mm/shmem.c > index 787e83791eb5..21ce9b26bb4d 100644 > --- a/mm/shmem.c > +++ b/mm/shmem.c > @@ -3571,6 +3571,10 @@ static int shmem_parse_one(struct fs_context *fc, struct fs_parameter *param) > ctx->seen |= SHMEM_SEEN_INUMS; > break; > case Opt_noswap: > + if ((fc->user_ns != &init_user_ns) || !capable(CAP_SYS_ADMIN)) { > + return invalfc(fc, > + "Turning off swap in unprivileged tmpfs mounts unsupported"); > + } > ctx->noswap = true; > ctx->seen |= SHMEM_SEEN_NOSWAP; > break; > > The fc->user_ns is the userns that the tmpfs mount will be mounted in, i.e., > fc->user_ns will become sb->s_user_ns if FS_USERNS_MOUNT is raised. So with the > check above we require that the tmpfs instance must ultimately belong to the > initial userns and that the caller has CAP_SYS_ADMIN in the initial userns > (CAP_SYS_ADMIN guards swapon and swapoff) according to capabilities(7). Christian, mind sending this as a fix? Luis