lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 20 Jul 2014 19:34:34 +0200
From:	David Herrmann <dh.herrmann@...il.com>
To:	linux-kernel@...r.kernel.org
Cc:	Michael Kerrisk <mtk.manpages@...il.com>,
	Ryan Lortie <desrt@...rt.ca>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>, linux-mm@...ck.org,
	linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org,
	Greg Kroah-Hartman <greg@...ah.com>, john.stultz@...aro.org,
	Lennart Poettering <lennart@...ttering.net>,
	Daniel Mack <zonque@...il.com>, Kay Sievers <kay@...y.org>,
	Hugh Dickins <hughd@...gle.com>,
	Andy Lutomirski <luto@...capital.net>,
	Alexander Viro <viro@...iv.linux.org.uk>,
	David Herrmann <dh.herrmann@...il.com>
Subject: [PATCH v4 0/6] File Sealing & memfd_create()

Hi

This is v4 of the File-Sealing and memfd_create() patches. You can find v1 with
a longer introduction at gmane [1], there's also v2 [2] and v3 [3] available.
See also the article about sealing on LWN [4], and a high-level introduction on
the new API in my blog [5]. Last but not least, man-page proposals are
available in my private repository [6].

This series introduces two new APIs:
  memfd_create(): Think of this syscall as malloc() but it returns a
                  file-descriptor instead of a pointer. That file-descriptor is
                  backed by anon-memory and can be memory-mapped for access.
  sealing: The sealing API can be used to prevent a specific set of operations
           on a file-descriptor. You 'seal' the file and give thus the
           guarantee, that those operations will be rejected from now on.

This series adds the memfd_create(2) syscall only to x86 and x86-64. Patches for
most other architectures are available in my private repository [7]. Missing
architectures are:
    alpha, avr32, blackfin, cris, frv, m32r, microblaze, mn10300, sh, sparc,
    um, xtensa
These architectures lack several newer syscalls, so those should be added first
before adding memfd_create(2). I can provide patches for those, if required.
However, I think it should be kept separate from this series.

Changes in v4:
  - drop page-isolation in favor of shmem_wait_for_pins()
  - add unlikely(info->seals) to write_begin hot-path
  - return EPERM for F_ADD_SEALS if file is not writable
  - moved shmem_wait_for_pins() entirely into it's own commit
  - make O_LARGEFILE mandatory part of memfd_create() ABI
  - add lru_add_drain() to shmem_tag_pins() hot-path
  - minor coding-style changes

Thanks
David


[1]    memfd v1: http://thread.gmane.org/gmane.comp.video.dri.devel/102241
[2]    memfd v2: http://thread.gmane.org/gmane.linux.kernel.mm/115713
[3]    memfd v3: http://thread.gmane.org/gmane.linux.kernel.mm/118721
[4] LWN article: https://lwn.net/Articles/593918/
[5]   API Intro: http://dvdhrm.wordpress.com/2014/06/10/memfd_create2/
[6]   Man-pages: http://cgit.freedesktop.org/~dvdhrm/man-pages/log/?h=memfd
[7]    Dev-repo: http://cgit.freedesktop.org/~dvdhrm/linux/log/?h=memfd


David Herrmann (6):
  mm: allow drivers to prevent new writable mappings
  shm: add sealing API
  shm: add memfd_create() syscall
  selftests: add memfd_create() + sealing tests
  selftests: add memfd/sealing page-pinning tests
  shm: wait for pins to be released when sealing

 arch/x86/syscalls/syscall_32.tbl               |   1 +
 arch/x86/syscalls/syscall_64.tbl               |   1 +
 fs/fcntl.c                                     |   5 +
 fs/inode.c                                     |   1 +
 include/linux/fs.h                             |  29 +-
 include/linux/shmem_fs.h                       |  17 +
 include/linux/syscalls.h                       |   1 +
 include/uapi/linux/fcntl.h                     |  15 +
 include/uapi/linux/memfd.h                     |   8 +
 kernel/fork.c                                  |   2 +-
 kernel/sys_ni.c                                |   1 +
 mm/mmap.c                                      |  30 +-
 mm/shmem.c                                     | 324 +++++++++
 mm/swap_state.c                                |   1 +
 tools/testing/selftests/Makefile               |   1 +
 tools/testing/selftests/memfd/.gitignore       |   4 +
 tools/testing/selftests/memfd/Makefile         |  41 ++
 tools/testing/selftests/memfd/fuse_mnt.c       | 110 +++
 tools/testing/selftests/memfd/fuse_test.c      | 311 +++++++++
 tools/testing/selftests/memfd/memfd_test.c     | 913 +++++++++++++++++++++++++
 tools/testing/selftests/memfd/run_fuse_test.sh |  14 +
 21 files changed, 1821 insertions(+), 9 deletions(-)
 create mode 100644 include/uapi/linux/memfd.h
 create mode 100644 tools/testing/selftests/memfd/.gitignore
 create mode 100644 tools/testing/selftests/memfd/Makefile
 create mode 100755 tools/testing/selftests/memfd/fuse_mnt.c
 create mode 100644 tools/testing/selftests/memfd/fuse_test.c
 create mode 100644 tools/testing/selftests/memfd/memfd_test.c
 create mode 100755 tools/testing/selftests/memfd/run_fuse_test.sh

-- 
2.0.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ