| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LSU.2.11.1407232132330.991@eggly.anvils> Date: Wed, 23 Jul 2014 21:48:04 -0700 (PDT) From: Hugh Dickins <hughd@...gle.com> To: Andrew Morton <akpm@...ux-foundation.org> cc: David Herrmann <dh.herrmann@...il.com>, linux-kernel@...r.kernel.org, Michael Kerrisk <mtk.manpages@...il.com>, Ryan Lortie <desrt@...rt.ca>, Linus Torvalds <torvalds@...ux-foundation.org>, linux-mm@...ck.org, linux-fsdevel@...r.kernel.org, linux-api@...r.kernel.org, Greg Kroah-Hartman <greg@...ah.com>, john.stultz@...aro.org, Lennart Poettering <lennart@...ttering.net>, Daniel Mack <zonque@...il.com>, Kay Sievers <kay@...y.org>, Hugh Dickins <hughd@...gle.com>, Andy Lutomirski <luto@...capital.net>, Alexander Viro <viro@...iv.linux.org.uk> Subject: Re: [PATCH v4 0/6] File Sealing & memfd_create() On Sun, 20 Jul 2014, David Herrmann wrote: > Hi > > This is v4 of the File-Sealing and memfd_create() patches. You can find v1 with > a longer introduction at gmane [1], there's also v2 [2] and v3 [3] available. > See also the article about sealing on LWN [4], and a high-level introduction on > the new API in my blog [5]. Last but not least, man-page proposals are > available in my private repository [6]. > > This series introduces two new APIs: > memfd_create(): Think of this syscall as malloc() but it returns a > file-descriptor instead of a pointer. That file-descriptor is > backed by anon-memory and can be memory-mapped for access. > sealing: The sealing API can be used to prevent a specific set of operations > on a file-descriptor. You 'seal' the file and give thus the > guarantee, that those operations will be rejected from now on. > > This series adds the memfd_create(2) syscall only to x86 and x86-64. Patches for > most other architectures are available in my private repository [7]. Missing > architectures are: > alpha, avr32, blackfin, cris, frv, m32r, microblaze, mn10300, sh, sparc, > um, xtensa > These architectures lack several newer syscalls, so those should be added first > before adding memfd_create(2). I can provide patches for those, if required. > However, I think it should be kept separate from this series. > > Changes in v4: > - drop page-isolation in favor of shmem_wait_for_pins() > - add unlikely(info->seals) to write_begin hot-path > - return EPERM for F_ADD_SEALS if file is not writable > - moved shmem_wait_for_pins() entirely into it's own commit > - make O_LARGEFILE mandatory part of memfd_create() ABI > - add lru_add_drain() to shmem_tag_pins() hot-path > - minor coding-style changes > > Thanks > David > > > [1] memfd v1: http://thread.gmane.org/gmane.comp.video.dri.devel/102241 > [2] memfd v2: http://thread.gmane.org/gmane.linux.kernel.mm/115713 > [3] memfd v3: http://thread.gmane.org/gmane.linux.kernel.mm/118721 > [4] LWN article: https://lwn.net/Articles/593918/ > [5] API Intro: http://dvdhrm.wordpress.com/2014/06/10/memfd_create2/ > [6] Man-pages: http://cgit.freedesktop.org/~dvdhrm/man-pages/log/?h=memfd > [7] Dev-repo: http://cgit.freedesktop.org/~dvdhrm/linux/log/?h=memfd > > > David Herrmann (6): > mm: allow drivers to prevent new writable mappings > shm: add sealing API > shm: add memfd_create() syscall > selftests: add memfd_create() + sealing tests > selftests: add memfd/sealing page-pinning tests > shm: wait for pins to be released when sealing Andrew, I've now given my Ack to all of these, and think they are ready for inclusion in mmotm, if you agree with the addition of this sealing feature and the memfd_create() syscall. Andy Lutomirsky and I agree that it's somewhat unsatisfactory that a sealed sparse file could be passed, and inflate to something OOMing when read by the recipient; but I think we can live with that as a limitation of the initial implementation (the suspicious recipient can verify non-sparseness with lseek SEEK_HOLE), and it's my job to work on fixing that aspect - though probably not for 3.17. Thanks, Hugh > > arch/x86/syscalls/syscall_32.tbl | 1 + > arch/x86/syscalls/syscall_64.tbl | 1 + > fs/fcntl.c | 5 + > fs/inode.c | 1 + > include/linux/fs.h | 29 +- > include/linux/shmem_fs.h | 17 + > include/linux/syscalls.h | 1 + > include/uapi/linux/fcntl.h | 15 + > include/uapi/linux/memfd.h | 8 + > kernel/fork.c | 2 +- > kernel/sys_ni.c | 1 + > mm/mmap.c | 30 +- > mm/shmem.c | 324 +++++++++ > mm/swap_state.c | 1 + > tools/testing/selftests/Makefile | 1 + > tools/testing/selftests/memfd/.gitignore | 4 + > tools/testing/selftests/memfd/Makefile | 41 ++ > tools/testing/selftests/memfd/fuse_mnt.c | 110 +++ > tools/testing/selftests/memfd/fuse_test.c | 311 +++++++++ > tools/testing/selftests/memfd/memfd_test.c | 913 +++++++++++++++++++++++++ > tools/testing/selftests/memfd/run_fuse_test.sh | 14 + > 21 files changed, 1821 insertions(+), 9 deletions(-) > create mode 100644 include/uapi/linux/memfd.h > create mode 100644 tools/testing/selftests/memfd/.gitignore > create mode 100644 tools/testing/selftests/memfd/Makefile > create mode 100755 tools/testing/selftests/memfd/fuse_mnt.c > create mode 100644 tools/testing/selftests/memfd/fuse_test.c > create mode 100644 tools/testing/selftests/memfd/memfd_test.c > create mode 100755 tools/testing/selftests/memfd/run_fuse_test.sh > > -- > 2.0.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists