lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAJcU4VTXw-vfRoq1VVfy7qW+zGUZxTaaXCQrRfeNuVUx30XtMw@mail.gmail.com>
Date: Thu, 16 Oct 2025 10:54:51 -0700
From: Abraham Wieland <abe.wieland@...il.com>
To: linux-mm@...ck.org
Cc: linux-kernel@...r.kernel.org
Subject: mm, shm: Question about hugetlb_shm_group sysctl

I apologize if this is not the right place to ask this; please point
me in the right direction if so.

I understand the intention of /proc/sys/vm/hugetlb_shm_group is to
only allow users of that group to create shared memory segments backed
by hugepages. However, I found that users not in that group can still
share a region (albeit not a SysV segment) backed by hugepages,
through at least two means:
1. They can make an fd with memfd_create and the MFD_HUGETLB flag,
then pass the fd (via SCM_RIGHTS or pidfd_getfd). According to the
manpage for memfd_create, MFD_HUGETLB is supposed to also honor
hugetlb_shm_group, but it doesn't; it calls hugetlb_file_setup with
HUGETLB_ANONHUGE_INODE (just like mmap does), so sidesteps that check
(which only occurs for HUGETLB_SHMFS_INODE).
2. They can mmap a region with MAP_SHARED | MAP_ANONYMOUS |
MAP_HUGETLB, then fork. Naturally this is more restrictive than
memfd_create or shmget, but it still allows for shared mappings backed
by hugepages (depending on your definition of shared).
3. Of course they could open a file in a hugetlbfs mount or a tmpfs
mount with the huge option, though these also require administrative
support.

Neither of the first two options have the persistence of a SysV
segment, but otherwise they still allow shared hugepages without a
separate mount. With this in mind, I wonder why we have the additional
restriction on SysV segments backed by hugepages; it seems like a very
specific case (as it doesn't affect the above options, nor segments
backed by normal pages).

Thanks in advance for any insights!
Abe Wieland

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ