mirror of
				git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
				synced 2025-09-18 22:14:16 +00:00 
			
		
		
		
	hugetlb: implement memfd sealing
Implements memfd sealing, similar to shmem: - WRITE: deny fallocate(PUNCH_HOLE). mmap() write is denied in memfd_add_seals(). write() doesn't exist for hugetlbfs. - SHRINK: added similar check as shmem_setattr() - GROW: added similar check as shmem_setattr() & shmem_fallocate() Except write() operation that doesn't exist with hugetlbfs, that should make sealing as close as it can be to shmem support. Link: http://lkml.kernel.org/r/20171107122800.25517-5-marcandre.lureau@redhat.com Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Mike Kravetz <mike.kravetz@oracle.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: David Herrmann <dh.herrmann@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
		
							parent
							
								
									da14c1e524
								
							
						
					
					
						commit
						ff62a34210
					
				
					 2 changed files with 28 additions and 2 deletions
				
			
		|  | @ -510,8 +510,16 @@ static long hugetlbfs_punch_hole(struct inode *inode, loff_t offset, loff_t len) | ||||||
| 
 | 
 | ||||||
| 	if (hole_end > hole_start) { | 	if (hole_end > hole_start) { | ||||||
| 		struct address_space *mapping = inode->i_mapping; | 		struct address_space *mapping = inode->i_mapping; | ||||||
|  | 		struct hugetlbfs_inode_info *info = HUGETLBFS_I(inode); | ||||||
| 
 | 
 | ||||||
| 		inode_lock(inode); | 		inode_lock(inode); | ||||||
|  | 
 | ||||||
|  | 		/* protected by i_mutex */ | ||||||
|  | 		if (info->seals & F_SEAL_WRITE) { | ||||||
|  | 			inode_unlock(inode); | ||||||
|  | 			return -EPERM; | ||||||
|  | 		} | ||||||
|  | 
 | ||||||
| 		i_mmap_lock_write(mapping); | 		i_mmap_lock_write(mapping); | ||||||
| 		if (!RB_EMPTY_ROOT(&mapping->i_mmap.rb_root)) | 		if (!RB_EMPTY_ROOT(&mapping->i_mmap.rb_root)) | ||||||
| 			hugetlb_vmdelete_list(&mapping->i_mmap, | 			hugetlb_vmdelete_list(&mapping->i_mmap, | ||||||
|  | @ -529,6 +537,7 @@ static long hugetlbfs_fallocate(struct file *file, int mode, loff_t offset, | ||||||
| 				loff_t len) | 				loff_t len) | ||||||
| { | { | ||||||
| 	struct inode *inode = file_inode(file); | 	struct inode *inode = file_inode(file); | ||||||
|  | 	struct hugetlbfs_inode_info *info = HUGETLBFS_I(inode); | ||||||
| 	struct address_space *mapping = inode->i_mapping; | 	struct address_space *mapping = inode->i_mapping; | ||||||
| 	struct hstate *h = hstate_inode(inode); | 	struct hstate *h = hstate_inode(inode); | ||||||
| 	struct vm_area_struct pseudo_vma; | 	struct vm_area_struct pseudo_vma; | ||||||
|  | @ -560,6 +569,11 @@ static long hugetlbfs_fallocate(struct file *file, int mode, loff_t offset, | ||||||
| 	if (error) | 	if (error) | ||||||
| 		goto out; | 		goto out; | ||||||
| 
 | 
 | ||||||
|  | 	if ((info->seals & F_SEAL_GROW) && offset + len > inode->i_size) { | ||||||
|  | 		error = -EPERM; | ||||||
|  | 		goto out; | ||||||
|  | 	} | ||||||
|  | 
 | ||||||
| 	/*
 | 	/*
 | ||||||
| 	 * Initialize a pseudo vma as this is required by the huge page | 	 * Initialize a pseudo vma as this is required by the huge page | ||||||
| 	 * allocation routines.  If NUMA is configured, use page index | 	 * allocation routines.  If NUMA is configured, use page index | ||||||
|  | @ -650,6 +664,7 @@ static int hugetlbfs_setattr(struct dentry *dentry, struct iattr *attr) | ||||||
| 	struct hstate *h = hstate_inode(inode); | 	struct hstate *h = hstate_inode(inode); | ||||||
| 	int error; | 	int error; | ||||||
| 	unsigned int ia_valid = attr->ia_valid; | 	unsigned int ia_valid = attr->ia_valid; | ||||||
|  | 	struct hugetlbfs_inode_info *info = HUGETLBFS_I(inode); | ||||||
| 
 | 
 | ||||||
| 	BUG_ON(!inode); | 	BUG_ON(!inode); | ||||||
| 
 | 
 | ||||||
|  | @ -658,9 +673,16 @@ static int hugetlbfs_setattr(struct dentry *dentry, struct iattr *attr) | ||||||
| 		return error; | 		return error; | ||||||
| 
 | 
 | ||||||
| 	if (ia_valid & ATTR_SIZE) { | 	if (ia_valid & ATTR_SIZE) { | ||||||
| 		if (attr->ia_size & ~huge_page_mask(h)) | 		loff_t oldsize = inode->i_size; | ||||||
|  | 		loff_t newsize = attr->ia_size; | ||||||
|  | 
 | ||||||
|  | 		if (newsize & ~huge_page_mask(h)) | ||||||
| 			return -EINVAL; | 			return -EINVAL; | ||||||
| 		error = hugetlb_vmtruncate(inode, attr->ia_size); | 		/* protected by i_mutex */ | ||||||
|  | 		if ((newsize < oldsize && (info->seals & F_SEAL_SHRINK)) || | ||||||
|  | 		    (newsize > oldsize && (info->seals & F_SEAL_GROW))) | ||||||
|  | 			return -EPERM; | ||||||
|  | 		error = hugetlb_vmtruncate(inode, newsize); | ||||||
| 		if (error) | 		if (error) | ||||||
| 			return error; | 			return error; | ||||||
| 	} | 	} | ||||||
|  | @ -712,6 +734,8 @@ static struct inode *hugetlbfs_get_inode(struct super_block *sb, | ||||||
| 
 | 
 | ||||||
| 	inode = new_inode(sb); | 	inode = new_inode(sb); | ||||||
| 	if (inode) { | 	if (inode) { | ||||||
|  | 		struct hugetlbfs_inode_info *info = HUGETLBFS_I(inode); | ||||||
|  | 
 | ||||||
| 		inode->i_ino = get_next_ino(); | 		inode->i_ino = get_next_ino(); | ||||||
| 		inode_init_owner(inode, dir, mode); | 		inode_init_owner(inode, dir, mode); | ||||||
| 		lockdep_set_class(&inode->i_mapping->i_mmap_rwsem, | 		lockdep_set_class(&inode->i_mapping->i_mmap_rwsem, | ||||||
|  | @ -719,6 +743,7 @@ static struct inode *hugetlbfs_get_inode(struct super_block *sb, | ||||||
| 		inode->i_mapping->a_ops = &hugetlbfs_aops; | 		inode->i_mapping->a_ops = &hugetlbfs_aops; | ||||||
| 		inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); | 		inode->i_atime = inode->i_mtime = inode->i_ctime = current_time(inode); | ||||||
| 		inode->i_mapping->private_data = resv_map; | 		inode->i_mapping->private_data = resv_map; | ||||||
|  | 		info->seals = F_SEAL_SEAL; | ||||||
| 		switch (mode & S_IFMT) { | 		switch (mode & S_IFMT) { | ||||||
| 		default: | 		default: | ||||||
| 			init_special_inode(inode, mode, dev); | 			init_special_inode(inode, mode, dev); | ||||||
|  |  | ||||||
|  | @ -273,6 +273,7 @@ static inline struct hugetlbfs_sb_info *HUGETLBFS_SB(struct super_block *sb) | ||||||
| struct hugetlbfs_inode_info { | struct hugetlbfs_inode_info { | ||||||
| 	struct shared_policy policy; | 	struct shared_policy policy; | ||||||
| 	struct inode vfs_inode; | 	struct inode vfs_inode; | ||||||
|  | 	unsigned int seals; | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| static inline struct hugetlbfs_inode_info *HUGETLBFS_I(struct inode *inode) | static inline struct hugetlbfs_inode_info *HUGETLBFS_I(struct inode *inode) | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue
	
	 Marc-André Lureau
						Marc-André Lureau