From patchwork Thu Nov  7 19:53:54 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joel Fernandes <joel@joelfernandes.org>
X-Patchwork-Id: 11233697
Return-Path: <SRS0=ID7B=Y7=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 871BF1850
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu,  7 Nov 2019 19:54:06 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 4BF6D21D7E
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu,  7 Nov 2019 19:54:06 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=joelfernandes.org header.i=@joelfernandes.org header.b="MF2KEhws"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4BF6D21D7E
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=joelfernandes.org
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 68D676B0003; Thu,  7 Nov 2019 14:54:05 -0500 (EST)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 617806B0006; Thu,  7 Nov 2019 14:54:05 -0500 (EST)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 4DEBC6B0007; Thu,  7 Nov 2019 14:54:05 -0500 (EST)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0174.hostedemail.com
 [216.40.44.174])
	by kanga.kvack.org (Postfix) with ESMTP id 351B76B0003
	for <linux-mm@kvack.org>; Thu,  7 Nov 2019 14:54:05 -0500 (EST)
Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay04.hostedemail.com (Postfix) with SMTP id CC9742C8A
	for <linux-mm@kvack.org>; Thu,  7 Nov 2019 19:54:04 +0000 (UTC)
X-FDA: 76130532408.21.end27_40a218e790c0c
X-Spam-Summary: 
 2,0,0,0fe8823af7128ae1,d41d8cd98f00b204,joel@joelfernandes.org,:linux-kernel@vger.kernel.org:ngeoffray@google.com:kernel-team@android.com:joel@joelfernandes.org:akpm@linux-foundation.org:hughd@google.com:linux-kselftest@vger.kernel.org::shuah@kernel.org,RULES_HIT:41:355:379:541:800:960:973:988:989:1260:1311:1314:1345:1437:1515:1535:1542:1711:1730:1747:1777:1792:1801:2393:2559:2562:2693:2897:3138:3139:3140:3141:3142:3354:3865:3867:3868:3871:3874:4321:4605:5007:6261:6653:7576:7903:10004:11026:11232:11473:11658:11914:12043:12295:12296:12297:12517:12519:12555:12679:12895:12986:13149:13161:13229:13230:13255:13846:13870:13894:14181:14394:14721:21080:21222:21444:21451:21627:30012:30054:30075,0,RBL:209.85.215.196:@joelfernandes.org:.lbl8.mailshell.net-62.2.0.100
 66.100.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:52,LUA_SUMMARY:none
X-HE-Tag: end27_40a218e790c0c
X-Filterd-Recvd-Size: 5542
Received: from mail-pg1-f196.google.com (mail-pg1-f196.google.com
 [209.85.215.196])
	by imf07.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu,  7 Nov 2019 19:54:04 +0000 (UTC)
Received: by mail-pg1-f196.google.com with SMTP id q22so2689335pgk.2
        for <linux-mm@kvack.org>; Thu, 07 Nov 2019 11:54:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=joelfernandes.org; s=google;
        h=from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=Ghp1ccQ5fcbrX+RPWdRWrW5V+/l6RykYTQKYb1Z+Wp4=;
        b=MF2KEhwsFOY2JznvdfjXOUNj6W3qYNeau+VKgjLdGcoHKMwypDOQ9+KNmwpoguPBnA
         7i/obFhGjyKDKsUMxeH64dpCWx1uMOpGLtazJ2WOFQJj2EgXR2EKcxlrJHXs+HFIxiKU
         AjzqDaEAAzRnfgvLsssB5KV+gpsE0RcbDcp+E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
         :content-transfer-encoding;
        bh=Ghp1ccQ5fcbrX+RPWdRWrW5V+/l6RykYTQKYb1Z+Wp4=;
        b=qX2xxfwXNh0xiO38RAYh3m36OEGcMTOyRvnNhLp849jA895XrUds7durBnkQk706bF
         T2CR1qcT7n80USLNVCgxj2xjjllwJmtpm+m/Yj+tAWtKxdGbYgDC/JaN0igUN7I8RREO
         W8/TR8eKvcS9qqspyy6B/wE2RDZ2Et4ObPa97WGQVpVEOHhqRFWCDRWYu+gaRQi7FLMQ
         p3aDP5UX4ExQHP2+unD1jebtd2Aqvs3WFw4tuuAQEPow0GcRmhWu3DxYKdbndeBW/PBB
         diLSlBBM7uNUoqAR55BmEwo1F8PN/pRUy+G8M0TZ/GHnGOUOZMj614UBaWjCWq1uSWCC
         ISQA==
X-Gm-Message-State: APjAAAVNppYN5bA2w4L2a9MjwPD2RBGb272hQldLAs7J5Nu6hKwjgfgY
	wYlKbOsgDuUuDo946FADrZvpBg==
X-Google-Smtp-Source: 
 APXvYqxa4V3GDy6MxEr8e4GyHJt30Yq7/f7FjZfuQPYkIlqBQ0ZxitLHpBCbWZAaGGArGLkuPC825w==
X-Received: by 2002:a63:f852:: with SMTP id v18mr4706535pgj.71.1573156442796;
        Thu, 07 Nov 2019 11:54:02 -0800 (PST)
Received: from joelaf.cam.corp.google.com
 ([2620:15c:6:12:9c46:e0da:efbf:69cc])
        by smtp.gmail.com with ESMTPSA id
 y2sm3365870pfe.126.2019.11.07.11.54.01
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 07 Nov 2019 11:54:02 -0800 (PST)
From: "Joel Fernandes (Google)" <joel@joelfernandes.org>
To: linux-kernel@vger.kernel.org
Cc: Nicolas Geoffray <ngeoffray@google.com>,
	kernel-team@android.com,
	Joel Fernandes <joel@joelfernandes.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Hugh Dickins <hughd@google.com>,
	linux-kselftest@vger.kernel.org,
	linux-mm@kvack.org,
	Shuah Khan <shuah@kernel.org>
Subject: [PATCH 1/2] memfd: Fix COW issue on MAP_PRIVATE and
 F_SEAL_FUTURE_WRITE mappings
Date: Thu,  7 Nov 2019 14:53:54 -0500
Message-Id: <20191107195355.80608-1-joel@joelfernandes.org>
X-Mailer: git-send-email 2.24.0.rc1.363.gb1bccd3e3d-goog
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

From: Nicolas Geoffray <ngeoffray@google.com>

F_SEAL_FUTURE_WRITE has unexpected behavior when used with MAP_PRIVATE:
A private mapping created after the memfd file that gets sealed with
F_SEAL_FUTURE_WRITE loses the copy-on-write at fork behavior, meaning
children and parent share the same memory, even though the mapping is
private.

The reason for this is due to the code below:

static int shmem_mmap(struct file *file, struct vm_area_struct *vma)
{
        struct shmem_inode_info *info = SHMEM_I(file_inode(file));

        if (info->seals & F_SEAL_FUTURE_WRITE) {
                /*
                 * New PROT_WRITE and MAP_SHARED mmaps are not allowed when
                 * "future write" seal active.
                 */
                if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_WRITE))
                        return -EPERM;

                /*
                 * Since the F_SEAL_FUTURE_WRITE seals allow for a MAP_SHARED
                 * read-only mapping, take care to not allow mprotect to revert
                 * protections.
                 */
                vma->vm_flags &= ~(VM_MAYWRITE);
        }
        ...
}

And for the mm to know if a mapping is copy-on-write:
static inline bool is_cow_mapping(vm_flags_t flags)
{
        return (flags & (VM_SHARED | VM_MAYWRITE)) == VM_MAYWRITE;
}

The patch fixes the issue by making the mprotect revert protection
happen only for shared mappings. For private mappings, using mprotect
will have no effect on the seal behavior.

Cc: kernel-team@android.com
Signed-off-by: Nicolas Geoffray <ngeoffray@google.com>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
---
Google bug: 143833776

 mm/shmem.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/mm/shmem.c b/mm/shmem.c
index 447fd575587c..6ac5e867ef13 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -2214,11 +2214,14 @@ static int shmem_mmap(struct file *file, struct vm_area_struct *vma)
 			return -EPERM;
 
 		/*
-		 * Since the F_SEAL_FUTURE_WRITE seals allow for a MAP_SHARED
-		 * read-only mapping, take care to not allow mprotect to revert
-		 * protections.
+		 * Since an F_SEAL_FUTURE_WRITE sealed memfd can be mapped as
+		 * MAP_SHARED and read-only, take care to not allow mprotect to
+		 * revert protections on such mappings. Do this only for shared
+		 * mappings. For private mappings, don't need to mask VM_MAYWRITE
+		 * as we still want them to be COW-writable.
 		 */
-		vma->vm_flags &= ~(VM_MAYWRITE);
+		if (vma->vm_flags & VM_SHARED)
+			vma->vm_flags &= ~(VM_MAYWRITE);
 	}
 
 	file_accessed(file);

From patchwork Thu Nov  7 19:53:55 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Joel Fernandes <joel@joelfernandes.org>
X-Patchwork-Id: 11233701
Return-Path: <SRS0=ID7B=Y7=kvack.org=owner-linux-mm@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9277414E5
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu,  7 Nov 2019 19:54:08 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 5F2FD21D79
	for <patchwork-linux-mm@patchwork.kernel.org>;
 Thu,  7 Nov 2019 19:54:08 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=joelfernandes.org header.i=@joelfernandes.org header.b="xJlo1DuP"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5F2FD21D79
Authentication-Results: mail.kernel.org;
 dmarc=none (p=none dis=none) header.from=joelfernandes.org
Authentication-Results: mail.kernel.org;
 spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 5A43B6B0006; Thu,  7 Nov 2019 14:54:06 -0500 (EST)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 5551B6B0008; Thu,  7 Nov 2019 14:54:06 -0500 (EST)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 3CD636B000A; Thu,  7 Nov 2019 14:54:06 -0500 (EST)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0157.hostedemail.com
 [216.40.44.157])
	by kanga.kvack.org (Postfix) with ESMTP id 14B616B0006
	for <linux-mm@kvack.org>; Thu,  7 Nov 2019 14:54:06 -0500 (EST)
Received: from smtpin15.hostedemail.com (10.5.19.251.rfc1918.com
 [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with SMTP id A8DCA181AEF1E
	for <linux-mm@kvack.org>; Thu,  7 Nov 2019 19:54:05 +0000 (UTC)
X-FDA: 76130532450.15.women96_40cabd1e84f63
X-Spam-Summary: 
 2,0,0,181365664253a868,d41d8cd98f00b204,joel@joelfernandes.org,:linux-kernel@vger.kernel.org:joel@joelfernandes.org:akpm@linux-foundation.org:hughd@google.com:kernel-team@android.com:linux-kselftest@vger.kernel.org::shuah@kernel.org,RULES_HIT:41:355:379:541:800:960:973:988:989:1260:1311:1314:1345:1359:1437:1515:1534:1541:1711:1730:1747:1777:1792:2393:2559:2562:3138:3139:3140:3141:3142:3353:3622:3865:3867:3868:3870:3871:3874:4321:5007:6261:6653:10004:11026:11657:11658:11914:12043:12291:12297:12438:12517:12519:12555:12895:12986:13069:13161:13229:13255:13311:13357:13894:14384:14394:14721:21080:21324:21444:21627:30054:30056:30079,0,RBL:209.85.215.196:@joelfernandes.org:.lbl8.mailshell.net-62.2.0.100
 66.100.201.201,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not
 bulk,SPF:fp,MSBL:0,DNSBL:neutral,Custom_rules:0:0:0,LFtime:46,LUA_SUMMARY:none
X-HE-Tag: women96_40cabd1e84f63
X-Filterd-Recvd-Size: 4624
Received: from mail-pg1-f196.google.com (mail-pg1-f196.google.com
 [209.85.215.196])
	by imf19.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Thu,  7 Nov 2019 19:54:05 +0000 (UTC)
Received: by mail-pg1-f196.google.com with SMTP id 15so2664778pgt.7
        for <linux-mm@kvack.org>; Thu, 07 Nov 2019 11:54:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=joelfernandes.org; s=google;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=Yt65JEzI8B4ThC22+VCw7CM+LK+ArEMO8/zLSXCHvk0=;
        b=xJlo1DuPB3YVBQAgFBR+GjVfwFtDBuQ75nv+sOnYtZPQ9qSXZxB8HraZUGDFxy1Drz
         f71wLXCjXxGHlCCs4z60NYnl14ny5cszdYwgmbJgZFxncgjtZ1MXyr1R/0NkJ+bOhIbG
         3pRidFtRgR2sgu8rJHSs23dG8WMz3UGcczVaM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Yt65JEzI8B4ThC22+VCw7CM+LK+ArEMO8/zLSXCHvk0=;
        b=F6QXOnLsQeUOaVMPlTfV7loI69qohrEWELgxklx+dczYNrF3GdSMMT4KiY0f3Aymvj
         Z45EVOdBpA9VsLF9k5av0CbWI0lNpGGSnISgSENdAvzRr/vHX0catiefy4EygInx0ZX1
         RUNBAyU1NafD6E57G/97dg8kJaNf1J7kaHvAGwAGzvtcH7Makp7L3LlhnLRR7TiyxU2E
         x0jwSW7FL0IYxaHp0HtwHQRtBg+z0iJpdB3NOw6edVHQjWoGxh/2a75bysN0gbAZv1Cp
         pzoZpv/PDlSBlQhJyyB1RPiQdwBkR4PanOBMPsu412pD+WY0Qie+P/LX+kw27mvWK6o6
         IkFA==
X-Gm-Message-State: APjAAAVsoW8oepp+1P+qVcKo0krcQ8kxrEaPOCIAx17ERH0UJVO8GsR+
	d/WErPczryDRe0FcqEhTJR14Lw==
X-Google-Smtp-Source: 
 APXvYqyoeYqV+vMTE2cL67Ov6JWJRzPg3lrGLBosK857p3VGFNE53iEGD9JcdWLwOQIALLrrUutrDg==
X-Received: by 2002:a63:d70f:: with SMTP id d15mr6903311pgg.424.1573156444237;
        Thu, 07 Nov 2019 11:54:04 -0800 (PST)
Received: from joelaf.cam.corp.google.com
 ([2620:15c:6:12:9c46:e0da:efbf:69cc])
        by smtp.gmail.com with ESMTPSA id
 y2sm3365870pfe.126.2019.11.07.11.54.03
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 07 Nov 2019 11:54:03 -0800 (PST)
From: "Joel Fernandes (Google)" <joel@joelfernandes.org>
To: linux-kernel@vger.kernel.org
Cc: "Joel Fernandes (Google)" <joel@joelfernandes.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Hugh Dickins <hughd@google.com>,
	kernel-team@android.com,
	linux-kselftest@vger.kernel.org,
	linux-mm@kvack.org,
	Shuah Khan <shuah@kernel.org>
Subject: [PATCH 2/2] memfd: Add test for COW on MAP_PRIVATE and
 F_SEAL_FUTURE_WRITE mappings
Date: Thu,  7 Nov 2019 14:53:55 -0500
Message-Id: <20191107195355.80608-2-joel@joelfernandes.org>
X-Mailer: git-send-email 2.24.0.rc1.363.gb1bccd3e3d-goog
In-Reply-To: <20191107195355.80608-1-joel@joelfernandes.org>
References: <20191107195355.80608-1-joel@joelfernandes.org>
MIME-Version: 1.0
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

In this test, the parent and child both have writable private mappings.
The test shows that without the patch in this series, the parent and
child shared the same memory which is incorrect. In other words, COW
needs to be triggered so any writes to child's copy stays local to the
child.

Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
---
 tools/testing/selftests/memfd/memfd_test.c | 36 ++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c
index c67d32eeb668..334a7eea2004 100644
--- a/tools/testing/selftests/memfd/memfd_test.c
+++ b/tools/testing/selftests/memfd/memfd_test.c
@@ -290,6 +290,40 @@ static void mfd_assert_read_shared(int fd)
 	munmap(p, mfd_def_size);
 }
 
+static void mfd_assert_fork_private_write(int fd)
+{
+	int *p;
+	pid_t pid;
+
+	p = mmap(NULL,
+		 mfd_def_size,
+		 PROT_READ | PROT_WRITE,
+		 MAP_PRIVATE,
+		 fd,
+		 0);
+	if (p == MAP_FAILED) {
+		printf("mmap() failed: %m\n");
+		abort();
+	}
+
+	p[0] = 22;
+
+	pid = fork();
+	if (pid == 0) {
+		p[0] = 33;
+		exit(0);
+	} else {
+		waitpid(pid, NULL, 0);
+
+		if (p[0] != 22) {
+			printf("MAP_PRIVATE copy-on-write failed: %m\n");
+			abort();
+		}
+	}
+
+	munmap(p, mfd_def_size);
+}
+
 static void mfd_assert_write(int fd)
 {
 	ssize_t l;
@@ -760,6 +794,8 @@ static void test_seal_future_write(void)
 	mfd_assert_read_shared(fd2);
 	mfd_fail_write(fd2);
 
+	mfd_assert_fork_private_write(fd);
+
 	munmap(p, mfd_def_size);
 	close(fd2);
 	close(fd);