Re: [PATCH v3 0/7] File Sealing & memfd_create()
From: David Herrmann <hidden>
Date: 2014-06-17 13:26:23
Also in:
linux-api, linux-fsdevel, lkml
Hi On Tue, Jun 17, 2014 at 2:13 PM, Florian Weimer [off-list ref] wrote:
On 06/17/2014 12:10 PM, David Herrmann wrote:quoted
quoted
quoted
The file might have holes, therefore, you'd have to allocate backing pages. This might hit a soft-limit and fail. To avoid this, use fallocate() to allocate pages prior to mmap()This does not work because the consuming side does not know how the descriptor was set up if sealing does not imply that.The consuming side has to very seals via F_GET_SEALS. After that, it shall do a simple fallocate() on the whole file if it wants to go sure that all pages are allocated. Why shouldn't that be possible? Please elaborate.Hmm. You permit general fallocate even for WRITE seals. That's really unexpected.
SEAL_WRITE prevents modifications of file-content. fallocate() does not modify file-contents, so I think it's not unexpected that fallocate() is still allowed.
The inode_newsize_ok check in shmem_fallocate can result in SIGXFSZ, which doesn't seem to be what's intended here.
It can only result in SIGXFSZ if you _increase_ the file-size with fallocate(). You shouldn't do that if you only verify that holes are allocated. Hence, a simple fallocate(st.st_size) cannot result in SIGXFSZ. Obviously, this requires SEAL_SHRINK to prevent the remote site to shrink the file while you call fallocate(). But SEAL_WRITE usually goes together with SEAL_SHRINK for obvious reasons.
Will the new pages attributed to the process calling fallocate, or to the process calling memfd_create?
Pages are always allocated by the caller and charged on current->mm (current process). Thanks David -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>