[{"id":1793462,"web_url":"http://patchwork.ozlabs.org/comment/1793462/","msgid":"<20171024212119.GB1611@linux.intel.com>","list_archive_url":null,"date":"2017-10-24T21:21:19","subject":"Re: [PATCH 01/17] mm: introduce MAP_SHARED_VALIDATE, a mechanism to\n\tsafely define new mmap flags","submitter":{"id":46514,"url":"http://patchwork.ozlabs.org/api/people/46514/","name":"Ross Zwisler","email":"ross.zwisler@linux.intel.com"},"content":"On Tue, Oct 24, 2017 at 05:23:58PM +0200, Jan Kara wrote:\n> From: Dan Williams <dan.j.williams@intel.com>\n> \n> The mmap(2) syscall suffers from the ABI anti-pattern of not validating\n> unknown flags. However, proposals like MAP_SYNC need a mechanism to\n> define new behavior that is known to fail on older kernels without the\n> support. Define a new MAP_SHARED_VALIDATE flag pattern that is\n> guaranteed to fail on all legacy mmap implementations.\n> \n> It is worth noting that the original proposal was for a standalone\n> MAP_VALIDATE flag. However, when that  could not be supported by all\n> archs Linus observed:\n> \n>     I see why you *think* you want a bitmap. You think you want\n>     a bitmap because you want to make MAP_VALIDATE be part of MAP_SYNC\n>     etc, so that people can do\n> \n>     ret = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED\n> \t\t    | MAP_SYNC, fd, 0);\n> \n>     and \"know\" that MAP_SYNC actually takes.\n> \n>     And I'm saying that whole wish is bogus. You're fundamentally\n>     depending on special semantics, just make it explicit. It's already\n>     not portable, so don't try to make it so.\n> \n>     Rename that MAP_VALIDATE as MAP_SHARED_VALIDATE, make it have a value\n>     of 0x3, and make people do\n> \n>     ret = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED_VALIDATE\n> \t\t    | MAP_SYNC, fd, 0);\n> \n>     and then the kernel side is easier too (none of that random garbage\n>     playing games with looking at the \"MAP_VALIDATE bit\", but just another\n>     case statement in that map type thing.\n> \n>     Boom. Done.\n> \n> Similar to ->fallocate() we also want the ability to validate the\n> support for new flags on a per ->mmap() 'struct file_operations'\n> instance basis.  Towards that end arrange for flags to be generically\n> validated against a mmap_supported_flags exported by 'struct\n> file_operations'. By default all existing flags are implicitly\n> supported, but new flags require MAP_SHARED_VALIDATE and\n> per-instance-opt-in.\n> \n> Cc: Jan Kara <jack@suse.cz>\n> Cc: Arnd Bergmann <arnd@arndb.de>\n> Cc: Andy Lutomirski <luto@kernel.org>\n> Cc: Andrew Morton <akpm@linux-foundation.org>\n> Suggested-by: Christoph Hellwig <hch@lst.de>\n> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>\n> Signed-off-by: Dan Williams <dan.j.williams@intel.com>\n> Signed-off-by: Jan Kara <jack@suse.cz>\n\nLooks great.\n\nReviewed-by: Ross Zwisler <ross.zwisler@linux.intel.com>","headers":{"Return-Path":"<linux-ext4-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=linux-ext4-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3yM5mp6G5xz9t2h\n\tfor <patchwork-incoming@ozlabs.org>;\n\tWed, 25 Oct 2017 08:21:30 +1100 (AEDT)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751336AbdJXVV0 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tTue, 24 Oct 2017 17:21:26 -0400","from mga09.intel.com ([134.134.136.24]:9667 \"EHLO mga09.intel.com\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1751267AbdJXVVZ (ORCPT <rfc822;linux-ext4@vger.kernel.org>);\n\tTue, 24 Oct 2017 17:21:25 -0400","from fmsmga004.fm.intel.com ([10.253.24.48])\n\tby orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;\n\t24 Oct 2017 14:21:20 -0700","from theros.lm.intel.com (HELO linux.intel.com) ([10.232.112.77])\n\tby fmsmga004.fm.intel.com with ESMTP; 24 Oct 2017 14:21:19 -0700"],"X-ExtLoop1":"1","X-IronPort-AV":"E=Sophos;i=\"5.43,429,1503385200\"; d=\"scan'208\";a=\"327237420\"","Date":"Tue, 24 Oct 2017 15:21:19 -0600","From":"Ross Zwisler <ross.zwisler@linux.intel.com>","To":"Jan Kara <jack@suse.cz>","Cc":"Dan Williams <dan.j.williams@intel.com>,\n\tRoss Zwisler <ross.zwisler@linux.intel.com>,\n\tChristoph Hellwig <hch@infradead.org>,\n\tlinux-ext4@vger.kernel.org, linux-nvdimm@lists.01.org,\n\tlinux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org,\n\tlinux-api@vger.kernel.org, linux-mm@kvack.org,\n\tArnd Bergmann <arnd@arndb.de>, Andy Lutomirski <luto@kernel.org>,\n\tAndrew Morton <akpm@linux-foundation.org>","Subject":"Re: [PATCH 01/17] mm: introduce MAP_SHARED_VALIDATE, a mechanism to\n\tsafely define new mmap flags","Message-ID":"<20171024212119.GB1611@linux.intel.com>","Mail-Followup-To":"Ross Zwisler <ross.zwisler@linux.intel.com>,\n\tJan Kara <jack@suse.cz>, Dan Williams <dan.j.williams@intel.com>,\n\tChristoph Hellwig <hch@infradead.org>, linux-ext4@vger.kernel.org,\n\tlinux-nvdimm@lists.01.org, linux-fsdevel@vger.kernel.org,\n\tlinux-xfs@vger.kernel.org, linux-api@vger.kernel.org,\n\tlinux-mm@kvack.org, Arnd Bergmann <arnd@arndb.de>,\n\tAndy Lutomirski <luto@kernel.org>,\n\tAndrew Morton <akpm@linux-foundation.org>","References":"<20171024152415.22864-1-jack@suse.cz>\n\t<20171024152415.22864-2-jack@suse.cz>","MIME-Version":"1.0","Content-Type":"text/plain; charset=us-ascii","Content-Disposition":"inline","In-Reply-To":"<20171024152415.22864-2-jack@suse.cz>","User-Agent":"Mutt/1.9.1 (2017-09-22)","Sender":"linux-ext4-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<linux-ext4.vger.kernel.org>","X-Mailing-List":"linux-ext4@vger.kernel.org"}}]