Re: Sealed memfd & no-fault mmap

From: Simon Ser
Date: Tue May 04 2021 - 05:30:01 EST

Next message: Peter Zijlstra: "Re: [PATCH v2 1/1] sched/fair: Fix unfairness caused by missing load decay"
Previous message: Vincent Donnefort: "Re: [PATCH v2 2/2] sched/fair: Fix negative energy delta in find_energy_efficient_cpu()"
Next in thread: Linus Torvalds: "Re: Sealed memfd & no-fault mmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tuesday, April 27th, 2021 at 6:51 PM, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

> Hmm. It doesn't look too hard to do. The biggest problem is actually
> that we've run out of flags in the vma (on 32-bit architectures), but
> you could try this UNTESTED patch that just does the MAP_NOFAULT thing
> unconditionally.

Oh, thanks for the patch! Will test.

> Side note: this will only ever work for non-shared mappings. That's
> fundamental. We won't add an anonymous page to a shared mapping, and
> do_anonymous_page() does verify that. So a MAP_SHARED mappign will
> still return SIGBUS even with this patch (although it's not obvious
> from the patch - the VM_FAULT_SIGBUS will just be re-created by
> do_anonymous_page()).
>
> So if you want a _shared_ mapping to honor __MAP_NOFAULT and insert
> random anonymous pages into it, I think the answer is "no, that's not
> going to be viable".
>
> So _if_ this works for you, and if it's ok that only MAP_PRIVATE can
> have __MAP_NOFAULT, and if Kirill/Peter/Will don't say "Oh, Linus,
> you're completely off your rocker and clearly need to be taking your
> meds", something like this - if we figure out the conditional bit -
> might be doable.

Hm, that's unfortunate. For the use-case of a Wayland compositor this
doesn't seem like a complete show-stopper: in 90% of cases the compositor
only needs a read-only mapping. Wayland clients submit buffers they're
rendered pixels to, compositors only need to read them. So the compositor
could map with MAP_PRIVATE and still get up-to-date pages from a client
process I think.

The remaining 10% is when the compositor needs a writable mapping for
things like screen capture. It doesn't seem like a SIGBUS handler can
be avoided in this case then… Oh well.

> That's a fair number of "ifs".
>
> Ok, back to the merge window for me, I'll be throwing away this crazy
> untested patch immediately after hitting "send". This is very much a
> "throw the idea over to other people" patch, in other words.

Got it. I'll take over the patch if this is a good way forward.

Next message: Peter Zijlstra: "Re: [PATCH v2 1/1] sched/fair: Fix unfairness caused by missing load decay"
Previous message: Vincent Donnefort: "Re: [PATCH v2 2/2] sched/fair: Fix negative energy delta in find_energy_efficient_cpu()"
Next in thread: Linus Torvalds: "Re: Sealed memfd & no-fault mmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]