On 1/23/22 20:18, Hugh Dickins wrote:
> On Sat, 22 Jan 2022, Aleksa Sarai wrote:
>
>> Adding the maintainers of mm/{shmem,memfd}.c and fs/hugetlbfs/ just in
>> case this was not intended behaviour.
>
> Kir is correct - thanks - and it is intended behaviour. Not consciously
> intended to make for a difficult manpage, but the implementation was
> intended to be simple, so tmpfs and hugetlbfs do not internally
> distinguish memfd objects from filesystem files - their filesystem
> files simply start off with F_SEAL_SEAL to rule out any sealing.
>
Thanks Hugh, I agree.
>> On 2022-01-21, Kir Kolyshkin <kolyshkin@xxxxxxxxx> wrote:
>>> Currently, from the description of file sealing it can be deduced that
>>> unless the fd is a memfd, all sealing operations fail with EINVAL.
>>>
>>> Apparently, it's not true for tmpfs or hugetlbfs -- F_GET_SEALS returns
>>> 1 (F_SEAL_SEAL) for an fd opened on these filesystems (probably because
>>> those are used to back memfd files).
>>>
>>> Fix the description to mention that peculiarity. Not knowing this can
>>> result in incorrect code logic (see [1], where the code mistook a
>>> descriptor of a file opened on on tmpfs for a memfd).
>>>
>>> While at it, clarify that fcntl does not actually return EINVAL, but
>>> sets errno to it (as it is usually said elsewhere).
>>>
>>> [1] https://github.com/opencontainers/runc/pull/3342
>>>
>>> Cc: Aleksa Sarai <cyphar@xxxxxxxxxx>
>>> Cc: David Herrmann <dh.herrmann@xxxxxxxxx>
>>> Signed-off-by: Kir Kolyshkin <kolyshkin@xxxxxxxxx>
>
> Acked-by: Hugh Dickins <hughd@xxxxxxxxxx>
Acked-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
--
Mike Kravetz
