Re: Sealed memfd & no-fault mmap

[Linus Torvalds]

On Wed, May 5, 2021 at 3:21 AM Simon Ser <contact@xxxxxxxxxxx> wrote:
> >
> > Is there some very specific and targeted pattern for that "shared
> > mapping" case? For example, if it's always a shared anonymous mapping
> > with no filesystem backing, then that would possibly be a simpler case
> > than the "random arbitrary shared file descriptor".
>
> Yes. I don't know of any Wayland client using buffers with real
> filesystem backing. I think the main cases are:
>
> - shm_open(3) immediately followed by shm_unlink(3). On Linux, this is
>   implemented with /dev/shm which is a tmpfs.
> - Abusing /tmp or /run's tmpfs by creating a file there and unlinking
>   it immediately afterwards. Kind of similar to the first case.
> - memfd_create(2) on Linux.
>
> Is this enough to make it work on shared memory mappings? Is it
> important that the mapping is anonymous?

All of those should be anonymous in the sense that the backing store
is all the kernel's notion of anonymous pages, and there is no actual
file backing. The mappings may then be shared, of course.

So that does make Peter's idea to have some inode flag for "don't
SIGBUS on fault" be more reasonable, because there isn't some random
actual filesystem involved, only the core VM layer.

I'm not going to write the patch, though, but maybe you can convince
somebody else to try it..

            Linus