From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/12932 Path: news.gmane.org!.POSTED!not-for-mail From: Rich Felker Newsgroups: gmane.linux.lib.musl.general Subject: Re: [PATCH] mlock2 and memfd_create Date: Fri, 22 Jun 2018 15:02:50 -0400 Message-ID: <20180622190250.GS1392@brightrain.aerifal.cx> References: <20180619204314.GU4418@port70.net> <20180622001602.GA13372@gmail.com> <20180622091052.GV4418@port70.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: blaine.gmane.org 1529694060 7437 195.159.176.226 (22 Jun 2018 19:01:00 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 22 Jun 2018 19:01:00 +0000 (UTC) User-Agent: Mutt/1.5.21 (2010-09-15) To: musl@lists.openwall.com Original-X-From: musl-return-12948-gllmg-musl=m.gmane.org@lists.openwall.com Fri Jun 22 21:00:56 2018 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.84_2) (envelope-from ) id 1fWRIl-0001qv-V1 for gllmg-musl@m.gmane.org; Fri, 22 Jun 2018 21:00:56 +0200 Original-Received: (qmail 23964 invoked by uid 550); 22 Jun 2018 19:03:04 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 23914 invoked from network); 22 Jun 2018 19:03:03 -0000 Content-Disposition: inline In-Reply-To: <20180622091052.GV4418@port70.net> Original-Sender: Rich Felker Xref: news.gmane.org gmane.linux.lib.musl.general:12932 Archived-At: On Fri, Jun 22, 2018 at 11:10:52AM +0200, Szabolcs Nagy wrote: > * Andrei Vagin [2018-06-21 17:16:03 -0700]: > > On Tue, Jun 19, 2018 at 10:43:14PM +0200, Szabolcs Nagy wrote: > > > + > > > +int mlock2(const void *addr, size_t len, unsigned flags) > > > +{ > > > + if (flags == 0) > > > + return mlock(addr, len); > > > + return syscall(SYS_mlock2, addr, len, flags); > > > > I would prefer another way to support old kernels: > > > > int ret; > > > > ret = syscall(SYS_mlock2, addr, len, flags); > > if (ret == -1 && errno == ENOSYS && flags == 0) > > return mlock(addr, len); > > return ret; > > > > This way works a bit slower on old kernels, but it doesn't have side > > effects if mlock2 is supported. > > > > For example, the user can set seccomp rules, and he will not expect that > > the mlock syscall will be executed, when he calls mlock2() in a code. > > > > mlock2 is documented to be equivalent to mlock if flags==0, > the glibc logic is the same and seccomp (or whatever else > operating on the syscall layer) has to deal with mlock > anyway (unless we change the mlock implementation too). > so i would not be too worried about this. Generally my leaning is not to program around seccomp, and further to treat seccomp filters that forbid one operation but allow a semantically-equivalent (or even logical-permissions-equivalent) one as a bug in the seccomp filter. Yes that does make a little bit more work for anyone writing seccomp filters, but it's positive work -- it's making the filters more-portable, less-specific to a particular libc implementation. Rich