| Message ID | 20240404185034.3184582-2-pbonzini@redhat.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | KVM: guest_memfd: New hooks and functionality for SEV-SNP and TDX | expand |
On 4/4/24 8:50 PM, Paolo Bonzini wrote: > From: Michael Roth <michael.roth@amd.com> > > filemap users like guest_memfd may use page cache pages to > allocate/manage memory that is only intended to be accessed by guests > via hardware protections like encryption. Writes to memory of this sort > in common paths like truncation may cause unexpected behavior such > writing garbage instead of zeros when attempting to zero pages, or > worse, triggering hardware protections that are considered fatal as far > as the kernel is concerned. > > Introduce a new address_space flag, AS_INACCESSIBLE, and use this > initially to prevent zero'ing of pages during truncation, with the > understanding that it is up to the owner of the mapping to handle this > specially if needed. > > Link: https://lore.kernel.org/lkml/ZR9LYhpxTaTk6PJX@google.com/ > Cc: Matthew Wilcox <willy@infradead.org> > Suggested-by: Sean Christopherson <seanjc@google.com> > Signed-off-by: Michael Roth <michael.roth@amd.com> > Message-ID: <20240329212444.395559-5-michael.roth@amd.com> > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> I've replied on Michael's original series thread but that was after this one was already posted, and I missed it due to smaller Cc list, e.g. linux-mm not being Cc... so let me repeat here: Hm somehow it seems like a rather blunt solution to a fairly specific issue on one hand, and on the other hand I'm not sure whether there are other places (not yet triggered) that should now take into account the flag to keep its promise. But as long as it gets the job done, and can be replaced later with something better... Acked-by: Vlastimil Babka <vbabka@suse.cz> > --- > include/linux/pagemap.h | 1 + > mm/truncate.c | 3 ++- > 2 files changed, 3 insertions(+), 1 deletion(-) > > diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h > index 2df35e65557d..f879c1d54da7 100644 > --- a/include/linux/pagemap.h > +++ b/include/linux/pagemap.h > @@ -207,6 +207,7 @@ enum mapping_flags { > AS_STABLE_WRITES, /* must wait for writeback before modifying > folio contents */ > AS_UNMOVABLE, /* The mapping cannot be moved, ever */ > + AS_INACCESSIBLE, /* Do not attempt direct R/W access to the mapping */ > }; > > /** > diff --git a/mm/truncate.c b/mm/truncate.c > index 725b150e47ac..c501338c7ebd 100644 > --- a/mm/truncate.c > +++ b/mm/truncate.c > @@ -233,7 +233,8 @@ bool truncate_inode_partial_folio(struct folio *folio, loff_t start, loff_t end) > * doing a complex calculation here, and then doing the zeroing > * anyway if the page split fails. > */ > - folio_zero_range(folio, offset, length); > + if (!(folio->mapping->flags & AS_INACCESSIBLE)) > + folio_zero_range(folio, offset, length); > > if (folio_has_private(folio)) > folio_invalidate(folio, offset, length);
diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h index 2df35e65557d..f879c1d54da7 100644 --- a/include/linux/pagemap.h +++ b/include/linux/pagemap.h @@ -207,6 +207,7 @@ enum mapping_flags { AS_STABLE_WRITES, /* must wait for writeback before modifying folio contents */ AS_UNMOVABLE, /* The mapping cannot be moved, ever */ + AS_INACCESSIBLE, /* Do not attempt direct R/W access to the mapping */ }; /** diff --git a/mm/truncate.c b/mm/truncate.c index 725b150e47ac..c501338c7ebd 100644 --- a/mm/truncate.c +++ b/mm/truncate.c @@ -233,7 +233,8 @@ bool truncate_inode_partial_folio(struct folio *folio, loff_t start, loff_t end) * doing a complex calculation here, and then doing the zeroing * anyway if the page split fails. */ - folio_zero_range(folio, offset, length); + if (!(folio->mapping->flags & AS_INACCESSIBLE)) + folio_zero_range(folio, offset, length); if (folio_has_private(folio)) folio_invalidate(folio, offset, length);