From patchwork Tue Jul 9 13:20:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Patrick Roy X-Patchwork-Id: 13727957 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 722FEC2BD09 for ; Tue, 9 Jul 2024 13:21:34 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 90B3A6B00B7; Tue, 9 Jul 2024 09:21:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 891AB6B00B8; Tue, 9 Jul 2024 09:21:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 699086B00B9; Tue, 9 Jul 2024 09:21:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 464296B00B7 for ; Tue, 9 Jul 2024 09:21:30 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id EC2ADC196C for ; Tue, 9 Jul 2024 13:21:29 +0000 (UTC) X-FDA: 82320275898.13.A782AE0 Received: from smtp-fw-33001.amazon.com (smtp-fw-33001.amazon.com [207.171.190.10]) by imf13.hostedemail.com (Postfix) with ESMTP id F1C9B2002C for ; Tue, 9 Jul 2024 13:21:26 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=amazon.co.uk header.s=amazon201209 header.b=PlwmWrIi; spf=pass (imf13.hostedemail.com: domain of "prvs=913fd7204=roypat@amazon.co.uk" designates 207.171.190.10 as permitted sender) smtp.mailfrom="prvs=913fd7204=roypat@amazon.co.uk"; dmarc=pass (policy=quarantine) header.from=amazon.co.uk ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720531256; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Zs9pi34/tgrMwAZ4z/XLHKURo1LH266GsNUebv4yq5Y=; b=j+qLTrID/2tWPBejkKSzAuaob6GuKdP4s/w7BDOP+sdEqLBD4MUf9BQYZ+00/ZdAc3+wU4 xsAfi1Cw+ua0OBHr0kDlW6g/phdthSqImxGYGCP9IGyVCBjD2G9Wyu+dFxbIP4W13W1gPb pqrbKTDbrevDId78+0eFu1YsC824F9M= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720531256; a=rsa-sha256; cv=none; b=6fVJKm8psGHjhB4p7PK1sDAlnrXffPeSVOZWuc8dtJ6SiyTLVJ8KbGWhVo+zzRsyBFLWCD XzKv2miiJuiIxVsmVYkpJMBFzQlZr240OSkWb+EGUqSoBnVZ65q7prAUwvbnbqPQ1pPxXA XyLDlg7Vo9dKnG9LyPM5g9pm30r2q+8= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=amazon.co.uk header.s=amazon201209 header.b=PlwmWrIi; spf=pass (imf13.hostedemail.com: domain of "prvs=913fd7204=roypat@amazon.co.uk" designates 207.171.190.10 as permitted sender) smtp.mailfrom="prvs=913fd7204=roypat@amazon.co.uk"; dmarc=pass (policy=quarantine) header.from=amazon.co.uk DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.co.uk; i=@amazon.co.uk; q=dns/txt; s=amazon201209; t=1720531287; x=1752067287; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=Zs9pi34/tgrMwAZ4z/XLHKURo1LH266GsNUebv4yq5Y=; b=PlwmWrIiBE+IVPEi67xgHs9KoDET7GLIOHr6V70yGpa0nuwRMOjv9/j/ gM8D/sZeij5p+PRz1AgcA1RbCdi123ZtYs7VgXAcNYLtqaCYQzOib3iUn h/eqFNp5BtjZiXs7XZ+NJQf+zWHEcdLSg+HDSOoBGxgl6OtNLjHZdiJAD Q=; X-IronPort-AV: E=Sophos;i="6.09,195,1716249600"; d="scan'208";a="355121480" Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO smtpout.prod.us-east-1.prod.farcaster.email.amazon.dev) ([10.43.8.6]) by smtp-border-fw-33001.sea14.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jul 2024 13:21:21 +0000 Received: from EX19MTAUEA001.ant.amazon.com [10.0.0.204:8257] by smtpin.naws.us-east-1.prod.farcaster.email.amazon.dev [10.0.59.218:2525] with esmtp (Farcaster) id f29e8f74-c847-4100-b6a1-572dc2245bb7; Tue, 9 Jul 2024 13:21:19 +0000 (UTC) X-Farcaster-Flow-ID: f29e8f74-c847-4100-b6a1-572dc2245bb7 Received: from EX19D008UEA002.ant.amazon.com (10.252.134.125) by EX19MTAUEA001.ant.amazon.com (10.252.134.203) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1258.34; Tue, 9 Jul 2024 13:21:17 +0000 Received: from EX19MTAUEC001.ant.amazon.com (10.252.135.222) by EX19D008UEA002.ant.amazon.com (10.252.134.125) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1258.34; Tue, 9 Jul 2024 13:21:17 +0000 Received: from ua2d7e1a6107c5b.ant.amazon.com (172.19.88.180) by mail-relay.amazon.com (10.252.135.200) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1258.34 via Frontend Transport; Tue, 9 Jul 2024 13:21:14 +0000 From: Patrick Roy To: , , , , , CC: Patrick Roy , , , , , , , , , , , , , , , , , Subject: [RFC PATCH 7/8] mm: secretmem: use AS_INACCESSIBLE to prohibit GUP Date: Tue, 9 Jul 2024 14:20:35 +0100 Message-ID: <20240709132041.3625501-8-roypat@amazon.co.uk> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240709132041.3625501-1-roypat@amazon.co.uk> References: <20240709132041.3625501-1-roypat@amazon.co.uk> MIME-Version: 1.0 X-Stat-Signature: cfy6ug7umypjtdt1376yhnwfam57q9eo X-Rspamd-Queue-Id: F1C9B2002C X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1720531286-646730 X-HE-Meta: U2FsdGVkX18vV9Bg4h7hOvDqKmAyqvev2sst/Uz6+QVrx2n/wream/EMLlPoG7CSHGH5+DDy90EeSb5V5rCDnn92dOtz3x3rnm3zGHPtUXufAU75wxhcQVsdDWAtPanH3+LXeDcftqU3efppdsrPuOrCJOLNAY6dBqZAIiALMF9R1snIsIGqF+g8nj0bvScb/zIp1gqKNfvU55C+CqsdmIMEiPX2Ab1TdpuPM7A7khvSnVpcJTcvCI3T20FfvkV609EnjiaaXqoTXAQ9gMdO1ZAvm86CiA5JRwZ43qi6o3S1nbGppqZ/4CgTrFXRtPH0O/n4dTq8CwndfNr4/RxtfKOiuPNKE9RbuowqDBt2emzgUaJ8dOjA8byxdSlMT1t4W61psuRbMhMbABGMmpuGEH2A73HiI4dTv2qFh4YDc0Va6tllIk1tNph2pNCw4t+z5R9NCM90PMqDxne6uuzJv3CsftldUNqpmr+PcsypbFPpNOBrW7kM8dATlUlX2AL817rnBPGDnACvrdv7OCY/gkPjVBS8NN5+Gf7lS0eZwNHBjydWeQhuouJjXIfMjKIpfa1A93uGuxmHvFxdiZrx8FUm5fE5hRPu7ZpV9F/1F8YEpWQZhQPmNdSl5EV9vXz1MZzU4RlIAAuVngsk3j7ixpxe2iy/BPNyp9jUon0BtIxBF2DtiQ1FDXnaBqhTsRCb+P1pRRDBdyvvDUBnIpwMoSN8Y5WwCeW7WQTdlKFOIopVYOMB7g8JpS8qAvXE6kHdXaQKPkZ2a+oG2AzAykr5s7GW0cphvj9yOc+sVVqFMzgsrE2GP4Qpw6XW3e7r3HR9aj5vMmkXn1cWc0VW9gILRXC6IuTrFMzi6MXQ1qQ0zCInpXd+oHQB5oZ57yAcmEJRHvtVJCTa01K/svmJagoBgol5CrXC+Ww2IwN/z37HzYrYrEVweMGsXKOxGLLgVyfgqa2tSPGUOUCvZAFnCoD DzZlHPsg EQnH3ilaEvq8qdyRX4GeHjIdW1lrqixTSmZD3aKjg8IWQtwOfjimBP7H1QzRfTC8gV8SjCq+nBHGhDAxFX61fmkWpNiXatXh5+jPGaWiKyy1P0BCCLbUr1Hqqiz1yU3ZSgnqMZ6FCXj9WFy2HmHFZpU6pBJQdnGZycm+QOOT3olGtIvHzVSqXmdE9p3jGehrHg5vITtWeYUH3VoxwJO607ldjPUJrl7V5uRLa6Rg/SBNnpTJKzde1vCYXJ5Bqy0RGUgy88yOt3frLZERM5vvseU3k+zNqiYoKccrB7Vaz70q7qMYHLLiR0Gfxct1lGyFKO7fyLmbXy7J24s7V5phN9KYQzXAizDY2PrMXaxmvFCgBzXExc49sKdFwb2jUU0HakI9OLHyANkmm4F4bcffAk6jebsVymT73kF4+ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Inside of vma_is_secretmem and secretmem_mapping, instead of checking whether a vm_area_struct/address_space has the secretmem ops structure attached to it, check whether the address_space has the AS_INACCESSIBLE bit set. Then set the AS_INACCESSIBLE flag for secretmem's address_space. This means that get_user_pages and friends are disables for all adress_spaces that set AS_INACCESIBLE. The AS_INACCESSIBLE flag was introduced in commit c72ceafbd12c ("mm: Introduce AS_INACCESSIBLE for encrypted/confidential memory") specifically for guest_memfd to indicate that no reads and writes should ever be done to guest_memfd address_spaces. Disallowing gup seems like a reasonable semantic extension, and means that potential future mmaps of guest_memfd cannot be GUP'd. Signed-off-by: Patrick Roy --- include/linux/secretmem.h | 13 +++++++++++-- mm/secretmem.c | 6 +----- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h index e918f96881f5..886c8f7eb63e 100644 --- a/include/linux/secretmem.h +++ b/include/linux/secretmem.h @@ -8,10 +8,19 @@ extern const struct address_space_operations secretmem_aops; static inline bool secretmem_mapping(struct address_space *mapping) { - return mapping->a_ops == &secretmem_aops; + return mapping->flags & AS_INACCESSIBLE; +} + +static inline bool vma_is_secretmem(struct vm_area_struct *vma) +{ + struct file *file = vma->vm_file; + + if (!file) + return false; + + return secretmem_mapping(file->f_inode->i_mapping); } -bool vma_is_secretmem(struct vm_area_struct *vma); bool secretmem_active(void); #else diff --git a/mm/secretmem.c b/mm/secretmem.c index 3afb5ad701e1..fd03a84a1cb5 100644 --- a/mm/secretmem.c +++ b/mm/secretmem.c @@ -136,11 +136,6 @@ static int secretmem_mmap(struct file *file, struct vm_area_struct *vma) return 0; } -bool vma_is_secretmem(struct vm_area_struct *vma) -{ - return vma->vm_ops == &secretmem_vm_ops; -} - static const struct file_operations secretmem_fops = { .release = secretmem_release, .mmap = secretmem_mmap, @@ -218,6 +213,7 @@ static struct file *secretmem_file_create(unsigned long flags) inode->i_op = &secretmem_iops; inode->i_mapping->a_ops = &secretmem_aops; + inode->i_mapping->flags |= AS_INACCESSIBLE; /* pretend we are a normal file with zero size */ inode->i_mode |= S_IFREG;