From patchwork Wed Jan 15 13:35:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13940449 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id A8581C02183 for ; Wed, 15 Jan 2025 13:36:24 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1B8AB280002; Wed, 15 Jan 2025 08:36:22 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 0F359280001; Wed, 15 Jan 2025 08:36:22 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E888E280002; Wed, 15 Jan 2025 08:36:21 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id BE25F280001 for ; Wed, 15 Jan 2025 08:36:21 -0500 (EST) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 3EA23C133C for ; Wed, 15 Jan 2025 13:36:21 +0000 (UTC) X-FDA: 83009785362.26.4C10193 Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) by imf13.hostedemail.com (Postfix) with ESMTP id 4301C20006 for ; Wed, 15 Jan 2025 13:36:19 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=tbrDaU79; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf13.hostedemail.com: domain of 30bmHZwkKCKYGROIKXeNRMUUMRK.IUSROTad-SSQbGIQ.UXM@flex--aliceryhl.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=30bmHZwkKCKYGROIKXeNRMUUMRK.IUSROTad-SSQbGIQ.UXM@flex--aliceryhl.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1736948179; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DamytgltoVfeocbQeMx8nCBv52GuJHF7pCRdLZ/tNgc=; b=TwQkrBID0ucuQNJ5Bdn7gl4ePPxQCJAmQ/b4m54TZZ8Adyg7hXtN0XgcdbJRLmXCFl3Wjx xPrlCasPZXcphlIcDcQQDdA9mvwtGox1JpOs1ewvz8ZSbp1leF47CHWFIDdkY8HgXfwA+C 1i69fH1dnRTG8cx+e5S6AIC+KthTpj0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1736948179; a=rsa-sha256; cv=none; b=kIv16W5ay3RDUfOWWw1zkdLpynO1Lz7NerFL+4VJgUoCGqOeBeBX2ieb+is1jWVf1AORKS CJ87tQ9s68Hvu4IjdZOfTKUVZLbRonI6kWOwvH0S9qZOAkMwlzNWL+lUeVr29pMfZC0Wee F3K5cTgCp85pYL69ioPZAqO5/rmmMUY= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=tbrDaU79; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf13.hostedemail.com: domain of 30bmHZwkKCKYGROIKXeNRMUUMRK.IUSROTad-SSQbGIQ.UXM@flex--aliceryhl.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=30bmHZwkKCKYGROIKXeNRMUUMRK.IUSROTad-SSQbGIQ.UXM@flex--aliceryhl.bounces.google.com Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43631d8d9c7so4407755e9.1 for ; Wed, 15 Jan 2025 05:36:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736948178; x=1737552978; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=DamytgltoVfeocbQeMx8nCBv52GuJHF7pCRdLZ/tNgc=; b=tbrDaU79uA+zRdTLXZTafMB34JMT+g9ZlFLXhtUpWcKzDGgY6jf3AAx5AJ8bfeuyRB lk0d+erYncLtFfRy/KDwdVHVfCPpgM2UGNFDJB/Mj7PZIVav+Da46C1aZCikM2TjNtD1 9PoMAWWxCsvpvtqtX0vJydWn+JpnoHkKtqnihIkdem0QuzKUC4Ws2c9/wEtKAg4cPrNJ 3Bfxofq3qzguY9oCKtAFchzOLSrziurQx3ljg2wZ/kwolCuGEAXmjrs4EEJyDtaClpjL UFwt731jjV5ZmpDqzFT9tGrZTDnuuCGufRltFbTd8bAO9ljD0vcrF0FN6ViFJUTIQ+Ta eQrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736948178; x=1737552978; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DamytgltoVfeocbQeMx8nCBv52GuJHF7pCRdLZ/tNgc=; b=r15Ia080j5N7YX7F+2EJrIgpsh0/TSTrHFoZKEoy2Y8fPLUj9WJZko7vl0o5XnNIwd KnSpTIjRiVNYTDtFFkuLXWJMRxGwIRAJ6UQ7LotJZsTxYC9IiTqtW97+SCjzRCJrAFsW +AwxXuLzc2gPsuk9wV+6tXpLn0xhgNhKXvJcNlij6bhbl9gup5aFI4tEhT3F7UXDgsuS BUnnQ5SVrgHGJ02ThOvwyRbBRUBt07Kr1+i2Gs6NerXBbTSF4Lvy00RSY/jrFDXUaGna N2wg+KxTcaV3aH7QDygEZ4S2SWFsPackPY8fmeeq+Qe6n7U0yPkP4UyP4QTm5vEs461B lNFw== X-Forwarded-Encrypted: i=1; AJvYcCX/x0C0ns3DhXIl0Va6A6QK8XDe5/0IDZjPDI7gigkrh04j9ZVeiSvipOm69RCKp6t7YujoF54ggg==@kvack.org X-Gm-Message-State: AOJu0Yw2qoeHAxgwlQ/f8MjXNcxPt6WgaEXjpsYbuqzpEK04diap7Akj Gu3gzmlAbf3qg9R/YUPycJC6zsyBnXkoPeioTawKFww5AQc6/q6HvXFA6ToIe0lKSaOT0kLmaKm rKmbX0TG33TLEoA== X-Google-Smtp-Source: AGHT+IELx9AJKZV8sItrJFa+G/e/yL/ebbqw7wwoZFqBDXagGmIfBN3Ggcgo9ka6F5wgyrAjnxYDVlZBAHgwK54= X-Received: from wmbez6.prod.google.com ([2002:a05:600c:83c6:b0:434:fe2b:fea7]) (user=aliceryhl job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:5cc:b0:42c:baf1:4c7 with SMTP id 5b1f17b1804b1-437c6af202cmr25099885e9.4.1736948177970; Wed, 15 Jan 2025 05:36:17 -0800 (PST) Date: Wed, 15 Jan 2025 13:35:09 +0000 In-Reply-To: <20250115-vma-v12-0-375099ae017a@google.com> Mime-Version: 1.0 References: <20250115-vma-v12-0-375099ae017a@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=8588; i=aliceryhl@google.com; h=from:subject:message-id; bh=XaI6NH0XnJmRP4+EcHKB+RqgempmG+WN3YGnzXiE0G8=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBnh7nAGt/I2v83P5iCzUqj5ZXeXUI8e+dMSkVQz nx0HwcJCmOJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZ4e5wAAKCRAEWL7uWMY5 RjcSD/47K/3DO60B2Djq16CVAghmS7WUkxL/INITcyHRwb6oJ8YyJhj8TK4JqkPdRZkgehr6WpE UqWj8HfVf2ETduU02zEMH7DeWGL0InDF98h6k1ceM5BxZJZv3YkLzK/RHzERmuSBXNAjSh6dvLX 61fnzSxecO8s+2Wpew8AmqVgWbBGAjYEi+3VElElWycZMHTQqsu4s4Y3/9wnRBXF68JnTcaDPvI L/yuifcqD1EC8/mF6NiQkoW5S+gXPUOSUefteN9/S+ShXCUtGla0pyK2RzzAJqt1l6kP3p/nyzO OtLgYmlG7lSBWtX3opa/E1iQFE81tTvgbN1VGWVfp+ZW+HsGc8+Nij/6GNrobLS4GI98/75fpEj WRB78vEl0vEgcfRMi8GXtPKFWr0wwj7jhGbRpGutntjl46DzYxn4/lVriP/oGiGGPQHKXYc7LHU S3IuTdyr5eU5x9otUQ7z46m3ppB8ZooIYC/KFEUisOz9qkL4CSyyViR6UyM7AdpTrxG4gZOFCqg BNcWZr2LtyQm1HNI6UX61cMFt2zWQawXDoraJ1vfiImRSjc+IAZnDYnEKFyfoblOnhgLKv4SWGT +aE4UhZ5F9fPg5rnIYwlrOLeEhbbZ+f2FYtfsvVCemJTdoE5MikdWKLFvmu1AF7yL3LKhnDJ4S+ wcRVfT/ozzI9kkA== X-Mailer: b4 0.13.0 Message-ID: <20250115-vma-v12-6-375099ae017a@google.com> Subject: [PATCH v12 6/8] mm: rust: add VmAreaNew for f_ops->mmap() From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Jann Horn , Suren Baghdasaryan Cc: Alex Gaynor , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Trevor Gross , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Alice Ryhl X-Stat-Signature: ogokj4az8sr69wy8r1bag7yckit387ue X-Rspamd-Queue-Id: 4301C20006 X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1736948179-400459 X-HE-Meta: U2FsdGVkX18pijtKOx9DZmzCIcPEOYxsvFMVBxnHnxmOMMaqeaWxX8IRazjobuPowEMCxLJOpls9OoyqA/ipKYGXcWJRt5Yfj5G63fY+cK4Iiog0/usMmmhI4f6Dupn5nwPdRcw+tRBy7/PqvjZLjCSCMrZXq5HqLzHqQ3twTU9eC/DY8G+MsLE8XtY8FSvF1EX81dtX/w1P1H2vZC82mhyCAklY2NwPJGeq6MfI/ruegEj8b24PdcsISiKlk3qiX5YGzBNAHwXGMC7nUjjMdIGuQ3k4khM+1zVwaWlErXSCPPkWS3Mx4lZxAKM6qW+wGhwzNwv9SlRR8sDWC/fuvsFmD/de6BFHvB2kUQJeZ1X2f58xz/eZpaNZeIfBAZqZ4tbOFpBIWZx0jWm8PN0CCyGAEFwupi4CLINlmcfrdB0dkUPpM2CA9/X5OGDu49SK1Pn5bhJRyM83gDoV5JrvI1zSFgKhe15ABUzgfGhErDoQ2bdAWNt1I94y/v96qWT8npiD2jPgyOBEjUwutY/5Na05XNh59wlF2PZ37JuGBzPbvDeKpVluPr4m1mXm9VFgL8KzbUYpS7/BVp3XoOVjmCOqHcSk+ltwno4ag6Dcgd0F8tX0D+vHr3cF9SXT90YSi2ogm1Ae8v8bjnD/QgzL/bT6OqflFomGdEV8aJPBTmNm2o5jZRwYrETuSX2kdijn2uRw19os9UoDng48+WeolwJwiTTKpkHrEnF65lGwmPF3G2qpRfY9bA93xUsOw8Sc6vdUJ8mGWP88rQESQDzv5AkreImfPyd3UJC+jk8FKZByEgEQ2eFXJfVV8JFn6hmU9OD7TjN6uVWIodr7oqnQur9tkQGHTp+KaOOMDmAX65LvuwS3JZQHsYGP7MeeL++7M0Gv2OVXXst8TkZPRvakQbMkecK/eK4uKdzQqPNc9AR63lqt3l6/+7LJvaXcLMJvPaWPReACRB+vzOx4kVa hkzYwXXR v2n5ZLEKzzoCvFb359+PGY6/zNRCjNhbuYQ9fBOrWot4Mt+W6wRls/vAE0/M89RDfN2xokvxrmuUgkOaV3V3tUmfJODDlPdgMqaUtgm4NXxDuezE8LGL72cGgfHwX3eUR6LBQ1gT0hX0NsTSHOquMdpsP8931V5A2lqr8pSVkbWxG2nV9oCHOojsjm4hEjY24wJJB0zcbv3ZUKoClWibL6aQTFDtugSDknrXewer5GqJ6XMkTB5Ny/QYgjBaafD/+Ps8ddStiX81UpIC6urfIPEz7K5APSenuDBJpab6anvQj6/bwtsnHX3IgN6nGOnyUf5dAG/HgFF51BThGA2gfVlAMeN3juN0i46BeuLBracyX36Atckn8kyKR0geI8RRcgYZX3fvbU+6XB3sDsOGePrZFvJryuH5TPF1FNVnqAaCqzA+VXIeZi0KArW3oWYskIjTAF1IqsjJC5d88yeV0dQJJ2FgUQeW8pGeCfa4jknwd5FpNIWGk9HMf8qDkJEw3BHFw0wZDLc1zK4D74l8z6L0AOSspRsrQUiayWTkPI1HbsTKJp4rrDFVnL0v1v9DyDA42Dom3efC92qO0iGu0/EHwpAaWWPZkH4F6YjjInH65IHULWkVUiulAt8O4Mum4/tee/stCweU/yrbCIVxnMsIs0Ms+KZNdQCKd0NhiNxBRTXPF+G+Z04L2z4IAs37qEG3xdcuI8dvC6yw= X-Bogosity: Ham, tests=bogofilter, spamicity=0.345277, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This type will be used when setting up a new vma in an f_ops->mmap() hook. Using a separate type from VmAreaRef allows us to have a separate set of operations that you are only able to use during the mmap() hook. For example, the VM_MIXEDMAP flag must not be changed after the initial setup that happens during the f_ops->mmap() hook. To avoid setting invalid flag values, the methods for clearing VM_MAYWRITE and similar involve a check of VM_WRITE, and return an error if VM_WRITE is set. Trying to use `try_clear_maywrite` without checking the return value results in a compilation error because the `Result` type is marked #[must_use]. For now, there's only a method for VM_MIXEDMAP and not VM_PFNMAP. When we add a VM_PFNMAP method, we will need some way to prevent you from setting both VM_MIXEDMAP and VM_PFNMAP on the same vma. Acked-by: Lorenzo Stoakes (for mm bits) Reviewed-by: Jann Horn Signed-off-by: Alice Ryhl --- rust/kernel/mm/virt.rs | 186 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 185 insertions(+), 1 deletion(-) diff --git a/rust/kernel/mm/virt.rs b/rust/kernel/mm/virt.rs index ab89a526d3e4..ef940973e231 100644 --- a/rust/kernel/mm/virt.rs +++ b/rust/kernel/mm/virt.rs @@ -16,7 +16,7 @@ use crate::{ bindings, - error::{to_result, Result}, + error::{code::EINVAL, to_result, Result}, mm::MmWithUser, page::Page, types::Opaque, @@ -203,6 +203,190 @@ pub fn vm_insert_page(&self, address: usize, page: &Page) -> Result { } } +/// A configuration object for setting up a VMA in an `f_ops->mmap()` hook. +/// +/// The `f_ops->mmap()` hook is called when a new VMA is being created, and the hook is able to +/// configure the VMA in various ways to fit the driver that owns it. Using `VmAreaNew` indicates +/// that you are allowed to perform operations on the VMA that can only be performed before the VMA +/// is fully initialized. +/// +/// # Invariants +/// +/// For the duration of 'a, the referenced vma must be undergoing initialization in an +/// `f_ops->mmap()` hook. +pub struct VmAreaNew { + vma: VmAreaRef, +} + +// Make all `VmAreaRef` methods available on `VmAreaNew`. +impl Deref for VmAreaNew { + type Target = VmAreaRef; + + #[inline] + fn deref(&self) -> &VmAreaRef { + &self.vma + } +} + +impl VmAreaNew { + /// Access a virtual memory area given a raw pointer. + /// + /// # Safety + /// + /// Callers must ensure that `vma` is undergoing initial vma setup for the duration of 'a. + #[inline] + pub unsafe fn from_raw<'a>(vma: *mut bindings::vm_area_struct) -> &'a Self { + // SAFETY: The caller ensures that the invariants are satisfied for the duration of 'a. + unsafe { &*vma.cast() } + } + + /// Internal method for updating the vma flags. + /// + /// # Safety + /// + /// This must not be used to set the flags to an invalid value. + #[inline] + unsafe fn update_flags(&self, set: vm_flags_t, unset: vm_flags_t) { + let mut flags = self.flags(); + flags |= set; + flags &= !unset; + + // SAFETY: This is not a data race: the vma is undergoing initial setup, so it's not yet + // shared. Additionally, `VmAreaNew` is `!Sync`, so it cannot be used to write in parallel. + // The caller promises that this does not set the flags to an invalid value. + unsafe { (*self.as_ptr()).__bindgen_anon_2.__vm_flags = flags }; + } + + /// Set the `VM_MIXEDMAP` flag on this vma. + /// + /// This enables the vma to contain both `struct page` and pure PFN pages. Returns a reference + /// that can be used to call `vm_insert_page` on the vma. + #[inline] + pub fn set_mixedmap(&self) -> &VmAreaMixedMap { + // SAFETY: We don't yet provide a way to set VM_PFNMAP, so this cannot put the flags in an + // invalid state. + unsafe { self.update_flags(flags::MIXEDMAP, 0) }; + + // SAFETY: We just set `VM_MIXEDMAP` on the vma. + unsafe { VmAreaMixedMap::from_raw(self.vma.as_ptr()) } + } + + /// Set the `VM_IO` flag on this vma. + /// + /// This is used for memory mapped IO and similar. The flag tells other parts of the kernel to + /// avoid looking at the pages. For memory mapped IO this is useful as accesses to the pages + /// could have side effects. + #[inline] + pub fn set_io(&self) { + // SAFETY: Setting the VM_IO flag is always okay. + unsafe { self.update_flags(flags::IO, 0) }; + } + + /// Set the `VM_DONTEXPAND` flag on this vma. + /// + /// This prevents the vma from being expanded with `mremap()`. + #[inline] + pub fn set_dontexpand(&self) { + // SAFETY: Setting the VM_DONTEXPAND flag is always okay. + unsafe { self.update_flags(flags::DONTEXPAND, 0) }; + } + + /// Set the `VM_DONTCOPY` flag on this vma. + /// + /// This prevents the vma from being copied on fork. This option is only permanent if `VM_IO` + /// is set. + #[inline] + pub fn set_dontcopy(&self) { + // SAFETY: Setting the VM_DONTCOPY flag is always okay. + unsafe { self.update_flags(flags::DONTCOPY, 0) }; + } + + /// Set the `VM_DONTDUMP` flag on this vma. + /// + /// This prevents the vma from being included in core dumps. This option is only permanent if + /// `VM_IO` is set. + #[inline] + pub fn set_dontdump(&self) { + // SAFETY: Setting the VM_DONTDUMP flag is always okay. + unsafe { self.update_flags(flags::DONTDUMP, 0) }; + } + + /// Returns whether `VM_READ` is set. + /// + /// This flag indicates whether userspace is mapping this vma as readable. + #[inline] + pub fn readable(&self) -> bool { + (self.flags() & flags::READ) != 0 + } + + /// Try to clear the `VM_MAYREAD` flag, failing if `VM_READ` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma readable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYREAD` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayread(&self) -> Result { + if self.readable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYREAD` is okay when `VM_READ` is not set. + unsafe { self.update_flags(0, flags::MAYREAD) }; + Ok(()) + } + + /// Returns whether `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is mapping this vma as writable. + #[inline] + pub fn writable(&self) -> bool { + (self.flags() & flags::WRITE) != 0 + } + + /// Try to clear the `VM_MAYWRITE` flag, failing if `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma writable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYWRITE` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_maywrite(&self) -> Result { + if self.writable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYWRITE` is okay when `VM_WRITE` is not set. + unsafe { self.update_flags(0, flags::MAYWRITE) }; + Ok(()) + } + + /// Returns whether `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is mapping this vma as executable. + #[inline] + pub fn executable(&self) -> bool { + (self.flags() & flags::EXEC) != 0 + } + + /// Try to clear the `VM_MAYEXEC` flag, failing if `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma executable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYEXEC` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayexec(&self) -> Result { + if self.executable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYEXEC` is okay when `VM_EXEC` is not set. + unsafe { self.update_flags(0, flags::MAYEXEC) }; + Ok(()) + } +} + /// The integer type used for vma flags. #[doc(inline)] pub use bindings::vm_flags_t;