From patchwork Mon Feb 3 12:14:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13957384 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05735C02194 for ; Mon, 3 Feb 2025 12:34:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4CFD1280002; Mon, 3 Feb 2025 07:34:51 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 47FE7280001; Mon, 3 Feb 2025 07:34:51 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 32074280002; Mon, 3 Feb 2025 07:34:51 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 105D9280001 for ; Mon, 3 Feb 2025 07:34:51 -0500 (EST) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 99CF41226F8 for ; Mon, 3 Feb 2025 12:15:28 +0000 (UTC) X-FDA: 83078528736.15.29371CB Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) by imf23.hostedemail.com (Postfix) with ESMTP id 7C243140011 for ; Mon, 3 Feb 2025 12:15:26 +0000 (UTC) Authentication-Results: imf23.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Sd5hfasb; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf23.hostedemail.com: domain of 3XbOgZwkKCIoozwqs5Cvzu22uzs.q20zw18B-00y9oqy.25u@flex--aliceryhl.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=3XbOgZwkKCIoozwqs5Cvzu22uzs.q20zw18B-00y9oqy.25u@flex--aliceryhl.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1738584926; a=rsa-sha256; cv=none; b=PxAWMPn+Ly+LhBdFIkVsFL610pI93SB9S1FFco/vmvftCZGb147v11hsgc487Ji89dCrP6 Ut+wReboC8D0MtQSGWqaH7Vabmd7N+te1H+mga9NLPOl87Bem37LYPRiOdUvtA0hjmO/M8 OE1cVU+E2tz9T7NoAq4ivEk+16wImJg= ARC-Authentication-Results: i=1; imf23.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Sd5hfasb; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf23.hostedemail.com: domain of 3XbOgZwkKCIoozwqs5Cvzu22uzs.q20zw18B-00y9oqy.25u@flex--aliceryhl.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=3XbOgZwkKCIoozwqs5Cvzu22uzs.q20zw18B-00y9oqy.25u@flex--aliceryhl.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1738584926; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=XdP0aoyoQaJRQDN9af3Ddles1mdACdpk6p9g2zjPnwA=; b=w3nYXmlZ5giRWpYd8Mbw27OEZZPZcPD52veZc68LDN4+Fl4OEcJj2wJ1Swc9xqiHMUHEHo l2ooIbshrq0avgk5AF0LL79zVXJ7J3QAND4QGZ6Acc/h9HVkpJqdxOmgGkyEGMKFJjWkwB c5u5keumZFlMZYXB/7h74GCM6UkTX74= Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-43651b1ba8aso31206515e9.1 for ; Mon, 03 Feb 2025 04:15:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1738584925; x=1739189725; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=XdP0aoyoQaJRQDN9af3Ddles1mdACdpk6p9g2zjPnwA=; b=Sd5hfasbYDIropxxtxxtmMFpZj6aYd9btQdIh5GIpbbvesVjtH6P5xLC4j1+UUuhj0 pCpZickdRFD31+lhtYodJsTf3vs0AGkf6qFwAYAmUZNmhInDfeZctb2WuoXxgStVeoZw LxatXlGxCUi2NCmipjeoUp8HZl2gCIAo7caztoJZfN5smgFcH21TWZpN5lJgkJ8JgKER hPpEpcfHtVnj2LuXWlds2bbRm3YI96Yvb5Fxv7f/LtHE6aTBTdak3Tem+w/7a0HYbJ/W SXvZ69MMwq14W41xmXEt3+rnUzkoqeQfKKD3PlBz9/ixIH/8lTa33TupYS46o0TJrScd kYUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1738584925; x=1739189725; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=XdP0aoyoQaJRQDN9af3Ddles1mdACdpk6p9g2zjPnwA=; b=kU8SNo0TuQuLuyxHiqREf1VkROotft2sz1t1tQFz454AMeJNz2D24YZkie2l3QOxqR 3xsIn/hZqcQXNpSlBhIG2DcEr68cT8aID08lNZ0FaUUl5SzMnspa98zO8MLu7ZIpD4VZ 84hDvWM68YlMgpat/P7KasFs3K1+JJ5lDAX5Z1BqCbUzlYVKB5dgzvfH38AmzuFDekET sWLwR3TkD9IUuXgmsL3A+SsBkxnDJfKu0e9OX/mqsifyUJxaBhyPUMp+F08ynv1X3vtU sZyh02MZ61Ntp4Ydk+ICnZt2YnTOCaz1FHrZF9aq//yeDGV0OVwaguPMgYId/NzWaVvn v6VA== X-Forwarded-Encrypted: i=1; AJvYcCVaBaLKwkp45Apzv4H8og62P4dyBk7hOKeJ8VRd8cdnDnSN7B66g20UafzNTc5Fxx3qsxmlUeEgbA==@kvack.org X-Gm-Message-State: AOJu0Yw+A6mUheuTtbCtdghY05a8hihC5USf3MJgD/oc9gxsmVfPjmqT zaNg/jQeiezf9z2WFlNH2wMYzn253QcqnJHQQ8Kw39R1MsHN+G8Px7AabIqwsorZTDyFOMRABWI Evr4Taas7VvDexg== X-Google-Smtp-Source: AGHT+IGvdl8whkyeauBYNUqNHQEJqjDbvwD7qj3CFNWEf5tOxMDBlkY+hQX0TS488w7KyLPMULbm3wB/znwxHGc= X-Received: from wmbay13.prod.google.com ([2002:a05:600c:1e0d:b0:434:f1d0:7dc9]) (user=aliceryhl job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:1ca3:b0:438:a240:c55 with SMTP id 5b1f17b1804b1-438e70d1b20mr96862455e9.1.1738584925233; Mon, 03 Feb 2025 04:15:25 -0800 (PST) Date: Mon, 03 Feb 2025 12:14:41 +0000 In-Reply-To: <20250203-vma-v13-0-2b998268a396@google.com> Mime-Version: 1.0 References: <20250203-vma-v13-0-2b998268a396@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=8625; i=aliceryhl@google.com; h=from:subject:message-id; bh=10j5HcaR1gvtllAVfcw/qjMyimeHVca5LB2wpNGE6ec=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBnoLNMGRlshE36N0K5bQLrRASBsrP6ARR+Odgs+ ZRuOZGqHeuJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZ6CzTAAKCRAEWL7uWMY5 Ru4uD/wIeJ7LbTTgDF1gzPyLQNw3NUUI95FbT/5jn7qRcfoX1WIuDkkZOzAx1vYs7CH5cQ9owzG Df2TJ9K+7Lnxmo1G8FMuGTYh5EL9q+IY6BVZvKypIv4hcp2Y8CI4BxfLffxKc/5keD7pfrkfA12 QORea0pSlU8TnzABDyWYzGgBGd7pc49b3u58DEEEU1xM6UqVi++Xdme9jaaru5ZK5iGK4Fouk8c LVwgP/uUGgPED0mT8nIKkSY4oENMhC6ITdL3ZdKjIcB7ayb3xKWvLA9N9BNQd2TwawAUO7tcwwd a4YHEQOWCOkx/9Fnw1ajLC7Cq9mfKXSg96PgxyhBb808ZTOXnw+LVM0n2EtqMaK+HH125k8h9L5 DsV5Ip7u9knjAPBBeTiyaSGd6EtGrH7btLvu+vxgJcmbkKQDqPNM38uIcfuzoWV3K+S+o6+nAwa /Hybvrol1Px6fYI0hXEF27zCRnvNxdUyJmNjIMB4oUJ6uuCcrx6g2VpjBUsUUe1xU/CR6YpS2IL IFsf0kRTRS0745iCwntfsNMjQxuaeonqEIXNebvIoZC4CYSMOAUXlsJaYtAFudhrXEWCmWMOCqa 4PuWWNvljKGZJJHiaShbLSBOKTeAvIxcSGkhxMXN287wTwVCttn6nCpJgnyHSAUqwr7rcdhla7m ocD33DZ1yVXouqA== X-Mailer: b4 0.13.0 Message-ID: <20250203-vma-v13-6-2b998268a396@google.com> Subject: [PATCH v13 6/8] mm: rust: add VmAreaNew for f_ops->mmap() From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Jann Horn , Suren Baghdasaryan Cc: Alex Gaynor , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Trevor Gross , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Alice Ryhl X-Rspam-User: X-Rspamd-Server: rspam01 X-Rspamd-Queue-Id: 7C243140011 X-Stat-Signature: c1hf1szdqedemkihiftrksyj1zfyxpif X-HE-Tag: 1738584926-971939 X-HE-Meta: U2FsdGVkX1+G19IVN5tv+5dx4LD1GSdGzK7Qx4iluNT+PLrDq85iTbqcpk5ogOeVkclReTdJhc8BVRGCgfZzqAvcLEZcthpVmRRvlABu7dxh85LMJ+UJkvPs4OkMmapl2HDPv01A3yPcihTpXzOeCITTlfM/tQjnKFSnd5EWonqdqAPc9QYaSKYYOBUKSbK6lwUBbeOevfN6jtsmKTD20gmOE/6vejoF+m5QjU0Hhtd5gwaSTTJXWGFl6vghCVeysoHE/jY5goIfJBANo4Di67a0k3kPZcCtIBOXXGywVDu/K4YJXzHxPiASwAbUuqHopvV44dC1WX2sPKMx8I/zs02N6L5cyu5VVkMrsU1mNJ1bowcegi+tYgg4CZi4QEXgpk38kJxwhMmXii7gFEkMVBPOl62aPSKCXXS2qRZNGnXgG1wHgz+I1rRGMTTPAUxa2rdwNq7I4GV6pi98Rr6HiH/oChroTggkpdVGymCw0Ab5Wd+c7wv92uNJBmw79IYXbbXPrCaVFrP86wX0zDhqMY2tHcJDNRVFtY/undJjTjT4M8OMhXCrTKJk0bbGUOMGsKgKrAiGeGSYhE4ImX9lbQuYdKdm/4cuzwSd2791wB/EYAFDI61aqbZoABYjzHIccVBe6FcAo7B374tswe1Yf4OnbOh/PAH8SrcdhXnJaO+bO9IqIVeGVf69wbCZh90JGlJzuJCEC5fIo4hzKr818A3kG+JtwqVY/3vsiNp0xaRf7EkTU7O84BMY+Bvqx2zjuBM17ls6geeM7q5BHh4odDFQBd3dNKxfVBaao8/ZFQV0zrDRMHKNoCc1LmNX9IdPe1fKrfId/CEju8SnTf6SYJVjZ+yFs7hTdruaVA4/qvoZN/BhnNskvynq1HafMzyu4Na/RrmWoPSkeZfDRSHGrcnqLgYC78cLCdjW/cQKRnTq8aVHUfwJuA0x47VXcEybnLK9a1xYjzokbED7mXi PHpe+C2m UVbaWw7tXjhc43LpBg7Vut1P9/NeqawDMxq4JjwpbV96iO0nBhaix0/y5yVw63q5KHFu2KuABNnAXNSxNbC9FLRBW7kR/cab1wRTVHilsZz9xVLm/8FECLr4dDJZSDzXOWsyckgGYUSRFV++UC8LUk0J/qUcHauHPid5dMpcc1WMZyzJYUgoPCLZfW4sLTRuOPrErZOeOkF2q6aHak+bCl0pYFVMuvbLAgEepdBJ/keWCb2hukdkEkIhvOKxNJ6EnYvX/t7P5Q4L3kTMNohOeAvP4Vh1huFSpW/JjmQDtdiUORbi7k771DIRvgJFM4iYOy+9CLKm8aeaH82I40uMn0PsQJ7WT+/rlw3FdBWy2TKZIdsqa9IpksUdKXzqBga5eZ+O4RKzwz22Y5uMc0AozuhA6KbooYRHxPGJjDjnUruM5wNiU7ZLUjlJgRAuiV7DQ4ZgmqS9y2PCGA1nB/LIdszTCJ0b8SxpL3QEJ1l2SQ7GkNkokQ/jNCy5N6qvQXfDJfx+wV8opRcILv5CpAEtEzBgkpTMcM5qb9s5tG/Yb0qRFJXj/7AIhZUSLCjwdoUGyb79R/hadQBiGuHnmXIrK530lDmeXA0fdxWOedW87JIkFD1zuQZFFKcsGTJts+kNIVrcvevAmUJyfzjcSt/LieZhwqx6rj79V7xdDpD/HaijVO2N+2c+AXmk6le1UvsZp6Xzo714IxnqcJmS5LRj/WrJkU1RsP9jFdQNW X-Bogosity: Ham, tests=bogofilter, spamicity=0.435372, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This type will be used when setting up a new vma in an f_ops->mmap() hook. Using a separate type from VmAreaRef allows us to have a separate set of operations that you are only able to use during the mmap() hook. For example, the VM_MIXEDMAP flag must not be changed after the initial setup that happens during the f_ops->mmap() hook. To avoid setting invalid flag values, the methods for clearing VM_MAYWRITE and similar involve a check of VM_WRITE, and return an error if VM_WRITE is set. Trying to use `try_clear_maywrite` without checking the return value results in a compilation error because the `Result` type is marked #[must_use]. For now, there's only a method for VM_MIXEDMAP and not VM_PFNMAP. When we add a VM_PFNMAP method, we will need some way to prevent you from setting both VM_MIXEDMAP and VM_PFNMAP on the same vma. Acked-by: Lorenzo Stoakes Reviewed-by: Jann Horn Reviewed-by: Andreas Hindborg Signed-off-by: Alice Ryhl --- rust/kernel/mm/virt.rs | 186 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 185 insertions(+), 1 deletion(-) diff --git a/rust/kernel/mm/virt.rs b/rust/kernel/mm/virt.rs index 64a0a47070a8..5847fe73db17 100644 --- a/rust/kernel/mm/virt.rs +++ b/rust/kernel/mm/virt.rs @@ -16,7 +16,7 @@ use crate::{ bindings, - error::{to_result, Result}, + error::{code::EINVAL, to_result, Result}, mm::MmWithUser, page::Page, types::Opaque, @@ -203,6 +203,190 @@ pub fn vm_insert_page(&self, address: usize, page: &Page) -> Result { } } +/// A configuration object for setting up a VMA in an `f_ops->mmap()` hook. +/// +/// The `f_ops->mmap()` hook is called when a new VMA is being created, and the hook is able to +/// configure the VMA in various ways to fit the driver that owns it. Using `VmAreaNew` indicates +/// that you are allowed to perform operations on the VMA that can only be performed before the VMA +/// is fully initialized. +/// +/// # Invariants +/// +/// For the duration of 'a, the referenced vma must be undergoing initialization in an +/// `f_ops->mmap()` hook. +pub struct VmAreaNew { + vma: VmAreaRef, +} + +// Make all `VmAreaRef` methods available on `VmAreaNew`. +impl Deref for VmAreaNew { + type Target = VmAreaRef; + + #[inline] + fn deref(&self) -> &VmAreaRef { + &self.vma + } +} + +impl VmAreaNew { + /// Access a virtual memory area given a raw pointer. + /// + /// # Safety + /// + /// Callers must ensure that `vma` is undergoing initial vma setup for the duration of 'a. + #[inline] + pub unsafe fn from_raw<'a>(vma: *mut bindings::vm_area_struct) -> &'a Self { + // SAFETY: The caller ensures that the invariants are satisfied for the duration of 'a. + unsafe { &*vma.cast() } + } + + /// Internal method for updating the vma flags. + /// + /// # Safety + /// + /// This must not be used to set the flags to an invalid value. + #[inline] + unsafe fn update_flags(&self, set: vm_flags_t, unset: vm_flags_t) { + let mut flags = self.flags(); + flags |= set; + flags &= !unset; + + // SAFETY: This is not a data race: the vma is undergoing initial setup, so it's not yet + // shared. Additionally, `VmAreaNew` is `!Sync`, so it cannot be used to write in parallel. + // The caller promises that this does not set the flags to an invalid value. + unsafe { (*self.as_ptr()).__bindgen_anon_2.__vm_flags = flags }; + } + + /// Set the `VM_MIXEDMAP` flag on this vma. + /// + /// This enables the vma to contain both `struct page` and pure PFN pages. Returns a reference + /// that can be used to call `vm_insert_page` on the vma. + #[inline] + pub fn set_mixedmap(&self) -> &VmAreaMixedMap { + // SAFETY: We don't yet provide a way to set VM_PFNMAP, so this cannot put the flags in an + // invalid state. + unsafe { self.update_flags(flags::MIXEDMAP, 0) }; + + // SAFETY: We just set `VM_MIXEDMAP` on the vma. + unsafe { VmAreaMixedMap::from_raw(self.vma.as_ptr()) } + } + + /// Set the `VM_IO` flag on this vma. + /// + /// This is used for memory mapped IO and similar. The flag tells other parts of the kernel to + /// avoid looking at the pages. For memory mapped IO this is useful as accesses to the pages + /// could have side effects. + #[inline] + pub fn set_io(&self) { + // SAFETY: Setting the VM_IO flag is always okay. + unsafe { self.update_flags(flags::IO, 0) }; + } + + /// Set the `VM_DONTEXPAND` flag on this vma. + /// + /// This prevents the vma from being expanded with `mremap()`. + #[inline] + pub fn set_dontexpand(&self) { + // SAFETY: Setting the VM_DONTEXPAND flag is always okay. + unsafe { self.update_flags(flags::DONTEXPAND, 0) }; + } + + /// Set the `VM_DONTCOPY` flag on this vma. + /// + /// This prevents the vma from being copied on fork. This option is only permanent if `VM_IO` + /// is set. + #[inline] + pub fn set_dontcopy(&self) { + // SAFETY: Setting the VM_DONTCOPY flag is always okay. + unsafe { self.update_flags(flags::DONTCOPY, 0) }; + } + + /// Set the `VM_DONTDUMP` flag on this vma. + /// + /// This prevents the vma from being included in core dumps. This option is only permanent if + /// `VM_IO` is set. + #[inline] + pub fn set_dontdump(&self) { + // SAFETY: Setting the VM_DONTDUMP flag is always okay. + unsafe { self.update_flags(flags::DONTDUMP, 0) }; + } + + /// Returns whether `VM_READ` is set. + /// + /// This flag indicates whether userspace is mapping this vma as readable. + #[inline] + pub fn readable(&self) -> bool { + (self.flags() & flags::READ) != 0 + } + + /// Try to clear the `VM_MAYREAD` flag, failing if `VM_READ` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma readable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYREAD` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayread(&self) -> Result { + if self.readable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYREAD` is okay when `VM_READ` is not set. + unsafe { self.update_flags(0, flags::MAYREAD) }; + Ok(()) + } + + /// Returns whether `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is mapping this vma as writable. + #[inline] + pub fn writable(&self) -> bool { + (self.flags() & flags::WRITE) != 0 + } + + /// Try to clear the `VM_MAYWRITE` flag, failing if `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma writable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYWRITE` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_maywrite(&self) -> Result { + if self.writable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYWRITE` is okay when `VM_WRITE` is not set. + unsafe { self.update_flags(0, flags::MAYWRITE) }; + Ok(()) + } + + /// Returns whether `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is mapping this vma as executable. + #[inline] + pub fn executable(&self) -> bool { + (self.flags() & flags::EXEC) != 0 + } + + /// Try to clear the `VM_MAYEXEC` flag, failing if `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma executable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYEXEC` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayexec(&self) -> Result { + if self.executable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYEXEC` is okay when `VM_EXEC` is not set. + unsafe { self.update_flags(0, flags::MAYEXEC) }; + Ok(()) + } +} + /// The integer type used for vma flags. #[doc(inline)] pub use bindings::vm_flags_t;