From patchwork Thu Feb 13 11:04:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13973107 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CB92C021A0 for ; Thu, 13 Feb 2025 11:04:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id B824C6B009A; Thu, 13 Feb 2025 06:04:55 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B07FB6B009B; Thu, 13 Feb 2025 06:04:55 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 982F5280001; Thu, 13 Feb 2025 06:04:55 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 77D406B0098 for ; Thu, 13 Feb 2025 06:04:55 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id 903D680BC7 for ; Thu, 13 Feb 2025 11:04:54 +0000 (UTC) X-FDA: 83114638908.06.495A901 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) by imf15.hostedemail.com (Postfix) with ESMTP id 9C79BA0007 for ; Thu, 13 Feb 2025 11:04:51 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=YNtmOb7l; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf15.hostedemail.com: domain of 30tGtZwkKCHEPaXRTgnWaVddVaT.RdbaXcjm-bbZkPRZ.dgV@flex--aliceryhl.bounces.google.com designates 209.85.221.73 as permitted sender) smtp.mailfrom=30tGtZwkKCHEPaXRTgnWaVddVaT.RdbaXcjm-bbZkPRZ.dgV@flex--aliceryhl.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1739444691; a=rsa-sha256; cv=none; b=oYglUK6inY3Cr2dmMNaXtaWQ980HVxvxJqmdmbKLfz55tKF5LwEDS5tIg/H7399ubPgNdh zMg1pdZH1ZU3TGc88tkzLS5OE7Uyy5ingeKmHZmd/vdTrukecoXgKgNejB0yWX5yZsAYdY LABYwAP0oRAOwU21m5NkzLxTq/yEwkI= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=YNtmOb7l; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf15.hostedemail.com: domain of 30tGtZwkKCHEPaXRTgnWaVddVaT.RdbaXcjm-bbZkPRZ.dgV@flex--aliceryhl.bounces.google.com designates 209.85.221.73 as permitted sender) smtp.mailfrom=30tGtZwkKCHEPaXRTgnWaVddVaT.RdbaXcjm-bbZkPRZ.dgV@flex--aliceryhl.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1739444691; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uW/Ty2fOlXPxtDtxLZmFYWp7FZLpKD6TeMqqX/rT2JY=; b=OTD8hqtI2ttlCDO4EPYnESPiMzONduzsGrLasfes0iz5s9Ncu/Xs0rtMtWVbqeTgJvxORb lRQBSdCwugHuBh5DsLcOOlo6tq4+ui3foUZiIrJKIC1Obv7lK2Ium+Gxq7s7UQ5uPsbGGH B4ktqwsSbhQd1rQmJo7bsfNjI/Updvw= Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-38dd8d11139so560478f8f.1 for ; Thu, 13 Feb 2025 03:04:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1739444690; x=1740049490; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=uW/Ty2fOlXPxtDtxLZmFYWp7FZLpKD6TeMqqX/rT2JY=; b=YNtmOb7llgbcRb+5U/JNM6zkC0PoMTWC8clyrxF7OZUo26DZ8UZhrU6AJPcx0lufNE f+QDQxeAcOrWr4dxNINLmxQHgdKp+adPetKUtm1fkYQ84hAXYVfpB7jTrYbXcI9yZIJb e4FDON2f9m4fPXkFLXHSF/OLDpfTPyNen/FDjUJ0A+/oUPg9i4yWEnft4h1mov4pFZsW z4GcRTurdf59jG9xdQ3FhG9FdvpY0E2ssHHCQhi06hUUZrKJKFArJj4EPxoGVWedLPiw KHuLN8hbdOO+cNDRi2XXm3kK2iqrfvS6g6Sg3/+zrQkrFALRdOLnzG9gkVwC8bHZ5lXo G5KA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1739444690; x=1740049490; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=uW/Ty2fOlXPxtDtxLZmFYWp7FZLpKD6TeMqqX/rT2JY=; b=gi5uMA5JldlFGcC/yUePR5A96UHr2s8CAHbPfi18Is4Ass6v9AxUDmzexxb6ewBt2N wlUZSHQtJov4dBEzo1jguBTs7Xc/2k65pOMyfuCSfbLBiaut9jdS8VCOO/mjuTv9XnPW ToiOWu99qDbAEdR0ewUMHGwnEEbK+f9Bsl1gLwu1ItZXIGniOT1O/PJt1U2OQB48oOpx /sxch1VS8z3FjzvO0j0SHUVB8N82W48OZXCM229k+hQBe48l+JLYTvHd4/No3ycgvoEj N3aADVB0YPaDJtMzEmdRSMbCFCyN7aeofAvMNSP+eZZqBVDnVKTiscI9bIljsdTD9U6A TqNQ== X-Forwarded-Encrypted: i=1; AJvYcCVmjlcTI/WU4kZcqoBX2fgdpw1663A8GSOKzCko75MeNWcQxJOBoOHR6Kr4A0rLjaAB6u4FWWa6jw==@kvack.org X-Gm-Message-State: AOJu0YwJ3ev2f1aKKn8Gm48WKvAznUI0xrvgxMdauh5g9U05l/UwHU6B C5+dhFZzndRDITA2JZJe6sr3sMEVBSb+9plrSThPp/ujKMSaCWLGUzW4C8+G1JYB6EGoO4g93+J HPQfORICMMeGKeQ== X-Google-Smtp-Source: AGHT+IFf80WLAYmWuMESuCsRlEKC2D4+AWF643A9VnDB796H1Sc9MR5GfacRO+WmOsDE1DcsoXPNr2jsbgDj6bM= X-Received: from wmpz19.prod.google.com ([2002:a05:600c:a13:b0:439:468e:a94b]) (user=aliceryhl job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:584c:0:b0:38f:28a1:501d with SMTP id ffacd0b85a97d-38f28a15761mr1140823f8f.25.1739444690305; Thu, 13 Feb 2025 03:04:50 -0800 (PST) Date: Thu, 13 Feb 2025 11:04:05 +0000 In-Reply-To: <20250213-vma-v14-0-b29c47ab21f5@google.com> Mime-Version: 1.0 References: <20250213-vma-v14-0-b29c47ab21f5@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=8586; i=aliceryhl@google.com; h=from:subject:message-id; bh=7pYVDkxLGS09DigBqO6pbnQoHpQKADY37T16seVY/5M=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBnrdHBPqs4jQruLh6dcALn9+kKABa5Ht3oQjY1+ +vcelNnxJGJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZ63RwQAKCRAEWL7uWMY5 RoegD/9QReh2ab4/0o7RdV9QbH4EgO9m6OwqpDj+W9QmyXARO7Ruo0kO/4TqUdNIaMCj3jla/KV 30nO+8ABp6pB+ytxxCEuWSbUNhYggNXvQ8yeOS6lQ+cZt4ltoU1HWlPUCLpqof8/DUXQwJxI0ZP gGmJzLTu3akLT46yhxKz2RbPo3uY5snGt2qFQ/dTg88bzz0+t2rQkwv43PkW829KZaCUq1kvflL DWvf3KjhbasZ4O29c89f/lJO4HDBt35g6SeDWNVOSTxZmQrqqkaB9crY+tSORD/SiCR5uYV9lpt gFXf3IJ8vx3toO1pJ4yHzYA3uA+HEzYi4OQyUebkScsjgOAlnLucnMjvl11NfcSbz0qtTVpMrsr A6K/o4ByC4bf4ZVMpf1bDcntvhlu+FGy8rPUr4QJ2GI62qz01/Zbg9lccJw6llQbYQGOh9WAIq8 FLGwqlNQnDw3a1xEkSMstwXjBXg3ZHlnznMRV+m/P0VWp8aKx8hocFESO15ruq2Hbt8HYOeZkMe cSfm0aG4pe8B0ym7ao4oRSJXjupndKzMh/ukacbJJQ9J9QJqTP0Scxdvln6WlUf8uIXAhTyNjcR 5d3V4cdKI9NhwmF3IqQVTbPvb269/pa4lnxzsbulPSkhqs7GzDlnjLgOJcI7sNXHr8kSu0RfPn6 EenvfoAFmtQcfdA== X-Mailer: b4 0.13.0 Message-ID: <20250213-vma-v14-6-b29c47ab21f5@google.com> Subject: [PATCH v14 6/8] mm: rust: add VmaNew for f_ops->mmap() From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Jann Horn , Suren Baghdasaryan Cc: Alex Gaynor , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Trevor Gross , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Alice Ryhl X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 9C79BA0007 X-Stat-Signature: z49jm5ben36x1c1rp95rgwojdzmbqa76 X-Rspam-User: X-HE-Tag: 1739444691-809333 X-HE-Meta: U2FsdGVkX1/FJ09aa3nfBZJ2EnzIBpIkoVdw/Ik5gsBn4VzaXTkIgAaDTX9S/7n8/znZtUWnANjyelkxJ151AS7c4M4bfpcQmWfwIqy8pDVNe6DBzC8RIPFO5JRm/acxsYKIzL36T74pjbmF1wWVocf9OVwGO0zQ2ZlGOSROe5D8WcX9+1Ka4Gh3zI+LhLXwrn+/m11ZlRdek0U6QuApNJNX23Pijv3MyucZhroEVgpj49wazDTMCJgSxTnBghKynb69WIVaLYGdukDFtBx4Vkz2sJTE5AL+2mE8ng2LqlHDWBRD2iyOrcGQggLwRrNPY4+wXG5+bFUa/AknrEAbSdckoODAJFkH4ejGGERqpntH/Jifb0dc6imvnUz73l8pJBJUqdUCEb5RNMIQT6kYXxgqdwpayGwaoHJCeW5m0JUHOMETVagRswXG8mspP+FyMoeooZc/M/zxV9ocNFvpzjtHMISX0tTCJxGb5tqYGE+g61VJRz8kR0nMSUwbMaCrPAkYCHqAi/IRbBhOoMB1T7Aq56YPZh/qmV8zDuMonpZPUJFW48/8RX6CAnIqzLIp8Sz6DN90kIze9FzkAfrYlwXn1QTg6TWAhvt+Pu5wsdpOpFUVPOfEMd0PsfR1yzGy8s1O3sR1eNZMYj+eJiL9n2m9lvBHORvTPm5YubxIKEyauu4q8DtuZM9YL0T+s6xx9LfqKf8Py7RuO49YjzLOUKIZLlwam/2MurtCawkRjL+41lAtcdxt+IP1Zd7Yfot0UYUqKW41XyCDFpozt92ZPFNevBQ0FwChwGfHyQ07CcRxU8AdJZdheKBXQnPwljVcCeS7Ay1xQDEmBaeV+LkJDPBHR15bW4wmoj8Win5PL61TYznTbAQF2dKHB1mTNLaTlddKmL9cUC1pfVqP6heZ/lWpFxtgZa8JRKSWcNE+1SrMR+uqmFWuwwi+8EU5rfTznbUXBOhSYoGfQGnY2vp 2Bs6yl+/ KHDvFRnTSuN94Ub2YRueU02EI3TBow/yIE8rM+f8jCqLW7XRbeonuJNoVmjro72cnV9eoDl782YlmlttIwK4BtoBEIi2kMlFIvPlAHztfkj6qGkaZ/++ZHxbQeFMb+BwTixzyi5ZNS5fLnuu8peRDQL6vgZ5Qa3vruktVPNRITkbu99Kk/zMej0aa3tm7s3X603Q9tecl577/CQUuqnfpSitrcav9dfqfp5N94qFU6wwxu91SZAidtEB0QJlwjeTtGw0CJwjer+u4CQAmJbfdhKdx9V/mtVWeEZMLBiwC54TkkybCiUyFo6LsWDmQG03TaJw+p51/WMnW7h+y/Cx6tDqXmV+R42EZsfxIi3THLBU3xAPO+nuB89C+kFzqdJFUEt53mYm+AQSzRQxvermAAyhAH0LItiqt/9PrxgDKVjdP17fOLKUidonVnaPgeHgb3B/BUwDEk4xSxMu4d9BKthzA/4kG/mQYEJCMVeIaBh8N9ICm4zwUhkectyxm8XirWDKRGkPQozvUJGuOAlEI8NxX4eF/Tpf+T9OSsm79EtUcmhIkyeKL6TUESwpXXWbpECUtG5F/T5vJiM6UJ5M2g8/INVLJBHt8llLQGRAhYyW/Ot2Uc3pAVRnoXaZTk3z3zUxgmG5WDPvsUrg0NAe/01NAJDlVH2b0tN6yMCzmtr3ubOhCwsgnCPeWCpBctJ0KPS7qOKOeTr+VamCXE5czx2HiFtfcYijNgHiP X-Bogosity: Ham, tests=bogofilter, spamicity=0.400699, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This type will be used when setting up a new vma in an f_ops->mmap() hook. Using a separate type from VmaRef allows us to have a separate set of operations that you are only able to use during the mmap() hook. For example, the VM_MIXEDMAP flag must not be changed after the initial setup that happens during the f_ops->mmap() hook. To avoid setting invalid flag values, the methods for clearing VM_MAYWRITE and similar involve a check of VM_WRITE, and return an error if VM_WRITE is set. Trying to use `try_clear_maywrite` without checking the return value results in a compilation error because the `Result` type is marked #[must_use]. For now, there's only a method for VM_MIXEDMAP and not VM_PFNMAP. When we add a VM_PFNMAP method, we will need some way to prevent you from setting both VM_MIXEDMAP and VM_PFNMAP on the same vma. Acked-by: Lorenzo Stoakes Reviewed-by: Jann Horn Reviewed-by: Andreas Hindborg Signed-off-by: Alice Ryhl --- rust/kernel/mm/virt.rs | 186 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 185 insertions(+), 1 deletion(-) diff --git a/rust/kernel/mm/virt.rs b/rust/kernel/mm/virt.rs index 3e2eabcc2145..31803674aecc 100644 --- a/rust/kernel/mm/virt.rs +++ b/rust/kernel/mm/virt.rs @@ -16,7 +16,7 @@ use crate::{ bindings, - error::{to_result, Result}, + error::{code::EINVAL, to_result, Result}, mm::MmWithUser, page::Page, types::Opaque, @@ -198,6 +198,190 @@ pub fn vm_insert_page(&self, address: usize, page: &Page) -> Result { } } +/// A configuration object for setting up a VMA in an `f_ops->mmap()` hook. +/// +/// The `f_ops->mmap()` hook is called when a new VMA is being created, and the hook is able to +/// configure the VMA in various ways to fit the driver that owns it. Using `VmaNew` indicates that +/// you are allowed to perform operations on the VMA that can only be performed before the VMA is +/// fully initialized. +/// +/// # Invariants +/// +/// For the duration of 'a, the referenced vma must be undergoing initialization in an +/// `f_ops->mmap()` hook. +pub struct VmaNew { + vma: VmaRef, +} + +// Make all `VmaRef` methods available on `VmaNew`. +impl Deref for VmaNew { + type Target = VmaRef; + + #[inline] + fn deref(&self) -> &VmaRef { + &self.vma + } +} + +impl VmaNew { + /// Access a virtual memory area given a raw pointer. + /// + /// # Safety + /// + /// Callers must ensure that `vma` is undergoing initial vma setup for the duration of 'a. + #[inline] + pub unsafe fn from_raw<'a>(vma: *mut bindings::vm_area_struct) -> &'a Self { + // SAFETY: The caller ensures that the invariants are satisfied for the duration of 'a. + unsafe { &*vma.cast() } + } + + /// Internal method for updating the vma flags. + /// + /// # Safety + /// + /// This must not be used to set the flags to an invalid value. + #[inline] + unsafe fn update_flags(&self, set: vm_flags_t, unset: vm_flags_t) { + let mut flags = self.flags(); + flags |= set; + flags &= !unset; + + // SAFETY: This is not a data race: the vma is undergoing initial setup, so it's not yet + // shared. Additionally, `VmaNew` is `!Sync`, so it cannot be used to write in parallel. + // The caller promises that this does not set the flags to an invalid value. + unsafe { (*self.as_ptr()).__bindgen_anon_2.__vm_flags = flags }; + } + + /// Set the `VM_MIXEDMAP` flag on this vma. + /// + /// This enables the vma to contain both `struct page` and pure PFN pages. Returns a reference + /// that can be used to call `vm_insert_page` on the vma. + #[inline] + pub fn set_mixedmap(&self) -> &VmaMixedMap { + // SAFETY: We don't yet provide a way to set VM_PFNMAP, so this cannot put the flags in an + // invalid state. + unsafe { self.update_flags(flags::MIXEDMAP, 0) }; + + // SAFETY: We just set `VM_MIXEDMAP` on the vma. + unsafe { VmaMixedMap::from_raw(self.vma.as_ptr()) } + } + + /// Set the `VM_IO` flag on this vma. + /// + /// This is used for memory mapped IO and similar. The flag tells other parts of the kernel to + /// avoid looking at the pages. For memory mapped IO this is useful as accesses to the pages + /// could have side effects. + #[inline] + pub fn set_io(&self) { + // SAFETY: Setting the VM_IO flag is always okay. + unsafe { self.update_flags(flags::IO, 0) }; + } + + /// Set the `VM_DONTEXPAND` flag on this vma. + /// + /// This prevents the vma from being expanded with `mremap()`. + #[inline] + pub fn set_dontexpand(&self) { + // SAFETY: Setting the VM_DONTEXPAND flag is always okay. + unsafe { self.update_flags(flags::DONTEXPAND, 0) }; + } + + /// Set the `VM_DONTCOPY` flag on this vma. + /// + /// This prevents the vma from being copied on fork. This option is only permanent if `VM_IO` + /// is set. + #[inline] + pub fn set_dontcopy(&self) { + // SAFETY: Setting the VM_DONTCOPY flag is always okay. + unsafe { self.update_flags(flags::DONTCOPY, 0) }; + } + + /// Set the `VM_DONTDUMP` flag on this vma. + /// + /// This prevents the vma from being included in core dumps. This option is only permanent if + /// `VM_IO` is set. + #[inline] + pub fn set_dontdump(&self) { + // SAFETY: Setting the VM_DONTDUMP flag is always okay. + unsafe { self.update_flags(flags::DONTDUMP, 0) }; + } + + /// Returns whether `VM_READ` is set. + /// + /// This flag indicates whether userspace is mapping this vma as readable. + #[inline] + pub fn readable(&self) -> bool { + (self.flags() & flags::READ) != 0 + } + + /// Try to clear the `VM_MAYREAD` flag, failing if `VM_READ` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma readable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYREAD` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayread(&self) -> Result { + if self.readable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYREAD` is okay when `VM_READ` is not set. + unsafe { self.update_flags(0, flags::MAYREAD) }; + Ok(()) + } + + /// Returns whether `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is mapping this vma as writable. + #[inline] + pub fn writable(&self) -> bool { + (self.flags() & flags::WRITE) != 0 + } + + /// Try to clear the `VM_MAYWRITE` flag, failing if `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma writable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYWRITE` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_maywrite(&self) -> Result { + if self.writable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYWRITE` is okay when `VM_WRITE` is not set. + unsafe { self.update_flags(0, flags::MAYWRITE) }; + Ok(()) + } + + /// Returns whether `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is mapping this vma as executable. + #[inline] + pub fn executable(&self) -> bool { + (self.flags() & flags::EXEC) != 0 + } + + /// Try to clear the `VM_MAYEXEC` flag, failing if `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma executable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYEXEC` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayexec(&self) -> Result { + if self.executable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYEXEC` is okay when `VM_EXEC` is not set. + unsafe { self.update_flags(0, flags::MAYEXEC) }; + Ok(()) + } +} + /// The integer type used for vma flags. #[doc(inline)] pub use bindings::vm_flags_t;