From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9873AC4332F for ; Fri, 10 Nov 2023 15:06:29 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id E25974401CE; Fri, 10 Nov 2023 10:06:28 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id DD5BA4401C7; Fri, 10 Nov 2023 10:06:28 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C4F384401CE; Fri, 10 Nov 2023 10:06:28 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id B223C4401C7 for ; Fri, 10 Nov 2023 10:06:28 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 85C9DC03CA for ; Fri, 10 Nov 2023 15:06:28 +0000 (UTC) X-FDA: 81442370856.23.FB3DE1E Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2076.outbound.protection.outlook.com [40.107.243.76]) by imf22.hostedemail.com (Postfix) with ESMTP id 7F7AEC0024 for ; Fri, 10 Nov 2023 15:06:25 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=Jnm001PI; dmarc=pass (policy=reject) header.from=nvidia.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf22.hostedemail.com: domain of jgg@nvidia.com designates 40.107.243.76 as permitted sender) smtp.mailfrom=jgg@nvidia.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1699628785; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=JCkofdvjMXYNSFlDIyNp8TwxBV7wGxyrp/yDKjVQ3kI=; b=mqciNShFm9/5pef4eGSXwvh5TrTSMa4nim3oTN4/Ovl+RdI8beVGXbt15lD1hjvDmqr4LZ LGl9qLL65Wyg0TA16xMKjjI03VWsjTKm3wm0GDRLzbvwgRl+U9l/zRQg2WJifloldseuK4 i70ocz9r/1/nOmUG+JylpyCmGzcIoEk= ARC-Authentication-Results: i=2; imf22.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=Jnm001PI; dmarc=pass (policy=reject) header.from=nvidia.com; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf22.hostedemail.com: domain of jgg@nvidia.com designates 40.107.243.76 as permitted sender) smtp.mailfrom=jgg@nvidia.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1699628785; a=rsa-sha256; cv=pass; b=NqIrcMeA3NYPI2r2gAD+/n+q1uIP46twGWTXBmNd+HLLjcB5o0s+VQfAbVeUEMJnKCAldr Q5KLSqCUm+1aS5enmV05FA5lsX9gQWdBIMG7yJEg3k9rUIyrEGZ19CKTase+lnVTouMMzp maAyzZkqi3VPkeQApdACJUgUnNiyZQA= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=E30JYyjYP2ZRp+ciUIb1x3QZtvfGraTuYcW+F0KM1P+SiQtzZJngYzCWZyddC2eZUnp/JHNXjvJvpjS6iDu371/nb9jOLl7i43FKtN63cnKUj6DO+XEjl5Yzp+d3d/vN61PZaCCOsKKOvkemMNixxwfwD2uTd3UgKPeFJ2wznAm8yZsR1L5oH1z6StEv0pjxrSkjYbNnFrkmJ+qI+gm/IKpJqPHmbJ5uiNEx3AjDDBzbf2zcqwJZSbnl2lx/ILDdRW+EQSGSJAzk8+QAg0DRmlIol/5kQ4tKQU0na32Vcii4VMZlYE26OnqtXHfdmV5Eva0LfZ4lFcxhZ8WVOqF5QQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JCkofdvjMXYNSFlDIyNp8TwxBV7wGxyrp/yDKjVQ3kI=; b=A+ii1o8cf1ButrJQWnEvn+lok590iaKuyLPOz5M2JNBxuEUdPDVSxjk+qaX1rWTRHjzXaBLvbhdURwTATH5dplE36ulUEecydtHT1mtjUK+wHKP3d4aIJnSBd8iDvjuzhRZQ73b/2rnejg0ctT8YuU5x7eYPRjua3tMiJb2nijGruD7NO8LYbQ5kjq8Zi5wMWMhcGvs8oWjDFn/+Wq2pRolpJDQRsBLgpA1hza5mzDQK9g8fIzNh1W9GkMmTj/hu03EOS/EQ58rrPmbNN787mu1y9HPjLhfNpjlgLXw/mfys8uNvTjbs3kX5lBAY/wgJH1KFumitLSyCEyPXAI6nhQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JCkofdvjMXYNSFlDIyNp8TwxBV7wGxyrp/yDKjVQ3kI=; b=Jnm001PIt8QwMtCLmS4Z0rcSxgVSej++xGbu69dgKSwTkBhfurs7LdUjPobOjcaYIjigh6Gabgq58jWVYM2tOGcHamJ8mvhpiuBEBkft7NzQRl8OkbfenwouxoSbX/upd+U+QJDb4NBEYvJVot+U2KHVo/QUaVXwkhBU73czQ3JuidJSalvFkUNNArp9VdZCZRuUOaq4F3Bcb5NS9nTUHEtuc4JEaB4e3UziCTdFIWvPLzWRfxUBo9POYQhkfhtIfrzMvGWG/JlhxdeSHuh+JCXgBv0z8JV7XjhrgP5tbcI5h18rxkavTUGK2j7bYTj2sYqa/pZP9v0b4s18pdKnMg== Received: from LV2PR12MB5869.namprd12.prod.outlook.com (2603:10b6:408:176::16) by SA0PR12MB4382.namprd12.prod.outlook.com (2603:10b6:806:9a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6977.21; Fri, 10 Nov 2023 15:06:22 +0000 Received: from LV2PR12MB5869.namprd12.prod.outlook.com ([fe80::60d4:c1e3:e1aa:8f93]) by LV2PR12MB5869.namprd12.prod.outlook.com ([fe80::60d4:c1e3:e1aa:8f93%4]) with mapi id 15.20.6977.018; Fri, 10 Nov 2023 15:06:21 +0000 Date: Fri, 10 Nov 2023 11:06:20 -0400 From: Jason Gunthorpe To: Aneesh Kumar K V Cc: Catalin Marinas , David Hildenbrand , akpm@linux-foundation.org, Christophe Leroy , linux-mm@kvack.org, linuxppc-dev@lists.ozlabs.org Subject: Re: get_user_pages() and EXEC_ONLY mapping. Message-ID: <20231110150620.GQ4488@nvidia.com> References: <87bkc1oe8c.fsf@linux.ibm.com> <20231110145306.GP4488@nvidia.com> <9a51f827-6bf4-412b-9feb-37cc41ad3e90@linux.ibm.com> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9a51f827-6bf4-412b-9feb-37cc41ad3e90@linux.ibm.com> X-ClientProxiedBy: DS7PR03CA0171.namprd03.prod.outlook.com (2603:10b6:5:3b2::26) To LV2PR12MB5869.namprd12.prod.outlook.com (2603:10b6:408:176::16) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: LV2PR12MB5869:EE_|SA0PR12MB4382:EE_ X-MS-Office365-Filtering-Correlation-Id: 7d8efe2d-71e5-43be-ddcc-08dbe1fe9994 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rSvbEYjJqnTfJquyh3A6lMkntcvaE4luKFK/0aVchYNqlWWNuBEXGpFB7I4PBMcgHqWo9CdTFINRnwcarlJklJOcrvHol0Nxb79hh0WBzGrfgUQPskzpDARagmC3goPRfL8JWXU527OI7AYXKQyBOmrr7RbeC1up5Oweic1xSbw0qL7D2SqfgkcDl6426yDwZm1IdxMBwoVLB5lec8Oqn19xvH9qs8yHE5Xxl/OJU0iIj6zRQ0IcYtxWuIxVapW/nVnQq17Ii1B+LbnmLvpvkUfCNRYdKOkfhztDdYpLC2pSWJ2nGlO8q7pEPTLbJBA8nBvrKE9qlZdwPHmsNVIotwqCyx1mUeDsqaCxGPB5aLigC4pHHyeZPoH1vYhNawTKXTIx/CaqPKBspkcLIWE/vxXNNXTxy+NVWzd/aJLZN0syI1kUSREKMwZQicFlZWqSVInLve3qvAI1o/+q6QU4P+fJ0vAU/ZdB/AXchnKoqk6dYtYsphWZ4h6MQDPUdQf7UzyKt5hF+SOlV6CPCpq7OmOE5KnPVUFIvwNdg2PA/1ezhaX1lrclQwzcvGBiGTQr X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:LV2PR12MB5869.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230031)(366004)(346002)(136003)(396003)(39860400002)(376002)(230922051799003)(186009)(64100799003)(1800799009)(451199024)(1076003)(53546011)(6512007)(8676002)(2616005)(6506007)(26005)(5660300002)(2906002)(83380400001)(66946007)(66556008)(66476007)(33656002)(54906003)(478600001)(36756003)(41300700001)(6916009)(316002)(4326008)(8936002)(6486002)(86362001)(38100700002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?r8BBwykEqfjfSERl4H/dR0P4CXL4QO/PwKbbIjfFib4gpI+MElLAkzdfzx52?= =?us-ascii?Q?UPJRp7wL7kkUUuEA3DyOYT/ikFTG9CWR1CxbqLuFYSTvAzOsNEy9AUowOd/P?= =?us-ascii?Q?MVsaPEDfyide86em+xldZa89Q9U3gJr6bWnjwW42eAsRLV1qkgaVC62D3Zqg?= =?us-ascii?Q?PPdMBnLm+FblRYiGBgc3xdowKRDjeyc+EokE3HChfyW+lvihHtq+Ucu7fclf?= =?us-ascii?Q?T4c3uFP6PWx3zbaCbafTuwMuUfhIQPXr/Sx3RJERjgbEvOwSEzlVy+AwfS6W?= =?us-ascii?Q?N+O9gJ1vyRdlp6xUrMsxGli6vkNQ4fic8hJ8m8JEhS6g7fP/3Qe40nFDNDVH?= =?us-ascii?Q?HeNvdj0WjqXdaRJ5zT1RHXMgJiA3VZM+kq1RBeK52TvX8I+P2106WNLFGm8M?= =?us-ascii?Q?AdZesHpZENqDZ+uT/MKogPuZ46Eh9puaKktNFy27UBlnK8XgrS26DutL1Opf?= =?us-ascii?Q?r1DmpOulTbtdkLI0sRYLzXtDavWJeb6JbvqBD2tFzjMibjHsL2VYtmhpRMDc?= =?us-ascii?Q?dTkc2g9Si1Hr3KrK+MEqANNSvayExUxFGdXNluhkr6aaSwPbaC//6p/Y+ERD?= =?us-ascii?Q?W4VoioXhid1QpU3MTcJt6L068FSB7neNn8YZs7ZrqfURpMyzsoLGXa55Y+5y?= =?us-ascii?Q?4yv9Ol/sYMBMGz2UwKwj/W8YoJRk1WQ6wQM5iuorYGU7T9HUcgIAW/RnjSDT?= =?us-ascii?Q?WaXRcTla7VNWDoqZmyicTYYAm7QkJYLUSOQqKwBvQrC9VcYlb7vGc2PHNqDY?= =?us-ascii?Q?Gc/UeJnomaaXQVSA4tKSDehfcF1AYbXtEadaOrOIXeiFBSi2hqxJ9gtL+S96?= =?us-ascii?Q?CuwowCK1DFSNFg7EVG61R8HAiyo6qrFrpmVAcET4qdY0DS4Xzmjv3R8F2k3u?= =?us-ascii?Q?JaQShQRFkxwC5XWoel6awsocRc4ZKmAkiClS/EShoxcwrk+z2sVpYl7WtoLg?= =?us-ascii?Q?KSw4SkIdItEIZgMSzTfCL29xu/1NL4vkla08LHZx+VBMWVOrAUhGOPe5GLg/?= =?us-ascii?Q?L2GLl5Od4S71x6nPjA334auZJASCZe4ju+9SGtHblhpmGItsVZ1182T711QT?= =?us-ascii?Q?smNXUVtBtlld1C/XaLzyzYhhEP8vdY9k+80jfaXkHYYxwavEXE/BvplCYAb3?= =?us-ascii?Q?LUbWsQixCmDFpOQOIWdKzZoFyyJP4CCiPmxdQ96kHkVI1lAoWfTg4pTta+m+?= =?us-ascii?Q?WWf6VA7gud26+C/Y5cvgGe172Yr77aQlQh20+iO2zWpizfUa0B0ZOy6eBjp9?= =?us-ascii?Q?VF4BTi/8QLTgvTGiE5FE9laUg2LdRr+tmn0DC7bfb6s3tywacMMYdMqpfTf6?= =?us-ascii?Q?6122Zp6DLpI1iZrqfMvh8dPYAU+tuD/qOA8zi/txwLjYNRRFXxMUgpGUiePQ?= =?us-ascii?Q?KDf4VU03Josgl3ESmlLEFmBaBpHLyfuynAimeeVelRMPFbVZYyzOJV4WHQxr?= =?us-ascii?Q?uuu9syG7s6NOaqXBFqIIhw+C5e0ewwkQ6ArQ+kl9mNJWT9ckj9ChM5fM/t14?= =?us-ascii?Q?Xg7kBbHf/ifUmysvZ/oF2Mp63ApGe1VLQxGk0x8OS0Jd3aEievRolPVbUddp?= =?us-ascii?Q?O60UkofMXOiCjzzQ8VY=3D?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7d8efe2d-71e5-43be-ddcc-08dbe1fe9994 X-MS-Exchange-CrossTenant-AuthSource: LV2PR12MB5869.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Nov 2023 15:06:21.9292 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wSLcjy273Dbr8jd/E5Pc3RW/FidIz0XYdzX+Xe3uYbfemG+AnswKAvS0syBtIUj/ X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4382 X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: 7F7AEC0024 X-Stat-Signature: gzt6a59kt9neb3d44hpxsoo67ykpe1re X-Rspam-User: X-HE-Tag: 1699628785-154653 X-HE-Meta: U2FsdGVkX18rEnKRoP0Wxt64LPaerUeZKyBlTQUj9ziA4VIlFepyvZm2J4ci1RWz4lJn0/75nfjlRiR3xJGOR1u1DGXmxPSeKqN76sFwqu3p+2BbluA5fnSJXj+13VzeVttSCdypCjH4vL3JOuMPZssET0x5GL6aO/ABQ5JAxPdyTC815/oYUGQj7/VPfZdjFkU22sYP2BupnOhcRBoTTN4qQsdfgQ5k7q7Bx/PvUJf3vVnYxF9TuTXJNKOQK8ig6hAh7WCDuGTIg6RonxB1ieP2jsiVmo0zSJFNf4LF6ylxcVU+ygNS1c+qEuSJJ8PXsYn7PT2hEUB3bg6CyZ8inidwlBItIqzjp99Wh9Avt2Qq6woUjBB4+KU/pOPJi7UFa683F7WQsaj3Pvor5lljKhBqvDl2sutpqGbxWdZpMDpYekgfHOMqIYp4KCPJgBpMrmN0uRW7VfvOEKiOZMv6mxmHcimjSTtKRQ+FK+W6FaBjAMLn+JmAyytIU0huH2xECISr/9lrKXnHkAdKax/mo0NTo3jjQF5ucrJ2kSUfBblFvDcf7VBLeYdJn+TOkOEg1QCJ8ZGDOyQ902LU2XkrYFCIQmWmbyrICVLssnTumsA5h6zqJOKUOtkmFx+kKHteBsvzI2BK5tqap6vjUbG71ouMqIKrCfs4vQSrm+VGuArdCsE7SEbOaOA5F1ABGYolK957N2/HZdgPZPJ1jn/+Rsx3IF0qwNdRVw+GIQ9ja69673XaNMg6FkmCnxwM4fRfQA1D+Wxz8/Ij6kRtHRpEgwNUeaHFwQGx97TeR/OEEnLh5mIktBB6VsjD9xE7nFMNF9q0H0DWlpFrMwrAQTDv2tHNndGGLQTrKM2X6mlFliSXoe54NBqVzInK9qq5F+0fwZOsFU3eARswZ17M2AJwJiVg9AWRGVvwviq1eRBTFzqNXkMp1vQGXY00hKBz3cyMrPNJ+/dhnNR6y0Ymj8q AsewmOut cLXTtNh1Qv6AIvYVp9fRm4ZMKK6QBBBo4eBP1de1avqg+4qmr8SvzbOtdLO8TqHD5pP7x/D2TfynVu7TY58cG2BZEGqgaHNAVPgH+5K8qUhi8mM2Z2ODpPzCD5JayGx0WkgnI7Jjy+NUixiXjtvxUDTXXizcu7NNs5Yg0PMw9R2h3R6g13N+luwU74j4RCbKtB6pOX6H+DdmIg48vd9QX6qRcB+RcNbZyS5smXGp9dP6Cbs7T0lQ4xEiNQK32odX5JCXr X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Fri, Nov 10, 2023 at 08:27:19PM +0530, Aneesh Kumar K V wrote: > On 11/10/23 8:23 PM, Jason Gunthorpe wrote: > > On Fri, Nov 10, 2023 at 08:19:23PM +0530, Aneesh Kumar K.V wrote: > >> > >> Hello, > >> > >> Some architectures can now support EXEC_ONLY mappings and I am wondering > >> what get_user_pages() on those addresses should return. > > > > -EPERM > > > >> Earlier PROT_EXEC implied PROT_READ and pte_access_permitted() > >> returned true for that. But arm64 does have this explicit comment > >> that says > >> > >> /* > >> * p??_access_permitted() is true for valid user mappings (PTE_USER > >> * bit set, subject to the write permission check). For execute-only > >> * mappings, like PROT_EXEC with EPAN (both PTE_USER and PTE_UXN bits > >> * not set) must return false. PROT_NONE mappings do not have the > >> * PTE_VALID bit set. > >> */ > >> > >> Is that correct? We should be able to get struct page for PROT_EXEC > >> mappings? > > > > If the memory is unreadable then providing a back door through > > O_DIRECT and everthing else to read it sounds wrong to me. > > > > If there is some case where a get_user_pages caller is exec-only > > compatible then a new FOLL_EXEC flag to permit it would make sense. > > > > I was expecting pin_user_pages() to return -EPERM and get_user_pages() > return struct page. This was based on Documentation/core-api/pin_user_pages.rst Not unconditionally but you could argue that FOLL_GET should succeed. It depends how much do you care about absolute security of unreadable memory vs compatability. > "Another way of thinking about these flags is as a progression of restrictions: > FOLL_GET is for struct page manipulation, without affecting the data that the > struct page refers to. FOLL_PIN is a *replacement* for FOLL_GET, and is for > short term pins on pages whose data *will* get accessed. " This was sort of aspirational - have we got rid of all the FOLL_GET users that are touching the data? Looks like no from a quick check.. Jason