From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79064C282D0 for ; Tue, 4 Mar 2025 11:51:58 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 7E873280007; Tue, 4 Mar 2025 06:51:55 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 77034280005; Tue, 4 Mar 2025 06:51:55 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 4D5DD280007; Tue, 4 Mar 2025 06:51:55 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 268AC280005 for ; Tue, 4 Mar 2025 06:51:55 -0500 (EST) Received: from smtpin18.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id B45E4A8649 for ; Tue, 4 Mar 2025 11:51:54 +0000 (UTC) X-FDA: 83183704548.18.EC5EB82 Received: from mail-wr1-f73.google.com (mail-wr1-f73.google.com [209.85.221.73]) by imf04.hostedemail.com (Postfix) with ESMTP id B2FC64000C for ; Tue, 4 Mar 2025 11:51:52 +0000 (UTC) Authentication-Results: imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ud7S0Gw0; spf=pass (imf04.hostedemail.com: domain of 3V-nGZwkKCIoozwqs5Cvzu22uzs.q20zw18B-00y9oqy.25u@flex--aliceryhl.bounces.google.com designates 209.85.221.73 as permitted sender) smtp.mailfrom=3V-nGZwkKCIoozwqs5Cvzu22uzs.q20zw18B-00y9oqy.25u@flex--aliceryhl.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1741089112; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=AL6XZaDC/No54Uy7L4GaNa2roz8/9UPa0CZkQ/7rfbM=; b=x9OL0j4F4zP2Y4LvqJ1N4MHQE2PqHA9+egJPYo5E9f7UrdvJDjDRqU+hF8PHSbkatbEUFO 86S9FuQla3Pmk5EW4jX+y3977HdaXkf0Xl472ce79wTDT/Wl6Ee7m8Co/ruuTje+/zcB3q V4CdRiEXnDm8KmLFwzYpEyjQLS4i6ZM= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1741089112; a=rsa-sha256; cv=none; b=SPEnD8u7AMzpzed0W9VRcXf5J8T95zQPqsjp+HqJ9RL0eybcgLBE7IOactcPV/+Sbg8Vu6 We1+JeAdNXmGfWGYqLQZCdX7/ie0BGhOCeSjPTc9KRtUoslVDcqhJSQAyhYo4tuqQRggxg i2EPRsQS0hS8lqqG7wJgBeHeew6rf40= ARC-Authentication-Results: i=1; imf04.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=ud7S0Gw0; spf=pass (imf04.hostedemail.com: domain of 3V-nGZwkKCIoozwqs5Cvzu22uzs.q20zw18B-00y9oqy.25u@flex--aliceryhl.bounces.google.com designates 209.85.221.73 as permitted sender) smtp.mailfrom=3V-nGZwkKCIoozwqs5Cvzu22uzs.q20zw18B-00y9oqy.25u@flex--aliceryhl.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-wr1-f73.google.com with SMTP id ffacd0b85a97d-390fc428a45so1135445f8f.0 for ; Tue, 04 Mar 2025 03:51:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1741089111; x=1741693911; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=AL6XZaDC/No54Uy7L4GaNa2roz8/9UPa0CZkQ/7rfbM=; b=ud7S0Gw08fn6DLO65+0pAceNFeyAc0OfECdFZt8C+4H1j54YXPtPucFnXUCl5X9gv9 0LlhPhHbqqRYpdBsHlQO4h95Pjzcra6wRiqRSHlzi6g69XZ2nIK1dwM+m752YSUTn3ay eSq0JkmJzi3tmNdbSxOE+t2wy9IqP3nkbvKp4qIzFcdfOuq13ZHmldjo04Jq0sLh+oro ePKxDZXwNOR+WiHdtrrLIK7G9bA+ewZx+UL5d8ifvMcOBVTgONwmGZGnWqicXnNCdwIx 5cHTw0aFy08h6xdAraMU+OV3zDJCJAVZdqhvLcfFqs8IGGSENOEmFesQib9/6DdAMTk7 3f5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1741089111; x=1741693911; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AL6XZaDC/No54Uy7L4GaNa2roz8/9UPa0CZkQ/7rfbM=; b=nyoyXnud4NN9Zjpw9gDIyyVvp23OCJuQBoT7qu0EfvoYBiEO5ehwIo1CZHsZkzojV+ uRnBBW3g+cTTdhwSYbweLdcogaHEk0URL78gQ1z6yyGtmaBpCnzufLgjUzpTcxRtO/wi jnMbba60934XmJOJ7WsyW0PUtsH5R5bb0JV9b7RmvgfvSqrwvu4KR9pPdWRoJMjm4W7Z vAF2wn81j6d1km7qp2J9wvs3H+ncakGP+K145xGXMtsfFXEZag7Uvqj5c027j5NHFSmy jf9F7shzVHQbqy7j4+iTSRdXkOToiOLhm49jxvKmQqWlM3j4selmKSlaynTCcgdl1jXf CxYg== X-Forwarded-Encrypted: i=1; AJvYcCVx5xTZwG0DpfSYMuIYAkOnh/t0/1tJZ6RmigkL1XHWw47XWQggjNcOiBgduuNcybSw4XLv0tnvLw==@kvack.org X-Gm-Message-State: AOJu0YzLcQtQJUOo0XGTduOq5LzqAPftz3rNziwyQR8v4if7Ex07rINK 4PXojfze4DcZlvUJq412BY7W2UMNoFUc505jb+qegHMWW+N7q3OVT3aDzpFtY6bC8k9EkOIOZQm k53sTEfel+oRtOg== X-Google-Smtp-Source: AGHT+IEcl+aWiI9gcjsEH7JfVdofzIkvfGOPy+t3a2kQmtDWZILphyW/waOva2gmvbECfgZcZ+BxCm/pMy2ZPq4= X-Received: from wmbfk7.prod.google.com ([2002:a05:600c:cc7:b0:43b:bfff:e091]) (user=aliceryhl job=prod-delivery.src-stubby-dispatcher) by 2002:a5d:59a5:0:b0:390:f734:13b1 with SMTP id ffacd0b85a97d-390f7341455mr12051625f8f.23.1741089111497; Tue, 04 Mar 2025 03:51:51 -0800 (PST) Date: Tue, 04 Mar 2025 11:49:57 +0000 In-Reply-To: <20250304-vma-v15-0-5c641b31980a@google.com> Mime-Version: 1.0 References: <20250304-vma-v15-0-5c641b31980a@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=8695; i=aliceryhl@google.com; h=from:subject:message-id; bh=/C8f07Nhmn9r2N3ZtBFXfPSvF/v+MduRZhwmhE1w51U=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBnxulG0ds5DJF8JlTgZr/dILvw8f2A626kR9EDx jvhqzq6IwKJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZ8bpRgAKCRAEWL7uWMY5 RqEkD/4ti42FTv3nlJNYWD1fLr3wv5fy/4JQGBB9E0ylL3i+qRi8pSKEelsntkTxl/jZnfVDS+V fp+QpYHpY8oziZz/bpZHzAtPc178/Qgwn8qzvwIRIpCI+ZtgOVkhbXol1WYAZwEOg+rz0dc48Gg A4vKCEMHPK3+p0w9rTgxZ8YcqTHuWE1++VrOuVakRC8BJ+y1dsxFbr2UgXWJkQOtq1TMVvAdDgb 0FneosWVTFR4XGPDOulBVFE1CaGx/+gkoFJhoDEeteybDTGZmb9NiGjB8tEs0WeOAVwoZiYIO9x 4TnNI6PJk06+C+l+Lb18OQzWVoGjSU0tqZjRN4Y6o0nCwWSLKHNYscmNVWcPNmf6qP/LxwcDx/M HAzty486cYD80OlAiChyWBp2vI1ZD/w7nvNjUJUzntptuCMykGXvXlQ2gz8N9IFqTFERpEUoAY3 htNB5rTU5NSR25zrarBU4qCD4bLNFuN96AzliQHzm85yjzipco6j+wSZYvSzhXgQ1mt2zgXTS4/ +LG7FbPggom409fyyKf18F+ZSfhI1pVKw3u/Bc4ojT5UzV4inpw02Z/gmvZY7XbEhkAxLL1x1PN 99OS/Dg6/NMypHm/faDQ7NhMDJ37oxM6Fe/tgcF2dPPFH29+uTRLMVZ4uJQhLT3VHHttIFgI1fW XKXrE3DMS5Gl9Mg== X-Mailer: b4 0.14.2 Message-ID: <20250304-vma-v15-6-5c641b31980a@google.com> Subject: [PATCH v15 6/9] mm: rust: add VmaNew for f_ops->mmap() From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Jann Horn , Suren Baghdasaryan Cc: Alex Gaynor , Boqun Feng , Gary Guo , "=?utf-8?q?Bj=C3=B6rn_Roy_Baron?=" , Benno Lossin , Andreas Hindborg , Trevor Gross , Linus Torvalds , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Alice Ryhl Content-Type: text/plain; charset="utf-8" X-Stat-Signature: 6zntkp7pyy74wnypinzz36zjjqcs4sgb X-Rspamd-Queue-Id: B2FC64000C X-Rspam-User: X-Rspamd-Server: rspam01 X-HE-Tag: 1741089112-783734 X-HE-Meta: U2FsdGVkX1/i1mV8XORlzExoZ82Stcn9KmNt9ZMtiKjsVgn5OeVtbqStsHa2QArFmyiCmR1B+gMTOTHYrZ+YS7KXdjwHuicfLBStlEWeeTKwBgWbfJF0XRMJS1AP950s5b9vP2Hca7PdUQJJnK43apzGKxEIKmmYl+jUOcWpl3lf2dOV+f0d5fdl81fntpBu/JUUK9hgnsKTWtWQQcS2EMBgGhZEUQIZ7HOu1eNXH34YcZPrx/9rEWeUBdhWrm7BBIbXgcx8l+Zbdnwf8O+1q8HEUvNLuwQxFMX4n9YSOsR0rdoGmG6GkFLYE1uliWWkhimPdZe6g5QHfvXogUsmK7bllV3C4rhCCe9ludpnXyLBcqtDzHlUafXgycmq/Ccz2phajofq7cmS0iOEWuKVGfmzjWJY8bKh0kgeDANFXIf7hbZ/5kxXIqkvdf++Qqd33dg/rpfWPerNP0Ac8T5F3bcuNT36uSiGR20XnLQbxeQygWsYauWL39UHbHRGXtD3chDTQVv4N+ZZuvcq7lhx8jLCO/VeL62w5XIKXo7kcw0gKStjNj8V7ON+sirr+wnvLl3AU/yB8Ik20EMHApN27NsAfZWZfhX+bbbH5iucvAifEmpX+002lZwMYmrw1TN4FHlRZL3FglJrH5xW2N5bwocsx+vWBOCz2NuTL+wJFDBRjlADm4ZhCy05TfGcegNLyciC2Fs63FN+pDn+dmhYhCWDqtvTNhlNiQH6VwniF21zZsVQ3hmLrrAgvioyVa+MA8vLpJ6hXDbgWYZlR+9pohsERTKLvOg9TckJlgryYkMtOJkbHuaF9xxTF2Y486xXy9EJBhCPeiRChscCLfVcbCaGb7o+iBU9Kr6M6ntsBFDB21puuheR9hIjIuGNU+ImB3IGzjXQawygngpJq43cCuu3YBKllyxDHBlKQpIyaPhaDMJrDwXZWqxlsWRsAG6PtWuQ+ixwGKxyEvhPEm4 QV0/GCvG eHJQhRMdKtC5Qc/lVFXN21SwchB3SeuOWviujCAQ/09Ri5Teni89Vdds42GhKG4j8pUALYCqk+RebuHzkFK8ODbnUbTzb9dNvxaiZNb5Rjen2/QeQXpy5hIhjViZCfJIkKvcRTWf6U5KwGxHXtmwBFR/cqdm6qoDinqZgiia7knCuu0fI1MPqJf3HdOe14+XjwwzaZX/WAWGd6Vhlp+XlPP3b+uL78hf4byvfbBMiSWFScwrV7lxWqhGrrV8KHgZyT4REK0K7UwY9gtnJBxSt/OvDqTnNLZppJvLmTkiIK5by57t54FQOT3KT/CZGe0JYoOPkA9pmVmEWBa/DTOBFYCPYtT23g9iX5dSnSa3irmTdvIQekwM1WXQuv13x2Tr69FQBqbgdWICyeyHTF//VsYac7wzmedPGd4j2jo337BanGBBtPLam+NlweM31WwkCeHJ3mua0oJsVW2BfXgAOMZJuaZeT3qTihwrC/wrkFf+cHXIdxRdEqlqXPoqUhxVgle1ryXNbI+khbD/cJqYAq9MHjtXukEPptL8xNxr2YDSiSml6hRvC+5vn0hP3J4rPcAmlzgPZuad4tH9a4eZkAc78Jmrpvue1UarcCzE/epmVFa9l46EKmHy3d7AcABtD+jiQCpCzC8b8Mqed38QZS4cf7SkcbGQQKfoFufKb+ZQjZEtFW02p1pqEB3q2rD41iRobWH2U/sEQklVEI+GiamKhXHMWOwoLFuW4 X-Bogosity: Ham, tests=bogofilter, spamicity=0.209091, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This type will be used when setting up a new vma in an f_ops->mmap() hook. Using a separate type from VmaRef allows us to have a separate set of operations that you are only able to use during the mmap() hook. For example, the VM_MIXEDMAP flag must not be changed after the initial setup that happens during the f_ops->mmap() hook. To avoid setting invalid flag values, the methods for clearing VM_MAYWRITE and similar involve a check of VM_WRITE, and return an error if VM_WRITE is set. Trying to use `try_clear_maywrite` without checking the return value results in a compilation error because the `Result` type is marked #[must_use]. For now, there's only a method for VM_MIXEDMAP and not VM_PFNMAP. When we add a VM_PFNMAP method, we will need some way to prevent you from setting both VM_MIXEDMAP and VM_PFNMAP on the same vma. Acked-by: Lorenzo Stoakes Acked-by: Liam R. Howlett Reviewed-by: Jann Horn Reviewed-by: Andreas Hindborg Signed-off-by: Alice Ryhl --- rust/kernel/mm/virt.rs | 186 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 185 insertions(+), 1 deletion(-) diff --git a/rust/kernel/mm/virt.rs b/rust/kernel/mm/virt.rs index 3e2eabcc21450497a02ffa1ed1f31f3e7e7e1b6b..31803674aecc57408df7960def17cfdc2cebcd6c 100644 --- a/rust/kernel/mm/virt.rs +++ b/rust/kernel/mm/virt.rs @@ -16,7 +16,7 @@ use crate::{ bindings, - error::{to_result, Result}, + error::{code::EINVAL, to_result, Result}, mm::MmWithUser, page::Page, types::Opaque, @@ -198,6 +198,190 @@ pub fn vm_insert_page(&self, address: usize, page: &Page) -> Result { } } +/// A configuration object for setting up a VMA in an `f_ops->mmap()` hook. +/// +/// The `f_ops->mmap()` hook is called when a new VMA is being created, and the hook is able to +/// configure the VMA in various ways to fit the driver that owns it. Using `VmaNew` indicates that +/// you are allowed to perform operations on the VMA that can only be performed before the VMA is +/// fully initialized. +/// +/// # Invariants +/// +/// For the duration of 'a, the referenced vma must be undergoing initialization in an +/// `f_ops->mmap()` hook. +pub struct VmaNew { + vma: VmaRef, +} + +// Make all `VmaRef` methods available on `VmaNew`. +impl Deref for VmaNew { + type Target = VmaRef; + + #[inline] + fn deref(&self) -> &VmaRef { + &self.vma + } +} + +impl VmaNew { + /// Access a virtual memory area given a raw pointer. + /// + /// # Safety + /// + /// Callers must ensure that `vma` is undergoing initial vma setup for the duration of 'a. + #[inline] + pub unsafe fn from_raw<'a>(vma: *mut bindings::vm_area_struct) -> &'a Self { + // SAFETY: The caller ensures that the invariants are satisfied for the duration of 'a. + unsafe { &*vma.cast() } + } + + /// Internal method for updating the vma flags. + /// + /// # Safety + /// + /// This must not be used to set the flags to an invalid value. + #[inline] + unsafe fn update_flags(&self, set: vm_flags_t, unset: vm_flags_t) { + let mut flags = self.flags(); + flags |= set; + flags &= !unset; + + // SAFETY: This is not a data race: the vma is undergoing initial setup, so it's not yet + // shared. Additionally, `VmaNew` is `!Sync`, so it cannot be used to write in parallel. + // The caller promises that this does not set the flags to an invalid value. + unsafe { (*self.as_ptr()).__bindgen_anon_2.__vm_flags = flags }; + } + + /// Set the `VM_MIXEDMAP` flag on this vma. + /// + /// This enables the vma to contain both `struct page` and pure PFN pages. Returns a reference + /// that can be used to call `vm_insert_page` on the vma. + #[inline] + pub fn set_mixedmap(&self) -> &VmaMixedMap { + // SAFETY: We don't yet provide a way to set VM_PFNMAP, so this cannot put the flags in an + // invalid state. + unsafe { self.update_flags(flags::MIXEDMAP, 0) }; + + // SAFETY: We just set `VM_MIXEDMAP` on the vma. + unsafe { VmaMixedMap::from_raw(self.vma.as_ptr()) } + } + + /// Set the `VM_IO` flag on this vma. + /// + /// This is used for memory mapped IO and similar. The flag tells other parts of the kernel to + /// avoid looking at the pages. For memory mapped IO this is useful as accesses to the pages + /// could have side effects. + #[inline] + pub fn set_io(&self) { + // SAFETY: Setting the VM_IO flag is always okay. + unsafe { self.update_flags(flags::IO, 0) }; + } + + /// Set the `VM_DONTEXPAND` flag on this vma. + /// + /// This prevents the vma from being expanded with `mremap()`. + #[inline] + pub fn set_dontexpand(&self) { + // SAFETY: Setting the VM_DONTEXPAND flag is always okay. + unsafe { self.update_flags(flags::DONTEXPAND, 0) }; + } + + /// Set the `VM_DONTCOPY` flag on this vma. + /// + /// This prevents the vma from being copied on fork. This option is only permanent if `VM_IO` + /// is set. + #[inline] + pub fn set_dontcopy(&self) { + // SAFETY: Setting the VM_DONTCOPY flag is always okay. + unsafe { self.update_flags(flags::DONTCOPY, 0) }; + } + + /// Set the `VM_DONTDUMP` flag on this vma. + /// + /// This prevents the vma from being included in core dumps. This option is only permanent if + /// `VM_IO` is set. + #[inline] + pub fn set_dontdump(&self) { + // SAFETY: Setting the VM_DONTDUMP flag is always okay. + unsafe { self.update_flags(flags::DONTDUMP, 0) }; + } + + /// Returns whether `VM_READ` is set. + /// + /// This flag indicates whether userspace is mapping this vma as readable. + #[inline] + pub fn readable(&self) -> bool { + (self.flags() & flags::READ) != 0 + } + + /// Try to clear the `VM_MAYREAD` flag, failing if `VM_READ` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma readable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYREAD` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayread(&self) -> Result { + if self.readable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYREAD` is okay when `VM_READ` is not set. + unsafe { self.update_flags(0, flags::MAYREAD) }; + Ok(()) + } + + /// Returns whether `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is mapping this vma as writable. + #[inline] + pub fn writable(&self) -> bool { + (self.flags() & flags::WRITE) != 0 + } + + /// Try to clear the `VM_MAYWRITE` flag, failing if `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma writable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYWRITE` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_maywrite(&self) -> Result { + if self.writable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYWRITE` is okay when `VM_WRITE` is not set. + unsafe { self.update_flags(0, flags::MAYWRITE) }; + Ok(()) + } + + /// Returns whether `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is mapping this vma as executable. + #[inline] + pub fn executable(&self) -> bool { + (self.flags() & flags::EXEC) != 0 + } + + /// Try to clear the `VM_MAYEXEC` flag, failing if `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma executable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYEXEC` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayexec(&self) -> Result { + if self.executable() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYEXEC` is okay when `VM_EXEC` is not set. + unsafe { self.update_flags(0, flags::MAYEXEC) }; + Ok(()) + } +} + /// The integer type used for vma flags. #[doc(inline)] pub use bindings::vm_flags_t; -- 2.48.1.711.g2feabab25a-goog