From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id C71DEC77B7A for ; Fri, 19 May 2023 10:01:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5F7F3900004; Fri, 19 May 2023 06:01:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 5A801900003; Fri, 19 May 2023 06:01:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 49726900004; Fri, 19 May 2023 06:01:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 3B234900003 for ; Fri, 19 May 2023 06:01:30 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id BF75AA0A41 for ; Fri, 19 May 2023 10:01:29 +0000 (UTC) X-FDA: 80806562298.26.172E428 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf14.hostedemail.com (Postfix) with ESMTP id D4D2B100029 for ; Fri, 19 May 2023 10:01:26 +0000 (UTC) Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Eo7ucxjJ; spf=pass (imf14.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684490487; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=VI5tgplCEt4jHAaMyiKalfapGPWMDCQqKZuSohEz4I8=; b=alwt40fhzHoIKD/na5S6ltwMbd/ftiW7e7pBtqICc/GlOvaVqczASq1+zLCk58HEJFtxh0 l6r69IyJbq/hwX2Re4UWYIlfwvqBkze67DXWHR+u2LJAsqopXWIWcfgQa5tEOVmUXoCxBF ZcLf/rMK7QQ8qmIVec3ZIcOdtaRZOVY= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684490487; a=rsa-sha256; cv=none; b=rRE+xVll7MTnIza1rtMYN2Yfg+Ot+82excezJssAJJfSXHy+en7fo081FHm0wH4oUmpcF7 PtGkjjN0lu21NlIj3KNUTDSWmRQKo9xWFYjJkV0MwZwjJRD7/M+Mmo+1Uvea0l2MiSKicA ksRYEGE89ADRrZaqQDg35qeyczl2Hp4= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=Eo7ucxjJ; spf=pass (imf14.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1684490486; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VI5tgplCEt4jHAaMyiKalfapGPWMDCQqKZuSohEz4I8=; b=Eo7ucxjJ4tfxCxIPEEz4t4tsX1UaymPPSo0X7E9BhzZG4guufEtZjTsxOhcggaW0LtdkYn wbWuUkitvg6mhLtIhpU6sq4Tjwr2Rw4AuzQ0n+xxVaDZdM9z/2kkHI5fUXDb5YCeU364GH wFyLyf/SQ0R/CUzmpA1ZsyWG7i/tGPQ= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-317-qWwnEkjiMOy1xxILaGHMSg-1; Fri, 19 May 2023 06:01:24 -0400 X-MC-Unique: qWwnEkjiMOy1xxILaGHMSg-1 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-3f41ce0a69fso11608925e9.1 for ; Fri, 19 May 2023 03:01:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684490483; x=1687082483; h=content-transfer-encoding:in-reply-to:subject:organization:from :references:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VI5tgplCEt4jHAaMyiKalfapGPWMDCQqKZuSohEz4I8=; b=a11390tGyub2Zkn/6hHMhcjzN+ilOTT5UVgXdLHplQ0Q3EgfhEAR+8H/7lsbYuWMJI Sa1lP1JvWgTeVGL9Kj+RCN+nXqEQmi3adevdTHjKfKH65A0PFXdQJjF0p0C5SqOIIR1v 40fZMdVRSt2ihKKu4MjafU7XAlEu+DV0lsCdOdRrgCnP0gwuhvvNYQGu6FfJK1riigfQ GR0fV94Ggmpqoq9mMoxMTmNRnQGz5DiF2b6oPmM730vNpy0fSD9+9mUXgnm2N3B6jW78 vz+lZrMfIDsQiLlPDa0hFQ0Hw7iGUVhG14sVgS0R+xyOAS/2fhkuuQkxfYzHlGvSE9JT g4uA== X-Gm-Message-State: AC+VfDy6t14IVxeBa7RgHtgmS+ix7y3LJ70w5iTeudBwZVKwd8jHeQwG h1MfG8WHdUl6T5oWCri3Z8FY6c3nfbrHUWkROsMi3BIvAwUhpLwFjQ37TSk6dVs9KudfU5dT2Dt 7bSKB9ijLto4= X-Received: by 2002:a5d:4b43:0:b0:309:5068:9ebe with SMTP id w3-20020a5d4b43000000b0030950689ebemr1226777wrs.50.1684490483440; Fri, 19 May 2023 03:01:23 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6bW0gym5bX5jcXG9w5DVs/9Wlup2M96haNB0vR03K3c+zLetIbvoA2UiOPc9NtNRwR6l97Vg== X-Received: by 2002:a5d:4b43:0:b0:309:5068:9ebe with SMTP id w3-20020a5d4b43000000b0030950689ebemr1226745wrs.50.1684490482941; Fri, 19 May 2023 03:01:22 -0700 (PDT) Received: from ?IPV6:2003:cb:c722:9d00:7421:54d8:9227:a3e8? (p200300cbc7229d00742154d89227a3e8.dip0.t-ipconnect.de. [2003:cb:c722:9d00:7421:54d8:9227:a3e8]) by smtp.gmail.com with ESMTPSA id k13-20020a5d518d000000b00306344eaebfsm4801755wrv.28.2023.05.19.03.01.21 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 19 May 2023 03:01:22 -0700 (PDT) Message-ID: <83a846a9-8f88-3f66-b840-e84d072bb0fb@redhat.com> Date: Fri, 19 May 2023 12:01:21 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 To: =?UTF-8?B?WGlhb21pbmcgRGluZyAo5LiB5pmT5piOKQ==?= , "hch@infradead.org" , "sumit.garg@linaro.org" Cc: =?UTF-8?B?RmVpIFh1ICjlvpDpo54p?= , "linux-kernel@vger.kernel.org" , "linux-mediatek@lists.infradead.org" , "linux-mm@kvack.org" , "srv_heupstream@mediatek.com" , "jens.wiklander@linaro.org" , "linux-arm-kernel@lists.infradead.org" , "op-tee@lists.trustedfirmware.org" , "matthias.bgg@gmail.com" , "angelogioacchino.delregno@collabora.com" References: <20230517031856.19660-1-xiaoming.ding@mediatek.com> <781d993204fbbdf30a6ca495b59b3b0aa7a2e496.camel@mediatek.com> From: David Hildenbrand Organization: Red Hat Subject: Re: [PATCH] tee: add FOLL_LONGTERM for CMA case when alloc shm In-Reply-To: <781d993204fbbdf30a6ca495b59b3b0aa7a2e496.camel@mediatek.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Stat-Signature: zwwzu6m6z9r43mzwd7h1sg73szzsgs9c X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: D4D2B100029 X-Rspam-User: X-HE-Tag: 1684490486-669458 X-HE-Meta: U2FsdGVkX19f36716AQZgwERZlsaISGjK2P5E5bo8+le0928XmNH4r2qvH5HB4JFY2cMtHBs9u9lesifqhtWQ870IWwjE6AxzTVZt8p3ymBZccP6tcIcznb30kotTNpdzHUzaA+RMbCOYXiDLouGYmuvlO45lzMYkp0T51GumskgD/fy+jbbGFdXQcGVMXVNlQviaCMrTFPJ/RavOtpMd2FJXQBiGVnPRdzR7RBmDCn8OR0WJG1ekAZuRkEabmzsl1V1Cx9V8ftMMP/P7BoUouBqzdKH5aoVjYYb1A+COIkQeKQODqXR8h0NuCTxtI5ckokF+68KHK+57Tsw09x9dcvigb5HsOcMax75QCsp6FnVVqqHFQIKJLoG0oQz4OR+gbgCrWMzsSamvLXQH9Xfr1mXsfq+/5xf/Q1pYx7+nR67t3R/Krp3mP3BX+X17qviFlL+7wSszExKej/pXl2nTBDoChLhHWljHP4m0gONK2L2FBiRDnmyBEA/ccEcHszhDCTi20/n0UCK6e11IZg3ieQ5WoAsMfFiigA63CeKqco9Spe8wOST2BlxK2giZ/CHEpiYpVv9GP6VnCAJ5kxqpZLoIwdwHaf/Sz6OyKC1EeVLUotnCbzAQKHu3Vvmj5X4e7+UBIBQID91hQEVHbgHM5xS33lRArRmia5KCPhT5i/7XRfJrROuaFghXdiH6rVqd2aafTpTwpBHq8MfgrOACP9ENUQYg1dSKvYhrZ3OpG7g2rHbFCwqmN+g1qmrhAx5mOGOnH2VArKB4xyQlGaW/Snjdj5nBHBYLNpi1l0kj9JG75FRH23zWDRQprReD77slkxsfbU3tfyJSwC1LcV/lPE5Tqt1+UI/W/kMKHmNzmhz9bCzXUP8TrlA2nHvhIlFsFxB7473m5X1CSiEOkoIRFa5OAfWZdjBOgF3ggLrioaf8LyZs6Zhzfy23lL/Jj7c+CLCj/z1cWkFPrG7z1L CIeaHLDq ZIiZUMOoae9tsUvelqaSrMGZyeKE6fZoZ0UjMY7sJovAtarV7mFl8D+1tP5C/oqCRf4/tlxuWX+XQhvgbgbJYHJbYd8eoOYTKnBy+2gcqOduvKQle7SFgES5//djIjh1wjpGn8oGgRSzp/nCEvou2yygW5Z2u8wpD+cM9qt79P8D7wBEkL0wEhORNzezsmCkC4pkIOr3xeD0tdYjNk4Wt+5AgYnltNS8IkZefhM+pzqXbKOm4ZtLvg0IZw45Bkqzx/Uu/K5v2yPB/r7TAGHVOEU443GpUvFZ1uQnYCvIbN9IqfAuloO3ZjlRI7Tp6qWQaTHwuALKMpPf3Z09TdPexeAyXZMs2Qx4coaVkD3HWF9Ms3kSuRVDcZKtDCYrD9HR+ZQ8xpkyf3ypu8v5s+NLVPG7/LhEK6yvbGpFOOM0XXfNcIm0TstEXquhZy/O727OV5fbBsMbVlEHyhNeyt/WffcyaHyeFeP5jR7lY/t80I7LMfNnEagWYnXeTxJPCtdwI5uyTdxPD9vGa16Vc8DfxLiOruu65lzyt6kUsGe2OUGQ7n+K2oWFjBcqYF5ON4GOs/chSskl57mnsxCtid3GY6xlocuVrJrRzDs/O X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 18.05.23 08:40, Xiaoming Ding (δΈζ™“ζ˜Ž) wrote: > From 35fd062d5cbc4d182eee0183843cd6350d126788 Mon Sep 17 00:00:00 2001 > From: Xiaoming Ding > Date: Wed, 10 May 2023 10:15:23 +0800 > Subject: [PATCH v2] tee: add FOLL_LONGTERM for CMA case when alloc shm > > CMA is widely used on insufficient memory platform for > secure media playback case, and FOLL_LONGTERM will > avoid tee_shm alloc pages from CMA region. > without FOLL_LONGTERM, CMA region may alloc failed since > tee_shm has a chance to use it in advance. > > modify is verified on OPTEE XTEST and kinds of secure + clear playback > > > Fixes: 033ddf12bcf5 ("tee: add register user memory") > Signed-off-by: Xiaoming Ding > --- > v1 -> v2: take off the ifdef and apply FOLL_LONGTERM by default > > drivers/tee/tee_shm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c > index 673cf0359494..38878e549ca4 100644 > --- a/drivers/tee/tee_shm.c > +++ b/drivers/tee/tee_shm.c > @@ -257,7 +257,7 @@ register_shm_helper(struct tee_context *ctx, > unsigned long addr, > } > > if (flags & TEE_SHM_USER_MAPPED) > - rc = pin_user_pages_fast(start, num_pages, FOLL_WRITE, > + rc = pin_user_pages_fast(start, num_pages, FOLL_WRITE | > FOLL_LONGTERM, > shm->pages); > else > rc = shm_get_kernel_pages(start, num_pages, shm- >> pages); I didn't dive deeply into that code, but I can spot that we can end up long-term pinning multiple pages -- possibly unbound or is there any sane limit on the number of pages? Take a look at io_uring/rsrc.c and how we account long-term pinned pages against user->locked_vm/ctx->mm_account->pinned_vm in io_account_mem(). If user space could only end up pinning one or two pages via that interface, ok. But it looks like this interface could be abused to create real real trouble by unprivileged users that should be able to long-term pin that many pages. Am I missing something important (i.e., interface is only accessible by privileged users) or should there be proper accounting and RLIMIT_MEMLOCK checks? -- Thanks, David / dhildenb