From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C364C433FE for ; Tue, 4 Oct 2022 15:39:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 32C016B0071; Tue, 4 Oct 2022 11:39:55 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2DBE66B0073; Tue, 4 Oct 2022 11:39:55 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 156266B0074; Tue, 4 Oct 2022 11:39:55 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id F15656B0071 for ; Tue, 4 Oct 2022 11:39:54 -0400 (EDT) Received: from smtpin11.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id C8DB51C2A92 for ; Tue, 4 Oct 2022 15:39:54 +0000 (UTC) X-FDA: 79983677508.11.DA420A5 Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) by imf06.hostedemail.com (Postfix) with ESMTP id 51CEE180017 for ; Tue, 4 Oct 2022 15:39:54 +0000 (UTC) Received: by mail-lf1-f49.google.com with SMTP id b2so10760501lfp.6 for ; Tue, 04 Oct 2022 08:39:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=4t0N2bprBniMQRcB/3qFmooQSc3A7XC7fAMoxb8s4/g=; b=C32agy2ULzvIFgr79jFj59nUVP8RorH8QzYqciN6EgVs+VNKdcz7q4CV/cJPDoLkap pVTwYnTBSzV/xbP8DR8g+Dr1SHKCjwbo4G9hBlXcZSlyQG6x3rI5yk5KP4hhxK51maiq GP4iRrKEtjAkaonVPyD30GbmgQGksw1icwsTsXjv/kNyrKGTYdP6fKKGZgSaiUqI3juO TyeWtPibkqaL2vZDx0wGOtu2LSjjCW1+OvOFPT1TJy4tZObbK3E+/gzHjnf3ezE02F3Y hBrNuVTSe81htxqDyxYC1pzaQL1kYbCggbjBGk/VdPqGw0kb39aLFZdyhvA2ugVE0H/d e/CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=4t0N2bprBniMQRcB/3qFmooQSc3A7XC7fAMoxb8s4/g=; b=CbbfTnJ6W/nHecBQG8wFw/UtA7gE5JLjNPbeUK5ocMfiTx2whz7Hz+q05nLJesI3hE /TcQNkQ6Lh+Kmx4DQVTIW/IErGWwJbfIZnl6SwagiTrde++V2D5gboLWB83LdLOKOppS i3yNn9RpC30gDnvhMZoc+70IEwQ7h2tskXmr4qkkK00Jq7qd5Y+W1u7MlgFxnQvgqil8 yD1pcO9Or5gj3znuuJFVW9EOhFpOcRKqHmfzefxwOC/Geg1dopcI+vCHDJ+2i9xw5w4t bjI4jD4yqSmqBrDNepSRqR6dA6gU/ZGXSIzc2ioX0l1zP6+S6HbGgMNC7HlEwV8pk4QT U6BQ== X-Gm-Message-State: ACrzQf26p3WBR+7K2b8bGYtwzKDGLxA0yE9+AHbLu2jnmEw+rmKCBU1O T/AHjjPoGBA5DBs8IjZ5304WWTfO/hKHJRCiuW/xew== X-Google-Smtp-Source: AMsMyM5k0EwfNM7bE4QTJeF9u69v1+y2xAlpFHPuF6waoo+QftXzYBsJvVbwshD+nLREU1ta1b6NNHSmr8A/Tz3xiMY= X-Received: by 2002:a05:6512:2392:b0:4a2:550a:e21d with SMTP id c18-20020a056512239200b004a2550ae21dmr1274483lfv.550.1664897992505; Tue, 04 Oct 2022 08:39:52 -0700 (PDT) MIME-Version: 1.0 References: <20220915142913.2213336-1-chao.p.peng@linux.intel.com> <20220915142913.2213336-2-chao.p.peng@linux.intel.com> <20220930162301.i226o523teuikygq@box.shutemov.name> <20221003110129.bbee7kawhw5ed745@box.shutemov.name> In-Reply-To: <20221003110129.bbee7kawhw5ed745@box.shutemov.name> From: Fuad Tabba Date: Tue, 4 Oct 2022 16:39:15 +0100 Message-ID: Subject: Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd To: "Kirill A. Shutemov" Cc: "Kirill A . Shutemov" , Chao Peng , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org, qemu-devel@nongnu.org, Paolo Bonzini , Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Shuah Khan , Mike Rapoport , Steven Price , "Maciej S . Szmigiero" , Vlastimil Babka , Vishal Annapurve , Yu Zhang , luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, david@redhat.com, aarcange@redhat.com, ddutile@redhat.com, dhildenb@redhat.com, Quentin Perret , Michael Roth , mhocko@suse.com, Muchun Song , wei.w.wang@intel.com Content-Type: text/plain; charset="UTF-8" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1664897994; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=4t0N2bprBniMQRcB/3qFmooQSc3A7XC7fAMoxb8s4/g=; b=qce2rKRR8/IFEbW7oOMlgrMdSWta14Ik0Ng4vaqPVhcdxxEH132bL1yZIvLoxlvwpabWQJ VSduavyMMRmnceEyqo55TVxUqsdc+ntVSQCowySP31PTKHxT0Ur0FVsOAPTCT1PSmqrYUj Sq5ethJ+eg0ZaAO4BE7UL5CmxdoBQlQ= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=C32agy2U; spf=pass (imf06.hostedemail.com: domain of tabba@google.com designates 209.85.167.49 as permitted sender) smtp.mailfrom=tabba@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1664897994; a=rsa-sha256; cv=none; b=GDDPFqzNvW0tUOI8Lg+fkjIZLVEJiMOAp4i/e548l5jhbHujFOKnYicf9N5OSKkUnvA2O0 X/8MYpfOCjlsbE9+CbLL3fGYhwgeHQB/+yujRrM2DFLpOdNGcrX8/nlZtZPUEEmqP5cXXv ss2fvCC3qdTc0iJdyThkh3lARcjOrO4= X-Rspamd-Queue-Id: 51CEE180017 Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b=C32agy2U; spf=pass (imf06.hostedemail.com: domain of tabba@google.com designates 209.85.167.49 as permitted sender) smtp.mailfrom=tabba@google.com; dmarc=pass (policy=reject) header.from=google.com X-Rspamd-Server: rspam06 X-Rspam-User: X-Stat-Signature: r1j16wnfo4kyp81p8tae8gjuy8eha6w8 X-HE-Tag: 1664897994-451985 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi, On Mon, Oct 3, 2022 at 12:01 PM Kirill A. Shutemov wrote: > > On Mon, Oct 03, 2022 at 08:33:13AM +0100, Fuad Tabba wrote: > > > I think it is "don't do that" category. inaccessible_register_notifier() > > > caller has to know what file it operates on, no? > > > > The thing is, you could oops the kernel from userspace. For that, all > > you have to do is a memfd_create without the MFD_INACCESSIBLE, > > followed by a KVM_SET_USER_MEMORY_REGION using that as the private_fd. > > I ran into this using my port of this patch series to arm64. > > My point is that it has to be handled on a different level. KVM has to > reject private_fd if it is now inaccessible. It should be trivial by > checking file->f_inode->i_sb->s_magic. Yes, that makes sense. Thanks, /fuad > -- > Kiryl Shutsemau / Kirill A. Shutemov