From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id ED1B2C77B7A for ; Fri, 19 May 2023 11:03:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 1EAB5900005; Fri, 19 May 2023 07:03:19 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 19A02900003; Fri, 19 May 2023 07:03:19 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 03A47900005; Fri, 19 May 2023 07:03:18 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id E570F900003 for ; Fri, 19 May 2023 07:03:18 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id A18D51C752F for ; Fri, 19 May 2023 11:03:18 +0000 (UTC) X-FDA: 80806718076.06.AEF70A0 Received: from mail-vk1-f177.google.com (mail-vk1-f177.google.com [209.85.221.177]) by imf10.hostedemail.com (Postfix) with ESMTP id DA2B2C0010 for ; Fri, 19 May 2023 11:03:16 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=lU582uaF; spf=pass (imf10.hostedemail.com: domain of sumit.garg@linaro.org designates 209.85.221.177 as permitted sender) smtp.mailfrom=sumit.garg@linaro.org; dmarc=pass (policy=none) header.from=linaro.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1684494196; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=5jNtnl0ixWjSP8DQh9+bE2W7QXjs5PjGYkgY8RBy91o=; b=3ymaRWN4qa50uW2dtSx4xaxZ94hKB3N0pkqEwlCZAi2ZBS3l9BglCF4u0QMHZ5Puv+LpX7 s1mQjbRtMA2HwVUFsMyNElNwnxnp9hIzCa/6bT5iqdOHGK9y04lx5VGbx3d1UEnFYXde2p OHRj76q7cnhqxERrhVvvnTR5yUJ9DVA= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=linaro.org header.s=google header.b=lU582uaF; spf=pass (imf10.hostedemail.com: domain of sumit.garg@linaro.org designates 209.85.221.177 as permitted sender) smtp.mailfrom=sumit.garg@linaro.org; dmarc=pass (policy=none) header.from=linaro.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1684494196; a=rsa-sha256; cv=none; b=YsaOIBVTnro1a/jvwv9uXxoR+heydISNvUSuztooRvmjbnkWcFxjMYmQA1bdq+6iYI3Eya 1trNzQx+eTxwoz0tUE8Sv6zMn6pJzTBVFglH334D12Z7GAyq0QRiB6xzqyMnkqaQPQ0bRV nycmizlHx0vja6XBn9sj5gVtg3UibQ0= Received: by mail-vk1-f177.google.com with SMTP id 71dfb90a1353d-45701a8a1b3so262796e0c.3 for ; Fri, 19 May 2023 04:03:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1684494195; x=1687086195; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=5jNtnl0ixWjSP8DQh9+bE2W7QXjs5PjGYkgY8RBy91o=; b=lU582uaFvhsPxMB8wieIzAYVgQG0KGIWH5cpY+cPNeH8AcChj+NQrDExmvzlD85f1V ho3n07Z0lPb/nZAhAj8HaO/7OuryGP6bmiZoBTVPtTr0Md3umRYMurtmeMt56QPXDhAU ZYK7YKR1jeL/P6YgBayTNbuskzqzqz/E6ELcQ60RAv3adDsA9IW2KwJczxSo/XxSC2D+ zJMPvHCrG7oz1+RYdMeTvBMYWe7ZwljIqsHQDpPeIMGyh3/SIr5eH8fopc3zsGu+Ftwk Md7xrkI0AiGAaimELV0QiMeUNcxVLBtFiXts7gsrBXsbiLfRBc8RSTgBzQGn45eprW+B 41tw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684494195; x=1687086195; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5jNtnl0ixWjSP8DQh9+bE2W7QXjs5PjGYkgY8RBy91o=; b=b67TQ9XjEazA5PhkZiwX92kfH4Km822bIBTHakmQEReF0PcYHcWz03qB14c1GcPD3S UD05ETfvuwQLQQCnW7LuDFvyvZQt9UHbrI/+p9htFfjTC6+fbULs68Ew5XEG7GmyIoNL 5pXfA4AbysqhR0Fg5ub/ELBz1fm6O7WC3pvMOKfCm/Si7+dIB0BWqLe8fnHw2GBXiFg/ MQAu2/vnNF3bm4gTu789L4kTbkna2eAakJorY0ocaSGUGoBGOFG+TxjvLXOaPaqUBMXc 4QQjMbdZu4Ci4lGJUFI1INGnaFX9fWrPwCTX23Qm/wpqJaj1G85MthLQ5VYPwM7hONw7 Y5LA== X-Gm-Message-State: AC+VfDxUKnYTilLpNAhgjUDuBDC8v9hi6tfIwHkvsYnxi4Jqu+7KUZpp d+a5Yl0lA1q6/lUzPY4+YAoMudrLi0fRZSpweKEOo9JU4kDaFpuJMZU= X-Google-Smtp-Source: ACHHUZ4IoNjXX/D7uJQbUhx4UKBwK7sl5gNbLX0mtILlCTVmUCh4lNnPA6iI5tSHHiw6QYjcc4RCsC5Pgf5JNANsywo= X-Received: by 2002:a67:cd99:0:b0:438:d4bd:f1f2 with SMTP id r25-20020a67cd99000000b00438d4bdf1f2mr318974vsl.22.1684494195773; Fri, 19 May 2023 04:03:15 -0700 (PDT) MIME-Version: 1.0 References: <20230517031856.19660-1-xiaoming.ding@mediatek.com> <781d993204fbbdf30a6ca495b59b3b0aa7a2e496.camel@mediatek.com> <83a846a9-8f88-3f66-b840-e84d072bb0fb@redhat.com> In-Reply-To: <83a846a9-8f88-3f66-b840-e84d072bb0fb@redhat.com> From: Sumit Garg Date: Fri, 19 May 2023 16:33:04 +0530 Message-ID: Subject: Re: [PATCH] tee: add FOLL_LONGTERM for CMA case when alloc shm To: David Hildenbrand Cc: =?UTF-8?B?WGlhb21pbmcgRGluZyAo5LiB5pmT5piOKQ==?= , "hch@infradead.org" , =?UTF-8?B?RmVpIFh1ICjlvpDpo54p?= , "linux-kernel@vger.kernel.org" , "linux-mediatek@lists.infradead.org" , "linux-mm@kvack.org" , "srv_heupstream@mediatek.com" , "jens.wiklander@linaro.org" , "linux-arm-kernel@lists.infradead.org" , "op-tee@lists.trustedfirmware.org" , "matthias.bgg@gmail.com" , "angelogioacchino.delregno@collabora.com" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: DA2B2C0010 X-Rspam-User: X-Stat-Signature: yic4g4m1gyuzzeujrysns6f5oj8j1xiu X-Rspamd-Server: rspam01 X-HE-Tag: 1684494196-714163 X-HE-Meta: U2FsdGVkX18tE3CSp3loeHNAVHU3DQ6pttfzuZBTECGaYfAHSCEaRBAuBfn70gyQ3cPmMBTlo3YPXebkslsSVo70nJARaFf5MSn0Yvbhk+o8yK0LWutsiO9Ri+HZXJFUpRmHSRXGD5TduEOq8DbKjM5TQWamb9UgfyeE0TrgJXN/VpL9Y5gYeAO6GAAJdYUl28Uqk0945KhCI2ngchlzsPgNpZIdWTojc+/XoTnlq/mUR87YDjjz1BdjEuyM9y4m9MgtTZgcNMN8yeOxFHT+snXHBDk7gn/+MZTNUcc0r3jr9jintXDkfJiTGr/02pnBnv61v1PKyLHxoTQA4LYjZh7QEJuNHSANDf/oZY3Y+5s0qeiBuQViMZPfDJeJM5YkJpdX2VATXYfYFXWC3ZAjussCxed801+pyK8LLXfHP+7ir1ITQLFtCbB+CcFyl5sc+KM0wB67HeMKg/5r88xSULYxtaFAfUGqvmYMqkU4Z0w5MxcadEKTeMyN5yJVyDf7C5oBw7fUdFCIMRGOHV40NKCwXPW+i8ru/oZ20XocX51t5Y1pdlOfTglUse6uHLBw7JMXju5oXsGzkJpWSK/lg5aM3t+BrD8Cve2bWRUO2Gh2ZaOgcPNRrCtgqxsjT5oZjyaXvLm8SEqbnCxFbP7yiQ/VDyetsJP36sMpcWoUEiaXqLmBK+rO0Rf3KhibB/bjrPM1RRPh2k3ii+IF3pqIpDwcJKbDtUexowm6ehoBsdqTxGv/E2dlGO3Ljd897SpBpUcP8SoVRvmCeX+7gBI4YHKy5o8Iovnbr2A9T4oGSk5Yi1mAm6OuCJAyxCR/4bIUS33cOHwslGhkoW7hyeoj0TmegYG02j0L6vGR/a438w4GjZbS7m2Dpq8NQO9ochGGe2tuG9VEi+CvqtsdINHaLNL2AbOpy32DxgkaXVRgJM4ttJUzaqfOOX2toS7Nd/w5d7P4p8YaPp8iycg0Kgu 5SiIqtN0 n4Eb9V2WlZF2+sf8X234NTmc6dmQK6ZIMKj5BC7wktmQzKD1a/ceLm8St3o21nas9drgu0u2uISZ+spNvEksaCm+2IicO1twrJzCrM3zbOegCLfDrlDAE50E4pmHRVvbG8D9vAOD9m4tZ6odQueycKcR8z6mUXxG3Ku3S2OOchCfkeuaUedHfaYr8KGbmDvWvSGUR93u0+QnPWIZHdXyBKd0Mvzd5aAiiaLm+caVuAVFgXBMa5Aar2YeRIKx+ffkl69G36D207nh/S4D5/4i33DCW6lODpnV6icyKWBAIXykhLtsw70uOUfkGkmIP5/t0Nus7YCWaveRe9aMDIy1OOpytfjcz/ffS2qz3G9ohpiDr0lr+6GMKjBTS9WezjtRxr6UidjBon4TScTIwC0be+T86hwLci/bW49xxqbzKAviC05vYYxjPGm5SmDvm0JQkLQNvtCzkOOU9xzPLc0bTDHR+ew== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, 19 May 2023 at 15:31, David Hildenbrand wrote: > > On 18.05.23 08:40, Xiaoming Ding (=E4=B8=81=E6=99=93=E6=98=8E) wrote: > > From 35fd062d5cbc4d182eee0183843cd6350d126788 Mon Sep 17 00:00:00 2001 > > From: Xiaoming Ding > > Date: Wed, 10 May 2023 10:15:23 +0800 > > Subject: [PATCH v2] tee: add FOLL_LONGTERM for CMA case when alloc shm > > > > CMA is widely used on insufficient memory platform for > > secure media playback case, and FOLL_LONGTERM will > > avoid tee_shm alloc pages from CMA region. > > without FOLL_LONGTERM, CMA region may alloc failed since > > tee_shm has a chance to use it in advance. > > > > modify is verified on OPTEE XTEST and kinds of secure + clear playback > > > > > > Fixes: 033ddf12bcf5 ("tee: add register user memory") > > Signed-off-by: Xiaoming Ding > > --- > > v1 -> v2: take off the ifdef and apply FOLL_LONGTERM by default > > > > drivers/tee/tee_shm.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/tee/tee_shm.c b/drivers/tee/tee_shm.c > > index 673cf0359494..38878e549ca4 100644 > > --- a/drivers/tee/tee_shm.c > > +++ b/drivers/tee/tee_shm.c > > @@ -257,7 +257,7 @@ register_shm_helper(struct tee_context *ctx, > > unsigned long addr, > > } > > > > if (flags & TEE_SHM_USER_MAPPED) > > - rc =3D pin_user_pages_fast(start, num_pages, FOLL_WRITE, > > + rc =3D pin_user_pages_fast(start, num_pages, FOLL_WRITE | > > FOLL_LONGTERM, > > shm->pages); > > else > > rc =3D shm_get_kernel_pages(start, num_pages, shm- > >> pages); > > I didn't dive deeply into that code, but I can spot that we can end up > long-term pinning multiple pages -- possibly unbound or is there any > sane limit on the number of pages? I am not aware of any limit that we put on pinning user-space pages. > > Take a look at io_uring/rsrc.c and how we account long-term pinned pages > against user->locked_vm/ctx->mm_account->pinned_vm in io_account_mem(). > > If user space could only end up pinning one or two pages via that > interface, ok. But it looks like this interface could be abused to > create real real trouble by unprivileged users that should be able to > long-term pin that many pages. > > Am I missing something important (i.e., interface is only accessible by > privileged users) or should there be proper accounting and > RLIMIT_MEMLOCK checks? So your observation is correct. With long term pinning we have to implement similar RLIMIT_MEMLOCK checks. Thanks for your insights here. -Sumit > > -- > Thanks, > > David / dhildenb >