From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB4C9C001B0 for ; Thu, 10 Aug 2023 23:57:52 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 554926B0071; Thu, 10 Aug 2023 19:57:52 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4DD006B0078; Thu, 10 Aug 2023 19:57:52 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 356C36B007B; Thu, 10 Aug 2023 19:57:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 229496B0071 for ; Thu, 10 Aug 2023 19:57:52 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id CF113A023E for ; Thu, 10 Aug 2023 23:57:51 +0000 (UTC) X-FDA: 81109860342.24.533A2BD Received: from mail-ej1-f45.google.com (mail-ej1-f45.google.com [209.85.218.45]) by imf22.hostedemail.com (Postfix) with ESMTP id EFFB1C0027 for ; Thu, 10 Aug 2023 23:57:49 +0000 (UTC) Authentication-Results: imf22.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=fSbsTlZ9; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf22.hostedemail.com: domain of vannapurve@google.com designates 209.85.218.45 as permitted sender) smtp.mailfrom=vannapurve@google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691711870; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=hhMgA7qBPuApMhQ4h1vJKFRA4DNp+2B2aFxUktI7jpQ=; b=1c3KqaUnI3iCLUXF18/yk7wwNZiG2F1gRnuWSxCFF//p6ay3bZacpXhPZSgbsEX+XlpgEd lOg3H+G++/PQF0pS1I+0JYJeha6TtvqHwSHBRDsuJanxQxk3Fb5+Fbx5Mb4lssh/NJDPmU mQfUQmsiIYKqY2V5DA5xS5nFQKrTfRc= ARC-Authentication-Results: i=1; imf22.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=fSbsTlZ9; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf22.hostedemail.com: domain of vannapurve@google.com designates 209.85.218.45 as permitted sender) smtp.mailfrom=vannapurve@google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691711870; a=rsa-sha256; cv=none; b=ak6amzMWVqvfCMDItQZA4FohOV3guJXRcV70C8HHTS3kmiMfnxgu/r134r0tZg6OGrRolz /taNIqZc06rCETrOFf3bM3Z+Rk4qphE48/RjoRdlKfRHW6enwD3jsedZTdBU+P3tDlw/kd ef2z6DE3QoTr3NbrKnllzV1WXzY4Kg8= Received: by mail-ej1-f45.google.com with SMTP id a640c23a62f3a-99d6d5054bcso205562166b.1 for ; Thu, 10 Aug 2023 16:57:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691711868; x=1692316668; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=hhMgA7qBPuApMhQ4h1vJKFRA4DNp+2B2aFxUktI7jpQ=; b=fSbsTlZ9eRUEq1oc0qlT9VA71infat9B81M3qAFGPQLw+6DiL/k6IQBVuLqYpfm6zc JPbbQuf/OXWE0DDR3Vty3P+Ga7xRDAZJPbwv8Rh6DllYU5zj15degN0az+fa1E+ZZKui Zid/yQ06BXhwoDugW7aU7NJA5d/c3xUSIByYDVFEbgx0r3ZtD20CbtxCBNcFSIJefMq1 tRA4cZrI4/sEiaraxlYyAq+sL65bMfdUmaPLsXuLObrwqiszX5v1AaY8IXbz4ltMaoUI FDZXJTolroDTYu55EKXzdNQ57eJWghsSQRQDYygik7m8uY2F9+yL1a51YFkAYkFi+S2u 5sVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691711868; x=1692316668; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hhMgA7qBPuApMhQ4h1vJKFRA4DNp+2B2aFxUktI7jpQ=; b=Pnjad+kRxBGBFKtm1WKapJSTgyY/AAMKaTXW3BLozlrtGti+o68jgABNLGzE30umfg 280o3U53SE25yxugVnF9NPKgK54qGpoLjN8s7gHEd9/YF0GFtg+cNfmhcqaRsoo3oCEU pa6whxgY7JE7G8h4O/6rOzJ9K+/h1Bpst8T+Y6UzxOnmAiNpoEmosVeWGJEPFCwmgpA3 pF7b1DcOeWkMjkRTY16H6z+5CuuOzt0v7235JMrhsjDniLZqgQt7JH9mbCTvB5P/qJAh eoHEujt9E8TaZVTfQ3q5e2bUJUi0YaNHC16+ekaqTZy6BIBvLCfCjc3WvUo0im/fPfoe bNNQ== X-Gm-Message-State: AOJu0YxYlgtYDwDxBM461PQqpmi8mFj9byDuG8KSOOoi7goZavstl7QH lfq2TvUYKfU2/Mhe0uxa/L3zsMTBM0nN7CGlK9yY7g== X-Google-Smtp-Source: AGHT+IExGyX6IQpw7nkPj/Oj8ZdeERAHUNFikZIEbAqLbQU3zHzZ+Xb2mqkLRl/UdYIm3ylJUJ+cypBkqHv5r6CLu/8= X-Received: by 2002:a17:906:1d1:b0:99c:55c5:1c6e with SMTP id 17-20020a17090601d100b0099c55c51c6emr519636ejj.8.1691711867870; Thu, 10 Aug 2023 16:57:47 -0700 (PDT) MIME-Version: 1.0 References: <20230718234512.1690985-13-seanjc@google.com> In-Reply-To: From: Vishal Annapurve Date: Thu, 10 Aug 2023 16:57:36 -0700 Message-ID: Subject: Re: [RFC PATCH v11 12/29] KVM: Add KVM_CREATE_GUEST_MEMFD ioctl() for guest-specific backing memory To: Sean Christopherson Cc: Ackerley Tng , pbonzini@redhat.com, maz@kernel.org, oliver.upton@linux.dev, chenhuacai@kernel.org, mpe@ellerman.id.au, anup@brainfault.org, paul.walmsley@sifive.com, palmer@dabbelt.com, aou@eecs.berkeley.edu, willy@infradead.org, akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev, linux-mips@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, kvm-riscv@lists.infradead.org, linux-riscv@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, chao.p.peng@linux.intel.com, tabba@google.com, jarkko@kernel.org, yu.c.zhang@linux.intel.com, mail@maciej.szmigiero.name, vbabka@suse.cz, david@redhat.com, qperret@google.com, michael.roth@amd.com, wei.w.wang@intel.com, liam.merwick@oracle.com, isaku.yamahata@gmail.com, kirill.shutemov@linux.intel.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: EFFB1C0027 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: qmwfwobk3m7u47jqnps8khxrzzhy1xts X-HE-Tag: 1691711869-320102 X-HE-Meta: U2FsdGVkX19aqSyV32zWD5rgEOtt9afdtvtsYbh0zVtccA22MeFdiUtC1slcxBtuF0jNEgLMgwHqSIsK2M3whkVayxNVnqGiEANaJ20ADFuQFKnkQcAdQPqKsfSqct2eDrK143/mF1UYsO/oRhlBC8pCD2LFNEF/SWhyJjv1B5B/glAIVnXo5rvM+vRarUXc/r5nu40aob4MmsXOvZYUt+Tv+eqpZrfeor6gC8K6uKvRa5m9eNXwbw9i01J61JjWtDEOE/Wkwgf1lbeubXq5IuL7iFeN2fj7gp4fMaagSpXP2DMj1gZYQ2YrgexaanTLBywRpcTod+1WLmZml2ddodxqvNAjV1bK+A+8KsMuOfOrj8K6Z6Ykx/ePN3MW8TQCYp6y5paicpQ4gEgsY0mHdNmXo3TehAvqWuArGtEZGNgmBunntDJfJR+xNzIYjwUyH6UAWi2jrq1CsZ60AUvmFDEUyIfBUTmYoVblT9eQr5+tyn9Mu1P3FBGkOYH93yO3O2m9jfOYZmVVJWbSBJibt4obNLMuOfWKMaAZR1jMXcKAQuc3hjRDA4OmDGV32fpv09+FOKAO90aXvORivaYwn9wq5VlZLLIBECy63yx3/b16tJxxI0k0vF57XQntvHbiPfqObK6SDRtlF+u6wDWL6kI0idg19PaVZQesbwNMlTL8nLkZd2XnLklxgxsnp7rlVDLucl6/V/vKkvVS0Rgr/YkHZ384RaLxszVir8dtfMmbkyoGyeHvqkRDYHUXVrzaKvWnqZCE3nI2BhboQCrGCn4j7SnPWV0VtdtX0QSKRDtKTPu2gxWC4MphK5Y7MHbo3QTMr6PkienMZFC1Wt0q60h+vktE4yYJUBt0bRMtL9q3rjcmRCnaMiLlbqayHiYoSRvgq9YtZdK/i9lR8zUrh5EPg+eCzO7kACRzhnxiEpcgWHAcrb8rDrO7ovuHGcs5zmpSL0MEpyNcXRLMXHt AYqKjV0n NNsFweq4AC4PA1CgyZykPNbjPbsO3ESpKc1DUqFIe7h4v0bhZMtmMQXiJerqqCCP7l8CpymwVPQ5qWLWSNVmTpyA4S+ETtO8QKdoHUC2RttijusSAztHij2SwDHSif5Cr0eNOiQPhKl2mPwWodJV1Cx6BxrWz2H3y8ujUHyZ6S0ouX3RxpNL5EUQaMHsmnG1PC+0GcT8kmHutYc1nat2HbJMlSqFNrTYlovZCVBbIgHWk+kt9rBrMqqYts5P6iY+iBTkCfli7DKQxzAw9WmxhZIRzpllc+G33UyWJGh8ntO5YJIC/EQe/R2xyX9X5hFR+/1Wji0+1x9RSBWENQW2GIfmwlcW0DKTHRBHvfETxVDvDN6M= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000001, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue, Aug 8, 2023 at 2:13=E2=80=AFPM Sean Christopherson wrote: > ... > > + When binding a memslot to the file, if a kvm pointer exists, it must > > be the same kvm as the one in this binding > > + When the binding to the last memslot is removed from a file, NULL the > > kvm pointer. > > Nullifying the KVM pointer isn't sufficient, because without additional a= ctions > userspace could extract data from a VM by deleting its memslots and then = binding > the guest_memfd to an attacker controlled VM. Or more likely with TDX an= d SNP, > induce badness by coercing KVM into mapping memory into a guest with the = wrong > ASID/HKID. > TDX/SNP have mechanisms i.e. PAMT/RMP tables to ensure that the same memory is not assigned to two different VMs. Deleting memslots should also clear out the contents of the memory as the EPT tables will be zapped in the process and the host will reclaim the memory. Regards, Vishal