From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9B03CF3195 for ; Wed, 2 Oct 2024 05:14:49 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 28C6C6B0271; Wed, 2 Oct 2024 01:14:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 23CBA6B0272; Wed, 2 Oct 2024 01:14:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 0DE1D6B0274; Wed, 2 Oct 2024 01:14:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D44426B0271 for ; Wed, 2 Oct 2024 01:14:48 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 18E291A08DA for ; Wed, 2 Oct 2024 05:14:48 +0000 (UTC) X-FDA: 82627497456.29.0489EC3 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 713B540009 for ; Wed, 2 Oct 2024 05:14:46 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=MONFU4x7; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of rppt@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=rppt@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727846047; a=rsa-sha256; cv=none; b=ZruGdkjeRcneNRnq0EAskYRKWwb0fPd3b9zShPyqaA/8zYMI8dv3AFRKtZ46kBrQwE1EpI f6yy0eDcNhhbvk90rvZOp1cEDM4RhzeNvoc8mvy72h2FpyGXNLa0F1d3v8fFgdiahefzrV biEfjC28fj/v04pfSOo0DMR8hsJCbGc= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=MONFU4x7; dmarc=pass (policy=quarantine) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of rppt@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=rppt@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727846047; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=lpaooLPbCFFCMKLIX/fwnRhNwtUrg88LBiH1Gk9ai2I=; b=zgYL+KlHGA0/Osnt8EGzfEePy38EQ/TnTMlnCc+TLWVC5qevUC0/yYfbFdhMMHqssYFMPS oe8UqVUKIfZqrfWTzNhPmARNCo2a9ovjrCeG86N9cKh3OPf3feSSpacpiZIJ4xLDOhUEKX mzLExqYFYpHTOl2Fm1Vea2llkO8KSnk= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id DD6685C2F68; Wed, 2 Oct 2024 05:14:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id C2048C4CEC5; Wed, 2 Oct 2024 05:14:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1727846084; bh=c7rLB5/VUrdk7s0iqLe6pI3/lO8W2J+Xm4Qz1OG3pIk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=MONFU4x7aUZpBQGcC9QkuqMs5GS0f081TWEgWJBNjGa8kpRB7Kf9yR5RoqF4JMR2E U4yFZ67CUbdlxs24pFdWLuyAOwEA+O2hkxy2FkbT0goi6yqL2TI9VPUB55s0w4sUvU quusMxxiDAN/8FmPJiJi1a+rVv/vNk25zoJnglaNz2LCyPJiPvGuxvBQ7HQba9mI0N 0ezBozSMWrbnhgQTlHiADfULxRPSaNRe4QHxWJQIHT+X24kQVDjS9AwigkWi8KIGrl GNzlzPCuG2PLltnjs4qxnRpaDamvRlu3wvfkzKoq2L3o1LZyxpOAbMgJcOEg0Nc4Sr mD2cROEy0sAGw== Date: Wed, 2 Oct 2024 08:11:24 +0300 From: Mike Rapoport To: Andrew Morton Cc: Patrick Roy , david@redhat.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org, graf@amazon.com, jgowans@amazon.com Subject: Re: [PATCH] secretmem: disable memfd_secret() if arch cannot set direct map Message-ID: References: <20241001080056.784735-1-roypat@amazon.co.uk> <20241001150438.017b7bb4cd1baceb53a764bf@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20241001150438.017b7bb4cd1baceb53a764bf@linux-foundation.org> X-Rspam-User: X-Rspamd-Queue-Id: 713B540009 X-Rspamd-Server: rspam01 X-Stat-Signature: 8zejxtkmhsromyg3uxhwhfp4k6ey1gue X-HE-Tag: 1727846086-510309 X-HE-Meta: U2FsdGVkX1/qy4YuSdUkslzxYSeDPxoQ9zFF2MBMChVDWYSwDpF269enDl+Gsq6K5hjNQLPKViPMqnNt8r9vxFDgP+mOQxzK1Uj2jaZqj1BTIBb5oaTNIhuIeRkz13gHsdGKmMFpSDPpOwUioHXTlRXz74Fm6S1ks7uQvwuWNRZHXIztCUZ4Q+67wNVTDfKKihTtlr/C1unngc0CmgUSkZdPVOITT9jBmZqplumwB4+FD8cWr0Bv7GSiWfAra+AKLyPv7NcU97rvZ//0x2N3nexNoN3IDwPUetLghZBfAXEhsVp3x3NSp8c6LdNCiHRc91+i/Y3lzQT6m/0dmNOQL4FohV+LR8OHktYHofqahWl6OfBDgcbeJgm5xyiMi3ezdzGckWGeP67F2sJ4lX9jGd5MQOz/reRdws3/AI6AVMujPQ/QrEbTvWFDoslmn1d8g9sEEWqSXtEjSsLEkmx4IpZ0gPqsEatf65R/hYaarvBbjJJmd89uUnwxOp34tcYfa5Z7FalELBFOYK4KoN72Ha4SmfKECScH03ZIBJGBgeRKyO6QvUx4r3qO8zA6XBWIbPlQ5xPUtZ53zMROn/rZgLvSxP6hEwsX48cQ3hRMAzInU0/0s+XJO4FZGwy+SZUnfcvZIpdo3nb6MrQk3RskNgRtXes9XXwcYGklDbbiMhBxxaHJpE2WM5ro9SHu35zNBuMGzKeKHwb+MXpS0iHmffh5xpMWgFc0LGYRBCfqxB1qTEmDpkKzfLrhaCNt+QdzlQBVmRK+/D3XjutqKGtSTmCBNuSfa6kvrVmhwOndrN+fq/k96fi2VCsWGWnMkPsIiRriu53k3RdloaCzKthU/Bv1LY1PBuOg+VTtzxLjsfm6O5w4gSMQzIKamTOH+QDFwD0VaOle/ghSUr4L6360Ay6yCgRnxx+Ni05G95ZBYQNxwPYikSBL9p416U0wi/AtR6IihHLJ79HpIQb3Jrj n7qOYrbo ZGJBTohVUQRxjAOaX36hKVbvBI6Yot7F3mAPMgfaGdWRfS9vJXrJwYVxIWSNzbq86PJ2EdZksbCX7a13M/3gPTkHT2jKnwMs3NbvMYNcxa3ylnjKTet4QdEMLs+3UXCXss1umhqGk8yvczrlz0C9Z/AukmDjw1mWcLeg6ejYNb9PnfJoJLivhIB/wREMGJTsr4NERPozFIKg5lGNuvWQJf60JS4V8NMRgo2oF4foJaOmMD74paTn/hirQ9fTZEYSY2RKhLOGHSW/6kazmgUoouMKamPH3Mc0ytWX29b3zGPK1y93vIzORnyQ+1wnnyP3mM0og+Zt2jeAHHuohNxqG3L/lrVTtznMJTt0R X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Tue, Oct 01, 2024 at 03:04:38PM -0700, Andrew Morton wrote: > On Tue, 1 Oct 2024 09:00:41 +0100 Patrick Roy wrote: > > > Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). > > This is the case for example on some arm64 configurations, where marking > > 4k PTEs in the direct map not present can only be done if the direct map > > is set up at 4k granularity in the first place (as ARM's > > break-before-make semantics do not easily allow breaking apart > > large/gigantic pages). > > > > More precisely, on arm64 systems with !can_set_direct_map(), > > set_direct_map_invalid_noflush() is a no-op, however it returns success > > (0) instead of an error. This means that memfd_secret will seemingly > > "work" (e.g. syscall succeeds, you can mmap the fd and fault in pages), > > but it does not actually achieve its goal of removing its memory from > > the direct map. > > > > Note that with this patch, memfd_secret() will start erroring on systems > > where can_set_direct_map() returns false (arm64 with > > CONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n and > > CONFIG_KFENCE=n), but that still seems better than the current silent > > failure. Since CONFIG_RODATA_FULL_DEFAULT_ENABLED defaults to 'y', most > > arm64 systems actually have a working memfd_secret() and aren't be > > affected. > > > > >From going through the iterations of the original memfd_secret patch > > series, it seems that disabling the syscall in these scenarios was the > > intended behavior [1] (preferred over having > > set_direct_map_invalid_noflush return an error as that would result in > > SIGBUSes at page-fault time), however the check for it got dropped > > between v16 [2] and v17 [3], when secretmem moved away from CMA > > allocations. > > > > [1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/ > > [2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t > > [3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/ > > Thanks. > > > Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") > > So I'm thinking this fix should be backported into kernels which > contain 1507f51255c9, agree? Yes -- Sincerely yours, Mike.