Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp4072668pxb;
        Tue, 10 Nov 2020 07:19:28 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwY5w/QhdCOVB8W9yj08xoOyeKQGIkR9RowYoDVy6gMAad/YPX7HJdmPiyucNK9fnczF34P
X-Received: by 2002:a17:906:c18c:: with SMTP id g12mr20300620ejz.334.1605021567899;
        Tue, 10 Nov 2020 07:19:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1605021567; cv=none;
        d=google.com; s=arc-20160816;
        b=eAxj4CCGgpVRYSk2xms/4WCqOkvemstF4E+wmg1kbBNBQmiN6KiO0jS+B23pq49LQ5
         23COBwwpZAYGKtDZN/4pHf4+pmfLN79qkOeP89WKmh3BUlvzTO3z6T5yGfu/MJ0fDEE/
         AeJZpOTFVRBrDXNGNPtBrqwzaAVGoQ+Irt2icsly8pp2cIWNW0c/+QZ12+Bh9Zm07Mj6
         CYOnxxwtKBiF8/4wK/uEDbFJeL8BwHvfIBOl+F60wism/cOMafKiylJL9w0dv4nccK/Y
         P2bcOKIDlxhDH4Pp5GRjbOhcyg7H4mhW5fw5cSgmf/Ifwl0yH0Oy/Je4lSfbcRGlgdo+
         ZWfg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=WpiACzKZrBdgEID20lATRGED1HzONnz5zvDafey9Y00=;
        b=hurD9+P7oVz/E9HpewbBcJi2OTtl6LdcZ+Z1Xp5vAFpkOLqd5zaJFx/Rrb+woR8GOm
         iLbuLsqAkw48HPmB5Gbn4PKsSbXRkY7noBSql55eTrXxC/0OxmiUvWIbny7wrZ+vSzTz
         wgZm1vrhi+mLdrHnCNP63u0Ozb2EkpJSuZ9JjNhAM/EkM6J/aCANMqteuZxQFuOxMxfv
         Mk/qoiedxhycEZfFXOGHb19Lv2Tsaa5bLQ5VnuEiHDKjtIc7WIS0aQxCeNysiev7H/Zr
         oLllPWXddOwCbL/sDpU3cvd6Sh6Qsg1rjEkNxEOsDZcETXh3CyLDXg/KHvEvgf8PHIAG
         BDYg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=I1REZJg8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dp16si10606801ejc.635.2020.11.10.07.19.02;
        Tue, 10 Nov 2020 07:19:27 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=I1REZJg8;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732725AbgKJPQN (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Tue, 10 Nov 2020 10:16:13 -0500
Received: from mail.kernel.org ([198.145.29.99]:57604 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1731225AbgKJPQM (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 10 Nov 2020 10:16:12 -0500
Received: from aquarius.haifa.ibm.com (nesher1.haifa.il.ibm.com [195.110.40.7])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id D52AB20867;
        Tue, 10 Nov 2020 15:16:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1605021371;
        bh=bXQ08oQbJjd64ut71kAPSnjbNPgwVGbPO0b8KG4J3uk=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=I1REZJg8//jlAajYS7NrNWWqDzVBeT/zb1yzfhsjMV8XBYJ4XZG1kobIrZNjmAtqA
         ZxzK+caYHkU0QpXnJ1KGInxClCr5BksMdF76jlpq1kaX/tOrFgCs/7yYwcGdSG9cto
         EKF+M7jXrwqR+n8RYFsiJP66iH4G7si+wpPQCu80=
From:   Mike Rapoport <rppt@kernel.org>
To:     Andrew Morton <akpm@linux-foundation.org>
Cc:     Alexander Viro <viro@zeniv.linux.org.uk>,
        Andy Lutomirski <luto@kernel.org>,
        Arnd Bergmann <arnd@arndb.de>, Borislav Petkov <bp@alien8.de>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Christopher Lameter <cl@linux.com>,
        Dan Williams <dan.j.williams@intel.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        David Hildenbrand <david@redhat.com>,
        Elena Reshetova <elena.reshetova@intel.com>,
        "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
        James Bottomley <jejb@linux.ibm.com>,
        "Kirill A. Shutemov" <kirill@shutemov.name>,
        Matthew Wilcox <willy@infradead.org>,
        Mark Rutland <mark.rutland@arm.com>,
        Mike Rapoport <rppt@linux.ibm.com>,
        Mike Rapoport <rppt@kernel.org>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Palmer Dabbelt <palmer@dabbelt.com>,
        Paul Walmsley <paul.walmsley@sifive.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Rick Edgecombe <rick.p.edgecombe@intel.com>,
        Shuah Khan <shuah@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Tycho Andersen <tycho@tycho.ws>, Will Deacon <will@kernel.org>,
        linux-api@vger.kernel.org, linux-arch@vger.kernel.org,
        linux-arm-kernel@lists.infradead.org,
        linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
        linux-nvdimm@lists.01.org, linux-riscv@lists.infradead.org,
        x86@kernel.org
Subject: [PATCH v8 7/9] PM: hibernate: disable when there are active secretmem users
Date:   Tue, 10 Nov 2020 17:14:42 +0200
Message-Id: <20201110151444.20662-8-rppt@kernel.org>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20201110151444.20662-1-rppt@kernel.org>
References: <20201110151444.20662-1-rppt@kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Mike Rapoport <rppt@linux.ibm.com>

It is unsafe to allow saving of secretmem areas to the hibernation snapshot
as they would be visible after the resume and this essentially will defeat
the purpose of secret memory mappings.

Prevent hibernation whenever there are active secret memory users.

Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
---
 include/linux/secretmem.h |  6 ++++++
 kernel/power/hibernate.c  |  5 ++++-
 mm/secretmem.c            | 16 ++++++++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h
index 70e7db9f94fe..907a6734059c 100644
--- a/include/linux/secretmem.h
+++ b/include/linux/secretmem.h
@@ -6,6 +6,7 @@
 
 bool vma_is_secretmem(struct vm_area_struct *vma);
 bool page_is_secretmem(struct page *page);
+bool secretmem_active(void);
 
 #else
 
@@ -19,6 +20,11 @@ static inline bool page_is_secretmem(struct page *page)
 	return false;
 }
 
+static inline bool secretmem_active(void)
+{
+	return false;
+}
+
 #endif /* CONFIG_SECRETMEM */
 
 #endif /* _LINUX_SECRETMEM_H */
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index da0b41914177..559acef3fddb 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -31,6 +31,7 @@
 #include <linux/genhd.h>
 #include <linux/ktime.h>
 #include <linux/security.h>
+#include <linux/secretmem.h>
 #include <trace/events/power.h>
 
 #include "power.h"
@@ -81,7 +82,9 @@ void hibernate_release(void)
 
 bool hibernation_available(void)
 {
-	return nohibernate == 0 && !security_locked_down(LOCKDOWN_HIBERNATION);
+	return nohibernate == 0 &&
+		!security_locked_down(LOCKDOWN_HIBERNATION) &&
+		!secretmem_active();
 }
 
 /**
diff --git a/mm/secretmem.c b/mm/secretmem.c
index 1eb7667016fa..5ed6b2070136 100644
--- a/mm/secretmem.c
+++ b/mm/secretmem.c
@@ -50,6 +50,13 @@ struct secretmem_ctx {
 
 static struct cma *secretmem_cma;
 
+static atomic_t secretmem_users;
+
+bool secretmem_active(void)
+{
+	return !!atomic_read(&secretmem_users);
+}
+
 static int secretmem_memcg_charge(struct page *page, gfp_t gfp, int order)
 {
 	unsigned long nr_pages = (1 << order);
@@ -189,6 +196,12 @@ static const struct vm_operations_struct secretmem_vm_ops = {
 	.fault = secretmem_fault,
 };
 
+static int secretmem_release(struct inode *inode, struct file *file)
+{
+	atomic_dec(&secretmem_users);
+	return 0;
+}
+
 static int secretmem_mmap(struct file *file, struct vm_area_struct *vma)
 {
 	struct secretmem_ctx *ctx = file->private_data;
@@ -214,7 +227,9 @@ bool vma_is_secretmem(struct vm_area_struct *vma)
 	return vma->vm_ops == &secretmem_vm_ops;
 }
 
+
 const struct file_operations secretmem_fops = {
+	.release	= secretmem_release,
 	.mmap		= secretmem_mmap,
 };
 
@@ -332,6 +347,7 @@ SYSCALL_DEFINE1(memfd_secret, unsigned long, flags)
 	file->f_flags |= O_LARGEFILE;
 
 	fd_install(fd, file);
+	atomic_inc(&secretmem_users);
 	return fd;
 
 err_put_fd:
-- 
2.28.0