Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1701290pxb; Wed, 9 Feb 2022 02:34:58 -0800 (PST) X-Google-Smtp-Source: ABdhPJyLEVnWbzpvfOdbx1HCWLlvQhc5rrY0X7q/YdvFaw8dmNBGTsG54H1v8+Wk3VEqn6Jjr0Ev X-Received: by 2002:a17:90a:9e5:: with SMTP id 92mr1818321pjo.128.1644402897936; Wed, 09 Feb 2022 02:34:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644402897; cv=none; d=google.com; s=arc-20160816; b=NtVDkPINZ5yRwMpiSzvy653Jl/tf9nHOtx0WRFJXeZTCMmt6YULSwc4hDCWKA6gS3/ sTbBBCmvvqZuQgAwjzFerjzHxyisjIKJjnBVIIPC2SNOWobP/YHdW4oJADDoZr6y3kGv 5XDPjAalb9CHDeb6vdojGgqmD0Tst7aSv8w7CxhMiI2HtALNw/vXJMnwthmk0dP+qJpy GbudjVGsyP+S/D4E0lWjoHTcWYsElQ0DXgKM+r56wtmDCVyRCAtzXE0cOXM57nDKL8k0 A4xICS3vVR07cDDksMGywBm524j7L7OW2FT5xzrwWMlyNUyMWc+02Sm5n+uxlxINHNg1 5hGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=7Eys4KNrM6O18sEaovXmnu/0v1wCDCBQdlCKq2t+Mpg=; b=pByrHpn+9j0AGjJB5DHSQYqOrpo8u3VT927wt5KrxeH069byRst9tOSc5ifmAbS0kH nbBiiu2anfSzWge5Ivtd3RHJEs2pR6czJfIU8D2vO1Le482phvp+/0p7rncBK8/lydVo 5qK1IcO8YqPAnU3LWelV0C5GyjNiMHMDCEUEPY06iulrkSXbD7w7sUZ+NeEAEUrlhwZ8 mHJaGaaxMWe4mD9M7O+EAQdHc/2JT3wMpkVC+sWY6SmQD3tWJOrh/T+p+kg/5EHYrFn4 luxIAHzINczUm2t0MK8iZgz4WfZk50QiMGkzP8njpeFzcgFNJKZhjGI++2ec5NyhnnUw mokQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DNuiUrZi; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id nr18si4297183pjb.164.2022.02.09.02.34.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 09 Feb 2022 02:34:57 -0800 (PST) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DNuiUrZi; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id A64D1E0A6221; Wed, 9 Feb 2022 01:22:55 -0800 (PST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1384806AbiBHSWf (ORCPT + 99 others); Tue, 8 Feb 2022 13:22:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235976AbiBHSWb (ORCPT ); Tue, 8 Feb 2022 13:22:31 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27CAFC061578; Tue, 8 Feb 2022 10:22:31 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id E1355B81CAA; Tue, 8 Feb 2022 18:22:29 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 93A23C004E1; Tue, 8 Feb 2022 18:22:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1644344548; bh=pbwoMFvbx4OzTTkyGFIGfJ12xlO6+bE4SbLdm1gW5I0=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=DNuiUrZiyZwnx2Zetr26GwhCvtD03/IVpLo3FpvdvheOmgnRQ5SYpGaYm+Tt7uSCB DNMr3SgUwAL7VlAzw2uF3oEX3Wq5S10qEgoTyDTnGB+be+NTkuRT5/OLFBEIvq2DvT fSEpMjSFRMvpJRMracavaaMy5fOna6tJw+zCiKVkNqwsV+eoYkh7G6+ClTVrFzkadr PFkVf1dyiiRN4XTIRu9GSzf5v2WddgxQ4JepSha8CpVS8dm0saZc9wIZnG4sYTbUuA 9XieRr9l5HYMJp/kMD/0xmCjHB96Q35e5J6cbaJxVLDo+YXYIhKqEEooynG8+zxmzx ua2MSdS8fgBxw== Date: Tue, 8 Feb 2022 20:22:05 +0200 From: Mike Rapoport To: David Hildenbrand Cc: Vlastimil Babka , Chao Peng , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, qemu-devel@nongnu.org, Paolo Bonzini , Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Yu Zhang , "Kirill A . Shutemov" , luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, Mike Rapoport Subject: Re: [PATCH v4 02/12] mm/memfd: Introduce MFD_INACCESSIBLE flag Message-ID: References: <20220118132121.31388-1-chao.p.peng@linux.intel.com> <20220118132121.31388-3-chao.p.peng@linux.intel.com> <25166513-3074-f3b9-12cc-420ba74f153e@suse.cz> <07aae6e7-4042-1c5c-a482-6ad3a34a3b07@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <07aae6e7-4042-1c5c-a482-6ad3a34a3b07@redhat.com> X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Feb 08, 2022 at 09:49:35AM +0100, David Hildenbrand wrote: > On 07.02.22 19:51, Vlastimil Babka wrote: > > On 1/18/22 14:21, Chao Peng wrote: > >> Introduce a new memfd_create() flag indicating the content of the > >> created memfd is inaccessible from userspace. It does this by force > >> setting F_SEAL_INACCESSIBLE seal when the file is created. It also set > >> F_SEAL_SEAL to prevent future sealing, which means, it can not coexist > >> with MFD_ALLOW_SEALING. > >> > >> The pages backed by such memfd will be used as guest private memory in > >> confidential computing environments such as Intel TDX/AMD SEV. Since > >> page migration/swapping is not yet supported for such usages so these > >> pages are currently marked as UNMOVABLE and UNEVICTABLE which makes > >> them behave like long-term pinned pages. > > > > Shouldn't the amount of such memory allocations be restricted? E.g. similar > > to secretmem_mmap() doing mlock_future_check(). Heh, for me it was easy, I had the VMA :) > I've raised this already in the past and Kirill wanted to look into it [1]. > > We'll most certainly need a way to limit/control the amount of > unswappable + unmovable ("worse than mlock" memory) a user/process can > consume via this mechanism. I think the accounting can be handled in notify_fallocate() and notify_invalidate_page(). > [1] https://lkml.kernel.org/r/20211122135933.arjxpl7wyskkwvwv@box.shutemov.name > > -- > Thanks, > > David / dhildenb -- Sincerely yours, Mike.