Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp690750rwb; Tue, 4 Oct 2022 09:17:50 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5jogAdstd6k+zckdYYyyy0RJ4YJfNY4NbLmTZJU5L5w+WXSZUQY32sEqrCTKDenAU0wgs8 X-Received: by 2002:a17:906:8473:b0:77b:efa8:50e4 with SMTP id hx19-20020a170906847300b0077befa850e4mr19543371ejc.250.1664900270445; Tue, 04 Oct 2022 09:17:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664900270; cv=none; d=google.com; s=arc-20160816; b=T6ZJw+AWBCNyzbrqGduvFEb3hpTLelHrcYKturCYOqop23qq0y0u3rmbayYPFC3PqI fPk5uVQxM3hQUOlyxjZU7Mk5hX2yIvbWU+3uW4wVpfLCIclKcnkegDG0CFLa6duZwq3b Xq/Bi/RkNdPIFK8sf4HeZOJQ8yHLFx6gW7EGKGOvvR8aBd3gxQVdJRNboCf4rBqwvPUM GudhPP7nj9twXIC48vMTQQUna/Tl2tKk3WmWLTzimQ1hgkXTaS9ehkAWzUFM+dINZk2I SOopAOwoLqYh0vaTUlOiIiuXaszdVGCR+lWoe8aUXtPy6/MpXmcLtgfudKo+k67E6AH/ y84Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=4t0N2bprBniMQRcB/3qFmooQSc3A7XC7fAMoxb8s4/g=; b=RTvFLzw9jNgKRqnsfMytsNgCyg62Xy10bOnJxHjZsuCuhXOY+GiiFArS2jqyi87Stz /J/F2dzjfhMXmkmX/5gU1T0a5VkWNmoGWNoCtaM8qyaHsYT1DxvFyx9fUetySVjuarly LfEvjRgTMQ+hGR6aSNO/NqXwNy2PEIob7+50KEqSQzz8jpp5GaB0VY5cm3QhQmQUPEB0 hlZ1J2p/mrDlEZo3zEgdXigwjiYLltG1Xl5TS4XijJiQpScqiueRak1YguzjqGt+SI+T d+hWbheW19zaxOn22u0800dM07UMF+/HlQ3uek2qovRo3JEf5wQU9pD/EFMBsm79S/PU /w0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=C32agy2U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cs14-20020a170906dc8e00b007824b85978asi10448773ejc.81.2022.10.04.09.17.24; Tue, 04 Oct 2022 09:17:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=C32agy2U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229668AbiJDPj7 (ORCPT + 99 others); Tue, 4 Oct 2022 11:39:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54380 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229509AbiJDPj5 (ORCPT ); Tue, 4 Oct 2022 11:39:57 -0400 Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5BCADFC8 for ; Tue, 4 Oct 2022 08:39:54 -0700 (PDT) Received: by mail-lf1-x12e.google.com with SMTP id bp15so8220182lfb.13 for ; Tue, 04 Oct 2022 08:39:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=4t0N2bprBniMQRcB/3qFmooQSc3A7XC7fAMoxb8s4/g=; b=C32agy2ULzvIFgr79jFj59nUVP8RorH8QzYqciN6EgVs+VNKdcz7q4CV/cJPDoLkap pVTwYnTBSzV/xbP8DR8g+Dr1SHKCjwbo4G9hBlXcZSlyQG6x3rI5yk5KP4hhxK51maiq GP4iRrKEtjAkaonVPyD30GbmgQGksw1icwsTsXjv/kNyrKGTYdP6fKKGZgSaiUqI3juO TyeWtPibkqaL2vZDx0wGOtu2LSjjCW1+OvOFPT1TJy4tZObbK3E+/gzHjnf3ezE02F3Y hBrNuVTSe81htxqDyxYC1pzaQL1kYbCggbjBGk/VdPqGw0kb39aLFZdyhvA2ugVE0H/d e/CQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=4t0N2bprBniMQRcB/3qFmooQSc3A7XC7fAMoxb8s4/g=; b=kap/qexmBBhG/rMcPlSmzzzuHOoWysq/OoHwSovnp7SEUf5rnXGW/E+wEEsJnvw5xu 783yyhMwEGLjOW0ZUYsBozR6JSX7JHqmFzBXLJJanTy07XhggdeaG+fk8q/NT63bTqWK bcU6+Hb4pR38XdbjpZVLn5g7giyT88StnBLsDqpUy1F/qEG7Oy9naxZFqcNB3LWqSL4p b4GiV0UvDnns1atZSO+6DvYdiBzt37zrYfN9a83u8HET3v03dGJJyWu7myaglIbKkFYh e3YMO/gIkzPlDXdN0IE+/vjEYvA1wkeNxKqdJzxJ9lsWanwB1I3W40WOOMqqqAIdfpON nWCw== X-Gm-Message-State: ACrzQf2ZLP3PXGvhh6GWp0qS/Q5CQBY5K40rYT9hI5Ahs4abU2hqqdVl ovVwDBhi/Kso+PEN2QaiKeiGlepGutFTYFvhZiN3ew== X-Received: by 2002:a05:6512:2392:b0:4a2:550a:e21d with SMTP id c18-20020a056512239200b004a2550ae21dmr1274483lfv.550.1664897992505; Tue, 04 Oct 2022 08:39:52 -0700 (PDT) MIME-Version: 1.0 References: <20220915142913.2213336-1-chao.p.peng@linux.intel.com> <20220915142913.2213336-2-chao.p.peng@linux.intel.com> <20220930162301.i226o523teuikygq@box.shutemov.name> <20221003110129.bbee7kawhw5ed745@box.shutemov.name> In-Reply-To: <20221003110129.bbee7kawhw5ed745@box.shutemov.name> From: Fuad Tabba Date: Tue, 4 Oct 2022 16:39:15 +0100 Message-ID: Subject: Re: [PATCH v8 1/8] mm/memfd: Introduce userspace inaccessible memfd To: "Kirill A. Shutemov" Cc: "Kirill A . Shutemov" , Chao Peng , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org, qemu-devel@nongnu.org, Paolo Bonzini , Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Shuah Khan , Mike Rapoport , Steven Price , "Maciej S . Szmigiero" , Vlastimil Babka , Vishal Annapurve , Yu Zhang , luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, david@redhat.com, aarcange@redhat.com, ddutile@redhat.com, dhildenb@redhat.com, Quentin Perret , Michael Roth , mhocko@suse.com, Muchun Song , wei.w.wang@intel.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Mon, Oct 3, 2022 at 12:01 PM Kirill A. Shutemov wrote: > > On Mon, Oct 03, 2022 at 08:33:13AM +0100, Fuad Tabba wrote: > > > I think it is "don't do that" category. inaccessible_register_notifier() > > > caller has to know what file it operates on, no? > > > > The thing is, you could oops the kernel from userspace. For that, all > > you have to do is a memfd_create without the MFD_INACCESSIBLE, > > followed by a KVM_SET_USER_MEMORY_REGION using that as the private_fd. > > I ran into this using my port of this patch series to arm64. > > My point is that it has to be handled on a different level. KVM has to > reject private_fd if it is now inaccessible. It should be trivial by > checking file->f_inode->i_sb->s_magic. Yes, that makes sense. Thanks, /fuad > -- > Kiryl Shutsemau / Kirill A. Shutemov