Received: by 2002:a05:7412:37c9:b0:e2:908c:2ebd with SMTP id jz9csp444384rdb; Mon, 18 Sep 2023 23:11:18 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFW97gf5U6ca8OMMeHnpKaHgS2Ml8vY6RnCjzB5clD2WpA1a4RkuiFv51cDL92xlklmVwPK X-Received: by 2002:a9d:77c9:0:b0:6b9:e3b0:1433 with SMTP id w9-20020a9d77c9000000b006b9e3b01433mr12535395otl.37.1695103877791; Mon, 18 Sep 2023 23:11:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695103877; cv=none; d=google.com; s=arc-20160816; b=qgWQtCmutLWpz+O8VGF0jjBLTMK+do8t/CnFESOkecWmRXYC8GaKofG5PxabXwmupT sN9WgGJNjbPc0eo4b0jth8VDJIGc3iISLVdmCqUYOQE3vSNttcgIOQzTLrIyeuUttlYh sY/d/gLMBf3uEDAxTkRbObTyFXpvfSWcXC/dYHgpMuWlA93ZomposNCk9O8WsDL3n+SF VMUQ9R/DHr/sH/9vmtnjYqhEBQRgLnKpv25guEjxcgsMoMJQs4HamUZ0VmglL8VJKaXb wKsI6iIN7DXDK+NT4XpL4Jrw3sPPiqAIAZ7Id33oLPfIEOTb1KfHC8Wpvt54D435z3Y4 z7Zg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=KrJg2aRiBmVWOilT8MlBnMLrltQ0SE0OPhktT/W7MPw=; fh=oY7QtL+vUBsDe1yGefXJJ8iKXFqnAUA39odLlwOmuiM=; b=Xz/uplz3QnEplR+A77QquiJAIWivXDFEBGgsv+EgZ1RUin7/5HcR5mS0eaxOXDgQn4 FBEY/+7ngS5Ief/oS2JhZHjRfTCQD3JNMIeMSVu9pC5NOiu5LQ9ETaOJdHF0f/yP1hys v9DfViZw/dKLsNuwHG8zGI4sA8R7bErYG9oumNo5UlNIJALhJUsADBm+q+3LUhGSBT7s NN8Tb2Kl+bGi3nM00v9peZfI+SF5SW1ECdJwnQU7pbCfDK1iMMPSeJbErM+fMRl+Tw8T Y67wqw4RBUFXlajCOKXuDOycOX9hhD+1Mr9iyOeySy/PWHUHV3WCa5JWT6IVkHJFpLlE QyxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=nFj+rUyZ; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id z8-20020a633308000000b00574092cdfedsi9166691pgz.808.2023.09.18.23.11.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 18 Sep 2023 23:11:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=nFj+rUyZ; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 0A1358049D66; Mon, 18 Sep 2023 17:17:29 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230346AbjISARZ (ORCPT + 99 others); Mon, 18 Sep 2023 20:17:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53434 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230295AbjISARY (ORCPT ); Mon, 18 Sep 2023 20:17:24 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [193.142.43.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 80C7B10A; Mon, 18 Sep 2023 17:17:18 -0700 (PDT) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1695082636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=KrJg2aRiBmVWOilT8MlBnMLrltQ0SE0OPhktT/W7MPw=; b=nFj+rUyZJbP1kkp/ES1/T6W9lRbX5HKzTav6N3kzUUxBSDBASRn7EB6ANyBkBOenRccXBG bK7iJrOeYTpfqOY/CiqSjBGsf/+6GeGjTFtwXs59ar7/cAu2ZVI8veSSwtkJaCFjiCauLW 0bjgs/Z1On3LgQMmBJagUz2awqvWO+rg/Gj4UuaRaX5LGWXTSoKEXrnErmSmaB7Yuy+DbP bDMRs9M5RXiGljRtY5TYgNYJqHaBqL7gojfqb2vclC/tOHVulTD2urJwgGPcPViKgY4E6v X7JjHJbHEJpJJUJPC1wHFvtYA0BgCXYD5ZC4KBtNw9kH8fdRWhl6d6kwyQQWrQ== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1695082636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=KrJg2aRiBmVWOilT8MlBnMLrltQ0SE0OPhktT/W7MPw=; b=9BWThgoHlhPwOVuV2mZoRpDwWcPARMCwbmk18qgjjKy6t181pUd67vbj33Mr4PMSijJ9n9 MnxLU4KrsbTVYZDQ== To: Gregory Price , linux-mm@vger.kernel.org Cc: linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, linux-cxl@vger.kernel.org, luto@kernel.org, mingo@redhat.com, bp@alien8.de, dave.hansen@linux.intel.com, hpa@zytor.com, arnd@arndb.de, akpm@linux-foundation.org, x86@kernel.org, Gregory Price Subject: Re: [RFC PATCH 3/3] mm/migrate: Create move_phys_pages syscall In-Reply-To: <20230907075453.350554-4-gregory.price@memverge.com> References: <20230907075453.350554-1-gregory.price@memverge.com> <20230907075453.350554-4-gregory.price@memverge.com> Date: Tue, 19 Sep 2023 02:17:15 +0200 Message-ID: <877conxbhw.ffs@tglx> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Mon, 18 Sep 2023 17:17:30 -0700 (PDT) On Thu, Sep 07 2023 at 03:54, Gregory Price wrote: > Similar to the move_pages system call, instead of taking a pid and > list of virtual addresses, this system call takes a list of physical > addresses. Silly question. Where are these physical addresses coming from? In my naive understanding user space deals with virtual addresses for a reason. Exposing access to physical addresses is definitely helpful to write more powerful exploits, so what are the restriction applied to this? > +/* > + * Move a list of pages in the address space of the currently executing > + * process. > + */ > +static int kernel_move_phys_pages(unsigned long nr_pages, > + const void __user * __user *pages, > + const int __user *nodes, > + int __user *status, int flags) > +{ > + int err; > + nodemask_t target_nodes; > + > + /* Check flags */ Documeting the obvious ... > + if (flags & ~(MPOL_MF_MOVE|MPOL_MF_MOVE_ALL)) > + return -EINVAL; > + > + if ((flags & MPOL_MF_MOVE_ALL) && !capable(CAP_SYS_NICE)) > + return -EPERM; According to this logic here MPOL_MF_MOVE is unrestricted, right? But how is an unpriviledged process knowing which physical address the pages have? Confused.... > + /* All tasks mapping each page is checked in phys_page_migratable */ > + nodes_setall(target_nodes); How is the comment related to nodes_setall() and why is nodes_setall() unconditional when target_nodes is only used in the @nodes != NULL case? > + if (nodes) > + err = do_pages_move(NULL, target_nodes, nr_pages, pages, > + nodes, status, flags); > + else > + err = do_pages_stat(NULL, nr_pages, pages, status); Thanks, tglx