lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Feb 2022 20:22:05 +0200 From: Mike Rapoport <rppt@...nel.org> To: David Hildenbrand <david@...hat.com> Cc: Vlastimil Babka <vbabka@...e.cz>, Chao Peng <chao.p.peng@...ux.intel.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, linux-fsdevel@...r.kernel.org, qemu-devel@...gnu.org, Paolo Bonzini <pbonzini@...hat.com>, Jonathan Corbet <corbet@....net>, Sean Christopherson <seanjc@...gle.com>, Vitaly Kuznetsov <vkuznets@...hat.com>, Wanpeng Li <wanpengli@...cent.com>, Jim Mattson <jmattson@...gle.com>, Joerg Roedel <joro@...tes.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>, x86@...nel.org, "H . Peter Anvin" <hpa@...or.com>, Hugh Dickins <hughd@...gle.com>, Jeff Layton <jlayton@...nel.org>, "J . Bruce Fields" <bfields@...ldses.org>, Andrew Morton <akpm@...ux-foundation.org>, Yu Zhang <yu.c.zhang@...ux.intel.com>, "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>, luto@...nel.org, jun.nakajima@...el.com, dave.hansen@...el.com, ak@...ux.intel.com, Mike Rapoport <rppt@...ux.ibm.com> Subject: Re: [PATCH v4 02/12] mm/memfd: Introduce MFD_INACCESSIBLE flag On Tue, Feb 08, 2022 at 09:49:35AM +0100, David Hildenbrand wrote: > On 07.02.22 19:51, Vlastimil Babka wrote: > > On 1/18/22 14:21, Chao Peng wrote: > >> Introduce a new memfd_create() flag indicating the content of the > >> created memfd is inaccessible from userspace. It does this by force > >> setting F_SEAL_INACCESSIBLE seal when the file is created. It also set > >> F_SEAL_SEAL to prevent future sealing, which means, it can not coexist > >> with MFD_ALLOW_SEALING. > >> > >> The pages backed by such memfd will be used as guest private memory in > >> confidential computing environments such as Intel TDX/AMD SEV. Since > >> page migration/swapping is not yet supported for such usages so these > >> pages are currently marked as UNMOVABLE and UNEVICTABLE which makes > >> them behave like long-term pinned pages. > > > > Shouldn't the amount of such memory allocations be restricted? E.g. similar > > to secretmem_mmap() doing mlock_future_check(). Heh, for me it was easy, I had the VMA :) > I've raised this already in the past and Kirill wanted to look into it [1]. > > We'll most certainly need a way to limit/control the amount of > unswappable + unmovable ("worse than mlock" memory) a user/process can > consume via this mechanism. I think the accounting can be handled in notify_fallocate() and notify_invalidate_page(). > [1] https://lkml.kernel.org/r/20211122135933.arjxpl7wyskkwvwv@box.shutemov.name > > -- > Thanks, > > David / dhildenb -- Sincerely yours, Mike.
Powered by blists - more mailing lists