| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Feb 2023 00:41:15 +0000
From: Ackerley Tng <ackerleytng@...gle.com>
To: kvm@...r.kernel.org, linux-api@...r.kernel.org,
linux-arch@...r.kernel.org, linux-doc@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-mm@...ck.org, qemu-devel@...gnu.org
Cc: chao.p.peng@...ux.intel.com, aarcange@...hat.com,
ak@...ux.intel.com, akpm@...ux-foundation.org, arnd@...db.de,
bfields@...ldses.org, bp@...en8.de, corbet@....net,
dave.hansen@...el.com, david@...hat.com, ddutile@...hat.com,
dhildenb@...hat.com, hpa@...or.com, hughd@...gle.com,
jlayton@...nel.org, jmattson@...gle.com, joro@...tes.org,
jun.nakajima@...el.com, kirill.shutemov@...ux.intel.com,
linmiaohe@...wei.com, luto@...nel.org, mail@...iej.szmigiero.name,
mhocko@...e.com, michael.roth@....com, mingo@...hat.com,
naoya.horiguchi@....com, pbonzini@...hat.com, qperret@...gle.com,
rppt@...nel.org, seanjc@...gle.com, shuah@...nel.org,
steven.price@....com, tabba@...gle.com, tglx@...utronix.de,
vannapurve@...gle.com, vbabka@...e.cz, vkuznets@...hat.com,
wanpengli@...cent.com, wei.w.wang@...el.com, x86@...nel.org,
yu.c.zhang@...ux.intel.com, Ackerley Tng <ackerleytng@...gle.com>
Subject: [RFC PATCH 0/2] Providing mount for memfd_restricted() syscall
Hello,
This patchset builds upon the memfd_restricted() system call that has
been discussed in the ‘KVM: mm: fd-based approach for supporting KVM’
patch series, at
https://lore.kernel.org/lkml/20221202061347.1070246-1-chao.p.peng@linux.intel.com/T/#m7e944d7892afdd1d62a03a287bd488c56e377b0c
The tree can be found at:
https://github.com/googleprodkernel/linux-cc/tree/restrictedmem-provide-mount-path
In this patchset, a modification to the memfd_restricted() syscall is
proposed, which allows userspace to provide a mount, on which the file
will be created and returned from the memfd_restricted().
Allowing userspace to provide a mount allows userspace to control
various memory binding policies via tmpfs mount options, such as
Transparent HugePage memory allocation policy through
‘huge=always/never’ and NUMA memory allocation policy through
‘mpol=local/bind:*’.
Dependencies:
+ Sean’s iteration of the ‘KVM: mm: fd-based approach for supporting
KVM’ patch series at
https://github.com/sean-jc/linux/tree/x86/upm_base_support
+ Proposed fixes for these issues mentioned on the mailing list:
+ https://lore.kernel.org/lkml/diqzzga0fv96.fsf@ackerleytng-cloudtop-sg.c.googlers.com/
Future work/TODOs:
+ man page for the memfd_restricted() syscall
+ Support for per file Transparent HugePage allocation hints
+ Support for per file NUMA binding hints
Ackerley Tng (2):
mm: restrictedmem: Allow userspace to specify mount_path for
memfd_restricted
selftests: restrictedmem: Check hugepage-ness of shmem file backing
restrictedmem fd
include/linux/syscalls.h | 2 +-
include/uapi/linux/restrictedmem.h | 8 +
mm/restrictedmem.c | 63 +++-
tools/testing/selftests/Makefile | 1 +
.../selftests/restrictedmem/.gitignore | 3 +
.../testing/selftests/restrictedmem/Makefile | 14 +
.../testing/selftests/restrictedmem/common.c | 9 +
.../testing/selftests/restrictedmem/common.h | 8 +
.../restrictedmem_hugepage_test.c | 344 ++++++++++++++++++
9 files changed, 445 insertions(+), 7 deletions(-)
create mode 100644 include/uapi/linux/restrictedmem.h
create mode 100644 tools/testing/selftests/restrictedmem/.gitignore
create mode 100644 tools/testing/selftests/restrictedmem/Makefile
create mode 100644 tools/testing/selftests/restrictedmem/common.c
create mode 100644 tools/testing/selftests/restrictedmem/common.h
create mode 100644 tools/testing/selftests/restrictedmem/restrictedmem_hugepage_test.c
--
2.39.1.637.g21b0678d19-goog
Powered by blists - more mailing lists