| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c8259ec7-e31d-4771-96f9-e2fb6b573e85@redhat.com>
Date: Thu, 25 Sep 2025 12:25:33 +0200
From: David Hildenbrand <david@...hat.com>
To: Patrick Roy <patrick.roy@...pus.lmu.de>
Cc: Patrick Roy <roypat@...zon.co.uk>, pbonzini@...hat.com, corbet@....net,
maz@...nel.org, oliver.upton@...ux.dev, joey.gouly@....com,
suzuki.poulose@....com, yuzenghui@...wei.com, catalin.marinas@....com,
will@...nel.org, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com, luto@...nel.org,
peterz@...radead.org, willy@...radead.org, akpm@...ux-foundation.org,
lorenzo.stoakes@...cle.com, Liam.Howlett@...cle.com, vbabka@...e.cz,
rppt@...nel.org, surenb@...gle.com, mhocko@...e.com, song@...nel.org,
jolsa@...nel.org, ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, eddyz87@...il.com, yonghong.song@...ux.dev,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...ichev.me,
haoluo@...gle.com, jgg@...pe.ca, jhubbard@...dia.com, peterx@...hat.com,
jannh@...gle.com, pfalcato@...e.de, shuah@...nel.org, seanjc@...gle.com,
kvm@...r.kernel.org, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
kvmarm@...ts.linux.dev, linux-fsdevel@...r.kernel.org, linux-mm@...ck.org,
bpf@...r.kernel.org, linux-kselftest@...r.kernel.org, xmarcalx@...zon.co.uk,
kalyazin@...zon.co.uk, jackabt@...zon.co.uk, derekmn@...zon.co.uk,
tabba@...gle.com, ackerleytng@...gle.com
Subject: Re: [PATCH v7 03/12] mm: introduce AS_NO_DIRECT_MAP
On 24.09.25 17:10, Patrick Roy wrote:
> From: Patrick Roy <roypat@...zon.co.uk>
>
> Add AS_NO_DIRECT_MAP for mappings where direct map entries of folios are
> set to not present . Currently, mappings that match this description are
> secretmem mappings (memfd_secret()). Later, some guest_memfd
> configurations will also fall into this category.
>
> Reject this new type of mappings in all locations that currently reject
> secretmem mappings, on the assumption that if secretmem mappings are
> rejected somewhere, it is precisely because of an inability to deal with
> folios without direct map entries, and then make memfd_secret() use
> AS_NO_DIRECT_MAP on its address_space to drop its special
> vma_is_secretmem()/secretmem_mapping() checks.
>
> This drops a optimization in gup_fast_folio_allowed() where
> secretmem_mapping() was only called if CONFIG_SECRETMEM=y. secretmem is
> enabled by default since commit b758fe6df50d ("mm/secretmem: make it on
> by default"), so the secretmem check did not actually end up elided in
> most cases anymore anyway.
>
> Use a new flag instead of overloading AS_INACCESSIBLE (which is already
> set by guest_memfd) because not all guest_memfd mappings will end up
> being direct map removed (e.g. in pKVM setups, parts of guest_memfd that
> can be mapped to userspace should also be GUP-able, and generally not
> have restrictions on who can access it).
>
> Acked-by: Mike Rapoport (Microsoft) <rppt@...nel.org>
> Signed-off-by: Patrick Roy <roypat@...zon.co.uk>
> ---
I enjoy seeing secretmem special-casing in common code go away.
[...]
>
> /*
> @@ -2763,18 +2761,10 @@ static bool gup_fast_folio_allowed(struct folio *folio, unsigned int flags)
> reject_file_backed = true;
>
> /* We hold a folio reference, so we can safely access folio fields. */
> -
> - /* secretmem folios are always order-0 folios. */
> - if (IS_ENABLED(CONFIG_SECRETMEM) && !folio_test_large(folio))
> - check_secretmem = true;
> -
> - if (!reject_file_backed && !check_secretmem)
> - return true;
> -
Losing that optimization is not too bad I guess.
Acked-by: David Hildenbrand <david@...hat.com>
--
Cheers
David / dhildenb
Powered by blists - more mailing lists