| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGtprH-5NWVVyEM63ou4XjG4JmF2VYNakoFkwFwNR1AnJmiDpA@mail.gmail.com> Date: Wed, 1 Oct 2025 15:13:42 -0700 From: Vishal Annapurve <vannapurve@...gle.com> To: Sean Christopherson <seanjc@...gle.com> Cc: Ackerley Tng <ackerleytng@...gle.com>, David Hildenbrand <david@...hat.com>, Patrick Roy <patrick.roy@...ux.dev>, Fuad Tabba <tabba@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>, Christian Borntraeger <borntraeger@...ux.ibm.com>, Janosch Frank <frankja@...ux.ibm.com>, Claudio Imbrenda <imbrenda@...ux.ibm.com>, kvm@...r.kernel.org, linux-kernel@...r.kernel.org, Nikita Kalyazin <kalyazin@...zon.co.uk>, shivankg@....com Subject: Re: [PATCH 1/6] KVM: guest_memfd: Add DEFAULT_SHARED flag, reject user page faults if not set On Wed, Oct 1, 2025 at 10:16 AM Sean Christopherson <seanjc@...gle.com> wrote: > > On Wed, Oct 01, 2025, Vishal Annapurve wrote: > > On Wed, Oct 1, 2025 at 9:15 AM Sean Christopherson <seanjc@...gle.com> wrote: > > > > > > On Wed, Oct 01, 2025, Vishal Annapurve wrote: > > > > On Mon, Sep 29, 2025 at 5:15 PM Sean Christopherson <seanjc@...gle.com> wrote: > > > > > > > > > > Oh! This got me looking at kvm_arch_supports_gmem_mmap() and thus > > > > > KVM_CAP_GUEST_MEMFD_MMAP. Two things: > > > > > > > > > > 1. We should change KVM_CAP_GUEST_MEMFD_MMAP into KVM_CAP_GUEST_MEMFD_FLAGS so > > > > > that we don't need to add a capability every time a new flag comes along, > > > > > and so that userspace can gather all flags in a single ioctl. If gmem ever > > > > > supports more than 32 flags, we'll need KVM_CAP_GUEST_MEMFD_FLAGS2, but > > > > > that's a non-issue relatively speaking. > > > > > > > > > > > > > Guest_memfd capabilities don't necessarily translate into flags, so ideally: > > > > 1) There should be two caps, KVM_CAP_GUEST_MEMFD_FLAGS and > > > > KVM_CAP_GUEST_MEMFD_CAPS. > > > > > > I'm not saying we can't have another GUEST_MEMFD capability or three, all I'm > > > saying is that for enumerating what flags can be passed to KVM_CREATE_GUEST_MEMFD, > > > KVM_CAP_GUEST_MEMFD_FLAGS is a better fit than a one-off KVM_CAP_GUEST_MEMFD_MMAP. > > > > Ah, ok. Then do you envision the guest_memfd caps to still be separate > > KVM caps per guest_memfd feature? > > Yes? No? It depends on the feature and the actual implementation. E.g. > KVM_CAP_IRQCHIP enumerates support for a whole pile of ioctls. I think I am confused. Is the proposal here as follows? * Use KVM_CAP_GUEST_MEMFD_FLAGS for features that map to guest_memfd creation flags. * Use KVM caps for guest_memfd features that don't map to any flags. I think in general it would be better to have a KVM cap for each feature irrespective of the flags as the feature may also need additional UAPIs like IOCTLs. I fail to see the benefits of KVM_CAP_GUEST_MEMFD_FLAGS over KVM_CAP_GUEST_MEMFD_MMAP: 1) It limits the possible values to 32 even though we could pass 64 flags to the original ioctl. 2) Userspace has to anyways assume the semantics of each bit position. 3) Userspace still has to check for caps for features that carry extra UAPI baggage. KVM_CAP_GUEST_MEMFD_MMAP allows userspace to assume that mmap is supported and userspace can just pass in the mmap flag that it anyways has to assume.
Powered by blists - more mailing lists