From: Vlastimil Babka <vbabka@suse.cz>
To: Michael Roth <michael.roth@amd.com>, kvm@vger.kernel.org
Cc: linux-coco@lists.linux.dev, Paolo Bonzini <pbonzini@redhat.com>,
Sean Christopherson <seanjc@google.com>,
Isaku Yamahata <isaku.yamahata@linux.intel.com>,
Xu Yilun <yilun.xu@linux.intel.com>,
Binbin Wu <binbin.wu@linux.intel.com>,
Xiaoyao Li <xiaoyao.li@intel.com>,
Matthew Wilcox <willy@infradead.org>
Subject: Re: [PATCH gmem 4/6] mm: Introduce AS_INACCESSIBLE for encrypted/confidential memory
Date: Mon, 15 Apr 2024 15:19:37 +0200 [thread overview]
Message-ID: <804e4ee3-b9f0-4890-9945-db20831745b8@suse.cz> (raw)
In-Reply-To: <20240329212444.395559-5-michael.roth@amd.com>
On 3/29/24 10:24 PM, Michael Roth wrote:
> filemap users like guest_memfd may use page cache pages to
> allocate/manage memory that is only intended to be accessed by guests
> via hardware protections like encryption. Writes to memory of this sort
> in common paths like truncation may cause unexpected behavior such
> writing garbage instead of zeros when attempting to zero pages, or
> worse, triggering hardware protections that are considered fatal as far
> as the kernel is concerned.
>
> Introduce a new address_space flag, AS_INACCESSIBLE, and use this
> initially to prevent zero'ing of pages during truncation, with the
> understanding that it is up to the owner of the mapping to handle this
> specially if needed.
>
> Link: https://lore.kernel.org/lkml/ZR9LYhpxTaTk6PJX@google.com/
> Cc: Matthew Wilcox <willy@infradead.org>
> Suggested-by: Sean Christopherson <seanjc@google.com>
> Signed-off-by: Michael Roth <michael.roth@amd.com>
Hm somehow it seems like a rather blunt solution to a fairly specific issue
on one hand, and on the other hand I'm not sure whether there are other
places (not yet triggered) that should now take into account the flag to
keep its promise. But as long as it gets the job done, and can be replaced
later with something better...
Acked-by: Vlastimil Babka <vbabka@suse.cz>
> ---
> include/linux/pagemap.h | 1 +
> mm/truncate.c | 3 ++-
> 2 files changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h
> index e8ac0b32f84d..a7c3f43d1d22 100644
> --- a/include/linux/pagemap.h
> +++ b/include/linux/pagemap.h
> @@ -207,6 +207,7 @@ enum mapping_flags {
> AS_STABLE_WRITES, /* must wait for writeback before modifying
> folio contents */
> AS_UNMOVABLE, /* The mapping cannot be moved, ever */
> + AS_INACCESSIBLE, /* Do not attempt direct R/W access to the mapping */
> };
>
> /**
> diff --git a/mm/truncate.c b/mm/truncate.c
> index 725b150e47ac..c501338c7ebd 100644
> --- a/mm/truncate.c
> +++ b/mm/truncate.c
> @@ -233,7 +233,8 @@ bool truncate_inode_partial_folio(struct folio *folio, loff_t start, loff_t end)
> * doing a complex calculation here, and then doing the zeroing
> * anyway if the page split fails.
> */
> - folio_zero_range(folio, offset, length);
> + if (!(folio->mapping->flags & AS_INACCESSIBLE))
> + folio_zero_range(folio, offset, length);
>
> if (folio_has_private(folio))
> folio_invalidate(folio, offset, length);
next prev parent reply other threads:[~2024-04-15 13:19 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-29 21:24 [PATCH gmem 0/6] gmem fix-ups and interfaces for populating gmem pages Michael Roth
2024-03-29 21:24 ` [PATCH gmem 1/6] KVM: guest_memfd: Fix stub for kvm_gmem_get_uninit_pfn() Michael Roth
2024-03-29 21:24 ` [PATCH gmem 2/6] KVM: guest_memfd: Only call kvm_arch_gmem_prepare hook if necessary Michael Roth
2024-04-01 5:06 ` Binbin Wu
2024-04-02 21:50 ` Isaku Yamahata
2024-03-29 21:24 ` [PATCH gmem 3/6] KVM: x86: Pass private/shared fault indicator to gmem_validate_fault Michael Roth
2024-03-29 21:24 ` [PATCH gmem 4/6] mm: Introduce AS_INACCESSIBLE for encrypted/confidential memory Michael Roth
2024-04-15 13:19 ` Vlastimil Babka [this message]
2024-03-29 21:24 ` [PATCH gmem 5/6] KVM: guest_memfd: Use AS_INACCESSIBLE when creating guest_memfd inode Michael Roth
2024-04-15 13:21 ` Vlastimil Babka
2024-03-29 21:24 ` [PATCH gmem 6/6] KVM: guest_memfd: Add interface for populating gmem pages with user data Michael Roth
2024-04-15 13:36 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=804e4ee3-b9f0-4890-9945-db20831745b8@suse.cz \
--to=vbabka@suse.cz \
--cc=binbin.wu@linux.intel.com \
--cc=isaku.yamahata@linux.intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=willy@infradead.org \
--cc=xiaoyao.li@intel.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).