From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75D18C433EF for ; Thu, 21 Jul 2022 11:01:56 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 82B238E0002; Thu, 21 Jul 2022 07:01:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7B43C8E0001; Thu, 21 Jul 2022 07:01:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 630038E0002; Thu, 21 Jul 2022 07:01:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 4E0128E0001 for ; Thu, 21 Jul 2022 07:01:45 -0400 (EDT) Received: from smtpin31.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 0503D1C623C for ; Thu, 21 Jul 2022 09:44:18 +0000 (UTC) X-FDA: 79710621438.31.771ADF8 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf14.hostedemail.com (Postfix) with ESMTP id 683C4100014 for ; Thu, 21 Jul 2022 09:44:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1658396657; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DO1aaB3+Ryi/v9YoRM2rpcbD7ftKevyNrI/tAjdvyKQ=; b=eYfKWylvfuGeSN7Esr1yNZ75LDhs1vWK9VCZ6plw6mWmextrYI0r64QOl+pyK7skVNNWCP zV2aWD9EJ28x9lpv8matsqwKSMHjpfflUdnffjIg2v4HcCKDbzKn32HTB57C18BS/yDSc7 +I0GLSOs6RJiRPMaSVZ4clcHVPwY4LE= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-507-nQY1V6lQP5OSqu1MxzM3yQ-1; Thu, 21 Jul 2022 05:44:16 -0400 X-MC-Unique: nQY1V6lQP5OSqu1MxzM3yQ-1 Received: by mail-wm1-f70.google.com with SMTP id h189-20020a1c21c6000000b003a2fdf9bd2aso760173wmh.8 for ; Thu, 21 Jul 2022 02:44:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:organization:in-reply-to :content-transfer-encoding; bh=DO1aaB3+Ryi/v9YoRM2rpcbD7ftKevyNrI/tAjdvyKQ=; b=nnxVzJ5qJxeVYuTkqQWRytTPIrKBinzuDG1s4NANbaTIT/spfe3U1M3Ib5fOWa3qM8 Ye1gBsps0kb2UqjrJL4F0SCS5gYRshwNKnxAQk76L741TaG+Lgd3kfuitdqQPZlN5H3N rB4w5RjfzZPbzsTyS33dO8C2kRIL0oydkAuS0zKFkr/bq6yH/t8J0GjmZFOc7RI2SCGZ xd2OJFbdj2zNce6OJC0BhxCl7B8EsOqIZHjrOAFTH0KLXgocpc+ouD/qN2Yw2hyqjU0I yl+7vnNMEJkomnvgPyPQdzZwkaQ3ArgvMPupI0YfKjQvJRXfSwza5WRWq/vxrF1Gm2Ji G9tA== X-Gm-Message-State: AJIora/axl+g7m1wjM1q/TbvYzpyhoqnt2AXEZbS3J1+nS+hqj/6fW7o SCx069i7SnA02GSlH1V0ZHfpxUmJOQBG1zpAKyQxw4/EioRFj5BhaOv1zx7ZoqddfrZWns7YIO4 OuzSKsxrZaEA= X-Received: by 2002:adf:f70c:0:b0:21e:492c:34ae with SMTP id r12-20020adff70c000000b0021e492c34aemr5793553wrp.482.1658396655096; Thu, 21 Jul 2022 02:44:15 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sVdrY1ryXQTKjciP6+YD6dSto/SyNrNllZQ6zlLoQwsdperSLs8uCpuTc1KPqklo41+2oqvA== X-Received: by 2002:adf:f70c:0:b0:21e:492c:34ae with SMTP id r12-20020adff70c000000b0021e492c34aemr5793481wrp.482.1658396654459; Thu, 21 Jul 2022 02:44:14 -0700 (PDT) Received: from ?IPV6:2003:cb:c707:e000:25d3:15fa:4c8b:7e8d? (p200300cbc707e00025d315fa4c8b7e8d.dip0.t-ipconnect.de. [2003:cb:c707:e000:25d3:15fa:4c8b:7e8d]) by smtp.gmail.com with ESMTPSA id b18-20020adff912000000b0021d65675583sm1340859wrr.52.2022.07.21.02.44.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 21 Jul 2022 02:44:13 -0700 (PDT) Message-ID: Date: Thu, 21 Jul 2022 11:44:11 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH v7 01/14] mm: Add F_SEAL_AUTO_ALLOCATE seal to memfd To: Chao Peng , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org, linux-doc@vger.kernel.org, qemu-devel@nongnu.org, linux-kselftest@vger.kernel.org Cc: Paolo Bonzini , Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Shuah Khan , Mike Rapoport , Steven Price , "Maciej S . Szmigiero" , Vlastimil Babka , Vishal Annapurve , Yu Zhang , "Kirill A . Shutemov" , luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com, aarcange@redhat.com, ddutile@redhat.com, dhildenb@redhat.com, Quentin Perret , Michael Roth , mhocko@suse.com, Muchun Song References: <20220706082016.2603916-1-chao.p.peng@linux.intel.com> <20220706082016.2603916-2-chao.p.peng@linux.intel.com> From: David Hildenbrand Organization: Red Hat In-Reply-To: <20220706082016.2603916-2-chao.p.peng@linux.intel.com> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1658396658; a=rsa-sha256; cv=none; b=bAw498ADhU6H0keRMysA1mHVii7DKWESF6jR6wFwgI7xCsRf7JN2yO7A9tDKPQXgUtiPz+ vrpmvWt4PiNTWoj27SinhjFzSgV00PJ+OiWWhftiSpTGoSrwZ8qYw6cKam5/pemBuKFKN7 z67XhYmK8raxIExn/wNfwkFw2ydprpU= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=eYfKWylv; dmarc=pass (policy=none) header.from=redhat.com; spf=none (imf14.hostedemail.com: domain of david@redhat.com has no SPF policy when checking 170.10.129.124) smtp.mailfrom=david@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1658396658; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DO1aaB3+Ryi/v9YoRM2rpcbD7ftKevyNrI/tAjdvyKQ=; b=Y4UwBlrOG8ki2gRioMrHuAclu/pHlN4+UTVGmARs2hcm3DIhlw+AQBatmJoouwfRz3heBR tkV412nh8Qc7pWqzqOJ1LBC2kOwc9fN3pP+tECRIqF3s4f9G1nF/HEzamvLQPnfEhP3O1y 7DHnYAV4um2nesEuuLIZYqYtremEK88= X-Rspam-User: Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=eYfKWylv; dmarc=pass (policy=none) header.from=redhat.com; spf=none (imf14.hostedemail.com: domain of david@redhat.com has no SPF policy when checking 170.10.129.124) smtp.mailfrom=david@redhat.com X-Stat-Signature: 3kx564dfxr83bp5xitfydp9kzp981go6 X-Rspamd-Queue-Id: 683C4100014 X-Rspamd-Server: rspam02 X-HE-Tag: 1658396658-487980 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 06.07.22 10:20, Chao Peng wrote: > Normally, a write to unallocated space of a file or the hole of a sparse > file automatically causes space allocation, for memfd, this equals to > memory allocation. This new seal prevents such automatically allocating, > either this is from a direct write() or a write on the previously > mmap-ed area. The seal does not prevent fallocate() so an explicit > fallocate() can still cause allocating and can be used to reserve > memory. > > This is used to prevent unintentional allocation from userspace on a > stray or careless write and any intentional allocation should use an > explicit fallocate(). One of the main usecases is to avoid memory double > allocation for confidential computing usage where we use two memfds to > back guest memory and at a single point only one memfd is alive and we > want to prevent memory allocation for the other memfd which may have > been mmap-ed previously. More discussion can be found at: > > https://lkml.org/lkml/2022/6/14/1255 > > Suggested-by: Sean Christopherson > Signed-off-by: Chao Peng > --- > include/uapi/linux/fcntl.h | 1 + > mm/memfd.c | 3 ++- > mm/shmem.c | 16 ++++++++++++++-- > 3 files changed, 17 insertions(+), 3 deletions(-) > > diff --git a/include/uapi/linux/fcntl.h b/include/uapi/linux/fcntl.h > index 2f86b2ad6d7e..98bdabc8e309 100644 > --- a/include/uapi/linux/fcntl.h > +++ b/include/uapi/linux/fcntl.h > @@ -43,6 +43,7 @@ > #define F_SEAL_GROW 0x0004 /* prevent file from growing */ > #define F_SEAL_WRITE 0x0008 /* prevent writes */ > #define F_SEAL_FUTURE_WRITE 0x0010 /* prevent future writes while mapped */ > +#define F_SEAL_AUTO_ALLOCATE 0x0020 /* prevent allocation for writes */ Why only "on writes" and not "on reads". IIRC, shmem doesn't support the shared zeropage, so you'll simply allocate a new page via read() or on read faults. Also, I *think* you can place pages via userfaultfd into shmem. Not sure if that would count "auto alloc", but it would certainly bypass fallocate(). -- Thanks, David / dhildenb