Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST

[RFC v2 PATCH 00/13] KVM: mm: fd-based approach for supporting KVM guest private memory · Chao Peng <hidden> · 2021-11-19
[RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Chao Peng <hidden> · 2021-11-19
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · David Hildenbrand <hidden> · 2021-11-19
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Kirill A. Shutemov <hidden> · 2021-11-22
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Jason Gunthorpe <jgg@ziepe.ca> · 2021-11-19
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · David Hildenbrand <hidden> · 2021-11-19
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Jason Gunthorpe <jgg@ziepe.ca> · 2021-11-19
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · David Hildenbrand <hidden> · 2021-11-22
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Jason Gunthorpe <jgg@ziepe.ca> · 2021-11-22
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · David Hildenbrand <hidden> · 2021-11-22
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Jason Gunthorpe <jgg@ziepe.ca> · 2021-11-22
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · David Hildenbrand <hidden> · 2021-11-22
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Jason Gunthorpe <jgg@ziepe.ca> · 2021-11-22
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · David Hildenbrand <hidden> · 2021-11-22
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Sean Christopherson <seanjc@google.com> · 2021-11-19
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Jason Gunthorpe <jgg@ziepe.ca> · 2021-11-19
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Sean Christopherson <seanjc@google.com> · 2021-11-19
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Jason Gunthorpe <jgg@ziepe.ca> · 2021-11-19
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Sean Christopherson <seanjc@google.com> · 2021-11-20
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Jason Gunthorpe <jgg@ziepe.ca> · 2021-11-21
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Paolo Bonzini <pbonzini@redhat.com> · 2021-11-23
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Chao Peng <hidden> · 2021-11-23
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · David Hildenbrand <hidden> · 2021-11-23
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Jason Gunthorpe <jgg@ziepe.ca> · 2021-11-23
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Paolo Bonzini <hidden> · 2021-11-23
Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST · Andy Lutomirski <luto@kernel.org> · 2021-12-03
[RFC v2 PATCH 02/13] KVM: Add KVM_EXIT_MEMORY_ERROR exit · Chao Peng <hidden> · 2021-11-19
[RFC v2 PATCH 03/13] KVM: Extend kvm_userspace_memory_region to support fd based memslot · Chao Peng <hidden> · 2021-11-19
[RFC v2 PATCH 05/13] KVM: Implement fd-based memory using new memfd interfaces · Chao Peng <hidden> · 2021-11-19
[RFC v2 PATCH 04/13] KVM: Add fd-based memslot data structure and utils · Chao Peng <hidden> · 2021-11-19
Re: [RFC v2 PATCH 04/13] KVM: Add fd-based memslot data structure and utils · Paolo Bonzini <pbonzini@redhat.com> · 2021-11-23
Re: [RFC v2 PATCH 04/13] KVM: Add fd-based memslot data structure and utils · Chao Peng <hidden> · 2021-11-23
[RFC v2 PATCH 06/13] KVM: Register/unregister memfd backed memslot · Chao Peng <hidden> · 2021-11-19
Re: [RFC v2 PATCH 06/13] KVM: Register/unregister memfd backed memslot · Steven Price <steven.price@arm.com> · 2021-11-25
[RFC v2 PATCH 07/13] KVM: Handle page fault for fd based memslot · Chao Peng <hidden> · 2021-11-19
Re: [RFC v2 PATCH 07/13] KVM: Handle page fault for fd based memslot · Yao Yuan <hidden> · 2021-11-20
Re: [RFC v2 PATCH 07/13] KVM: Handle page fault for fd based memslot · Chao Peng <hidden> · 2021-11-22
[RFC v2 PATCH 08/13] KVM: Rename hva memory invalidation code to cover fd-based offset · Chao Peng <hidden> · 2021-11-19
[RFC v2 PATCH 09/13] KVM: Introduce kvm_memfd_invalidate_range · Chao Peng <hidden> · 2021-11-19
Re: [RFC v2 PATCH 09/13] KVM: Introduce kvm_memfd_invalidate_range · Paolo Bonzini <pbonzini@redhat.com> · 2021-11-23
Re: [RFC v2 PATCH 09/13] KVM: Introduce kvm_memfd_invalidate_range · Chao Peng <hidden> · 2021-11-23
[RFC v2 PATCH 10/13] KVM: Match inode for invalidation of fd-based slot · Chao Peng <hidden> · 2021-11-19
[RFC v2 PATCH 11/13] KVM: Add kvm_map_gfn_range · Chao Peng <hidden> · 2021-11-19
[RFC v2 PATCH 12/13] KVM: Introduce kvm_memfd_fallocate_range · Chao Peng <hidden> · 2021-11-19
[RFC v2 PATCH 13/13] KVM: Enable memfd based page invalidation/fallocate · Chao Peng <hidden> · 2021-11-19
Re: [RFC v2 PATCH 13/13] KVM: Enable memfd based page invalidation/fallocate · Kirill A. Shutemov <hidden> · 2021-11-22
Re: [RFC v2 PATCH 13/13] KVM: Enable memfd based page invalidation/fallocate · Chao Peng <hidden> · 2021-11-23
Re: [RFC v2 PATCH 13/13] KVM: Enable memfd based page invalidation/fallocate · Paolo Bonzini <pbonzini@redhat.com> · 2021-11-23
Re: [RFC v2 PATCH 13/13] KVM: Enable memfd based page invalidation/fallocate · Chao Peng <hidden> · 2021-11-23
Re: [RFC v2 PATCH 13/13] KVM: Enable memfd based page invalidation/fallocate · Paolo Bonzini <pbonzini@redhat.com> · 2021-11-23
Re: [RFC v2 PATCH 00/13] KVM: mm: fd-based approach for supporting KVM guest private memory · Andy Lutomirski <luto@kernel.org> · 2021-12-03

From: Andy Lutomirski <luto@kernel.org>
Date: 2021-12-03 01:11:08
Also in: linux-fsdevel, linux-mm, lkml, qemu-devel

On 11/19/21 05:47, Chao Peng wrote:

From: "Kirill A. Shutemov" <redacted>

The new seal type provides semantics required for KVM guest private
memory support. A file descriptor with the seal set is going to be used
as source of guest memory in confidential computing environments such as
Intel TDX and AMD SEV.

F_SEAL_GUEST can only be set on empty memfd. After the seal is set
userspace cannot read, write or mmap the memfd.

I don't have a strong objection here, but, given that you're only 
supporting it for memfd, would a memfd_create() flag be more 
straightforward?  If nothing else, it would avoid any possible locking 
issue.

I'm also very very slightly nervous about a situation in which one 
program sends a memfd to an untrusted other process and that process 
truncates the memfd and then F_SEAL_GUESTs it.  This could be mostly 
mitigated by also requiring that no other seals be set when F_SEAL_GUEST 
happens, but the alternative MFD_GUEST would eliminate this issue too.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help