From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 581D6C25B08
	for <linux-mm@archiver.kernel.org>; Wed, 10 Aug 2022 09:42:41 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id C973C8E0003; Wed, 10 Aug 2022 05:42:40 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id C1FD18E0001; Wed, 10 Aug 2022 05:42:40 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A999F8E0003; Wed, 10 Aug 2022 05:42:40 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 9B32B8E0001
	for <linux-mm@kvack.org>; Wed, 10 Aug 2022 05:42:40 -0400 (EDT)
Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id 7255E1C5D40
	for <linux-mm@kvack.org>; Wed, 10 Aug 2022 09:42:40 +0000 (UTC)
X-FDA: 79783193280.30.14F2366
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
	by imf01.hostedemail.com (Postfix) with ESMTP id 2156C40187
	for <linux-mm@kvack.org>; Wed, 10 Aug 2022 09:42:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1660124559; x=1691660559;
  h=date:from:to:cc:subject:message-id:reply-to:references:
   mime-version:in-reply-to;
  bh=qA0d1ma9sBVaq90sMThImxJYL3jWm10WlrkDB0bRLLI=;
  b=L/R/CS5qgf6Tm84tNDO8XHOQJ8Mrqs9gj/gARTMZgXDa7S2s+HldipPF
   t8suRQ9WC1zYaSG9lBUMXLbJ6C/uWIw50TBlyY7zuQNx4OsLUILxBq+eu
   74T9qsp34O6j+qYpWnGpQ00u0Sv6jWEXmAKXKv/mNtED31Cx6JaJNmlXF
   md9j0dIrDyygWif6y2NF0+9Ml7eESBTJ4gUgLQY+qYlzNIfYuAFC5Hs8T
   zRtANid17UT8JsG12IQI+X5IGXBl5otjaSTgVbs6ABf6TUef85HMRvoPE
   uTGhYRBkO67eBJuf6SB/DijfxLYhdE36fEy75ER36YfnafednavvINDDf
   g==;
X-IronPort-AV: E=McAfee;i="6400,9594,10434"; a="289798007"
X-IronPort-AV: E=Sophos;i="5.93,227,1654585200"; 
   d="scan'208";a="289798007"
Received: from orsmga007.jf.intel.com ([10.7.209.58])
  by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 10 Aug 2022 02:42:37 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.93,227,1654585200"; 
   d="scan'208";a="601757337"
Received: from chaop.bj.intel.com (HELO localhost) ([10.240.193.75])
  by orsmga007.jf.intel.com with ESMTP; 10 Aug 2022 02:42:27 -0700
Date: Wed, 10 Aug 2022 17:37:41 +0800
From: Chao Peng <chao.p.peng@linux.intel.com>
To: David Hildenbrand <david@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	linux-fsdevel@vger.kernel.org, linux-api@vger.kernel.org,
	linux-doc@vger.kernel.org, qemu-devel@nongnu.org,
	linux-kselftest@vger.kernel.org,
	Paolo Bonzini <pbonzini@redhat.com>,
	Jonathan Corbet <corbet@lwn.net>,
	Sean Christopherson <seanjc@google.com>,
	Vitaly Kuznetsov <vkuznets@redhat.com>,
	Wanpeng Li <wanpengli@tencent.com>,
	Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
	x86@kernel.org, "H . Peter Anvin" <hpa@zytor.com>,
	Hugh Dickins <hughd@google.com>, Jeff Layton <jlayton@kernel.org>,
	"J . Bruce Fields" <bfields@fieldses.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Shuah Khan <shuah@kernel.org>, Mike Rapoport <rppt@kernel.org>,
	Steven Price <steven.price@arm.com>,
	"Maciej S . Szmigiero" <mail@maciej.szmigiero.name>,
	Vlastimil Babka <vbabka@suse.cz>,
	Vishal Annapurve <vannapurve@google.com>,
	Yu Zhang <yu.c.zhang@linux.intel.com>,
	"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
	luto@kernel.org, jun.nakajima@intel.com, dave.hansen@intel.com,
	ak@linux.intel.com, aarcange@redhat.com, ddutile@redhat.com,
	dhildenb@redhat.com, Quentin Perret <qperret@google.com>,
	Michael Roth <michael.roth@amd.com>, mhocko@suse.com,
	Muchun Song <songmuchun@bytedance.com>
Subject: Re: [PATCH v7 05/14] mm/memfd: Introduce MFD_INACCESSIBLE flag
Message-ID: <20220810093741.GE862421@chaop.bj.intel.com>
Reply-To: Chao Peng <chao.p.peng@linux.intel.com>
References: <20220706082016.2603916-1-chao.p.peng@linux.intel.com>
 <20220706082016.2603916-6-chao.p.peng@linux.intel.com>
 <203c752f-9439-b5ae-056c-27b2631dcb81@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <203c752f-9439-b5ae-056c-27b2631dcb81@redhat.com>
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1660124560;
	h=from:from:sender:reply-to:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=AjlvHQPe0yRMaP2rbyTYDjsHm8CZKn5Bh2qztbiTCpo=;
	b=XXkkuLhpijqzex69fiDWke2mTWKQnrE7SUesK0fNbKfOluFe+BlYv+u9fBv7L7/ib+thfE
	+wsxJ/S6vCVyUOD2aKj+yvVDbNs9PDFBcN874+UiYwmiRKiHkmTyNeXj3xbWxCumxu1XaC
	W5lXylc3csASnSAOVJ+5qbhdifhE3co=
ARC-Authentication-Results: i=1;
	imf01.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b="L/R/CS5q";
	dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none);
	spf=none (imf01.hostedemail.com: domain of chao.p.peng@linux.intel.com has no SPF policy when checking 192.55.52.120) smtp.mailfrom=chao.p.peng@linux.intel.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660124560; a=rsa-sha256;
	cv=none;
	b=bdvuMJMom85pyZLfO9iXh3uTqK2D/r26Eorjj+vv74K3rORhVnAXhOaSywJjpmDgNcoguk
	506TddD1IddGUl236L2EmiqXb/1jNEfRIJ6NF1BUA5aJPAblSWW4oCpzTBdO09bNr2ePis
	YL/r1XPWkIpLkfZYoNwQ//42giL49Q8=
Authentication-Results: imf01.hostedemail.com;
	dkim=none ("invalid DKIM record") header.d=intel.com header.s=Intel header.b="L/R/CS5q";
	dmarc=fail reason="No valid SPF" header.from=intel.com (policy=none);
	spf=none (imf01.hostedemail.com: domain of chao.p.peng@linux.intel.com has no SPF policy when checking 192.55.52.120) smtp.mailfrom=chao.p.peng@linux.intel.com
X-Rspamd-Server: rspam02
X-Stat-Signature: 6z1f3dpm9rh7jtrdey8aubizwyrx4opq
X-Rspamd-Queue-Id: 2156C40187
X-Rspam-User: 
X-HE-Tag: 1660124558-81815
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Aug 05, 2022 at 03:28:50PM +0200, David Hildenbrand wrote:
> On 06.07.22 10:20, Chao Peng wrote:
> > Introduce a new memfd_create() flag indicating the content of the
> > created memfd is inaccessible from userspace through ordinary MMU
> > access (e.g., read/write/mmap). However, the file content can be
> > accessed via a different mechanism (e.g. KVM MMU) indirectly.
> > 
> > It provides semantics required for KVM guest private memory support
> > that a file descriptor with this flag set is going to be used as the
> > source of guest memory in confidential computing environments such
> > as Intel TDX/AMD SEV but may not be accessible from host userspace.
> > 
> > The flag can not coexist with MFD_ALLOW_SEALING, future sealing is
> > also impossible for a memfd created with this flag.
> 
> It's kind of weird to have it that way. Why should the user have to
> care? It's the notifier requirement to have that, no?
> 
> Why can't we handle that when register a notifier? If anything is
> already mapped, fail registering the notifier if the notifier has these
> demands. If registering succeeds, block it internally.
> 
> Or what am I missing? We might not need the memfile set flag semantics
> eventually and would not have to expose such a flag to user space.

This makes sense if doable. The major concern was: is there a reliable
way to detect this (already mapped) at the time of memslot registering.

Chao
> 
> -- 
> Thanks,
> 
> David / dhildenb
>