From: Peter Xu <peterx@redhat.com> To: linux-kernel@vger.kernel.org Cc: Paolo Bonzini <pbonzini@redhat.com>, Hugh Dickins <hughd@google.com>, Luis Chamberlain <mcgrof@kernel.org>, Maxime Coquelin <maxime.coquelin@redhat.com>, kvm@vger.kernel.org, Jerome Glisse <jglisse@redhat.com>, Pavel Emelyanov <xemul@virtuozzo.com>, Johannes Weiner <hannes@cmpxchg.org>, peterx@redhat.com, Martin Cracauer <cracauer@cons.org>, Denis Plotnikov <dplotnikov@virtuozzo.com>, linux-mm@kvack.org, Marty McFadden <mcfadden8@llnl.gov>, Maya Gokhale <gokhale2@llnl.gov>, Mike Kravetz <mike.kravetz@oracle.com>, Andrea Arcangeli <aarcange@redhat.com>, Mike Rapoport <rppt@linux.vnet.ibm.com>, Kees Cook <keescook@chromium.org>, Mel Gorman <mgorman@suse.de>, "Kirill A . Shutemov" <kirill@shutemov.name>, linux-fsdevel@vger.kernel.org, "Dr . David Alan Gilbert" <dgilbert@redhat.com>, Andrew Morton <akpm@linux-foundation.org> Subject: [PATCH 2/3] kvm/mm: introduce MMF_USERFAULTFD_ALLOW flag Date: Mon, 11 Mar 2019 17:37:00 +0800 [thread overview] Message-ID: <20190311093701.15734-3-peterx@redhat.com> (raw) In-Reply-To: <20190311093701.15734-1-peterx@redhat.com> Introduce a new MMF_USERFAULTFD_ALLOW flag and tag it upon the process memory address space as long as the process opened the /dev/kvm once. It'll be dropped automatically when fork() by MMF_INIT_TASK to reset the userfaultfd permission. Detecting the flag gives us a chance to open the green light for kvm upon using userfaultfd when we want to make sure all the existing kvm users will still be able to run their userspace programs without being affected by the new unprivileged userfaultfd switch. Suggested-by: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> --- include/linux/sched/coredump.h | 1 + virt/kvm/kvm_main.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index ecdc6542070f..9f6e71182892 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -72,6 +72,7 @@ static inline int get_dumpable(struct mm_struct *mm) #define MMF_DISABLE_THP 24 /* disable THP for all VMAs */ #define MMF_OOM_VICTIM 25 /* mm is the oom victim */ #define MMF_OOM_REAP_QUEUED 26 /* mm was queued for oom_reaper */ +#define MMF_USERFAULTFD_ALLOW 27 /* allow userfaultfd syscall */ #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP) #define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\ diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index d237d3350a99..079f6ac00c36 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -3403,7 +3403,14 @@ static long kvm_dev_ioctl(struct file *filp, return r; } +static int kvm_dev_open(struct inode *inode, struct file *file) +{ + set_bit(MMF_USERFAULTFD_ALLOW, ¤t->mm->flags); + return 0; +} + static struct file_operations kvm_chardev_ops = { + .open = kvm_dev_open, .unlocked_ioctl = kvm_dev_ioctl, .llseek = noop_llseek, KVM_COMPAT(kvm_dev_ioctl), -- 2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Peter Xu <peterx@redhat.com> To: linux-kernel@vger.kernel.org Cc: Paolo Bonzini <pbonzini@redhat.com>, Hugh Dickins <hughd@google.com>, Luis Chamberlain <mcgrof@kernel.org>, Maxime Coquelin <maxime.coquelin@redhat.com>, kvm@vger.kernel.org, Jerome Glisse <jglisse@redhat.com>, Pavel Emelyanov <xemul@virtuozzo.com>, Johannes Weiner <hannes@cmpxchg.org>, peterx@redhat.com, Martin Cracauer <cracauer@cons.org>, Denis Plotnikov <dplotnikov@virtuozzo.com>, linux-mm@kvack.org, Marty McFadden <mcfadden8@llnl.gov>, Maya Gokhale <gokhale2@llnl.gov>, Mike Kravetz <mike.kravetz@oracle.com>, Andrea Arcangeli <aarcange@redhat.com>, Mike Rapoport <rppt@linux.vnet.ibm.com>, Kees Cook <keescook@chromium.org>, Mel Gorman <mgorman@suse.de>, "Kirill A . Shutemov" <kirill@shutemov.name>, linux-fsdevel@vger.kernel.org, "Dr . Davi Subject: [PATCH 2/3] kvm/mm: introduce MMF_USERFAULTFD_ALLOW flag Date: Mon, 11 Mar 2019 17:37:00 +0800 [thread overview] Message-ID: <20190311093701.15734-3-peterx@redhat.com> (raw) In-Reply-To: <20190311093701.15734-1-peterx@redhat.com> Introduce a new MMF_USERFAULTFD_ALLOW flag and tag it upon the process memory address space as long as the process opened the /dev/kvm once. It'll be dropped automatically when fork() by MMF_INIT_TASK to reset the userfaultfd permission. Detecting the flag gives us a chance to open the green light for kvm upon using userfaultfd when we want to make sure all the existing kvm users will still be able to run their userspace programs without being affected by the new unprivileged userfaultfd switch. Suggested-by: Andrea Arcangeli <aarcange@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> --- include/linux/sched/coredump.h | 1 + virt/kvm/kvm_main.c | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/include/linux/sched/coredump.h b/include/linux/sched/coredump.h index ecdc6542070f..9f6e71182892 100644 --- a/include/linux/sched/coredump.h +++ b/include/linux/sched/coredump.h @@ -72,6 +72,7 @@ static inline int get_dumpable(struct mm_struct *mm) #define MMF_DISABLE_THP 24 /* disable THP for all VMAs */ #define MMF_OOM_VICTIM 25 /* mm is the oom victim */ #define MMF_OOM_REAP_QUEUED 26 /* mm was queued for oom_reaper */ +#define MMF_USERFAULTFD_ALLOW 27 /* allow userfaultfd syscall */ #define MMF_DISABLE_THP_MASK (1 << MMF_DISABLE_THP) #define MMF_INIT_MASK (MMF_DUMPABLE_MASK | MMF_DUMP_FILTER_MASK |\ diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index d237d3350a99..079f6ac00c36 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -3403,7 +3403,14 @@ static long kvm_dev_ioctl(struct file *filp, return r; } +static int kvm_dev_open(struct inode *inode, struct file *file) +{ + set_bit(MMF_USERFAULTFD_ALLOW, ¤t->mm->flags); + return 0; +} + static struct file_operations kvm_chardev_ops = { + .open = kvm_dev_open, .unlocked_ioctl = kvm_dev_ioctl, .llseek = noop_llseek, KVM_COMPAT(kvm_dev_ioctl), -- 2.17.1
next prev parent reply other threads:[~2019-03-11 9:37 UTC|newest] Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-03-11 9:36 [PATCH 0/3] userfaultfd: allow to forbid unprivileged users Peter Xu 2019-03-11 9:36 ` Peter Xu 2019-03-11 9:36 ` [PATCH 1/3] userfaultfd/sysctl: introduce unprivileged_userfaultfd Peter Xu 2019-03-11 9:36 ` Peter Xu 2019-03-12 6:58 ` Mike Rapoport 2019-03-12 6:58 ` Mike Rapoport 2019-03-12 12:26 ` Peter Xu 2019-03-12 12:26 ` Peter Xu 2019-03-12 13:53 ` Mike Rapoport 2019-03-12 13:53 ` Mike Rapoport 2019-03-11 9:37 ` Peter Xu [this message] 2019-03-11 9:37 ` [PATCH 2/3] kvm/mm: introduce MMF_USERFAULTFD_ALLOW flag Peter Xu 2019-03-11 9:37 ` [PATCH 3/3] userfaultfd: apply unprivileged_userfaultfd check Peter Xu 2019-03-11 9:37 ` Peter Xu 2019-03-11 9:58 ` Peter Xu 2019-03-11 9:58 ` Peter Xu 2019-03-12 7:01 ` [PATCH 0/3] userfaultfd: allow to forbid unprivileged users Mike Rapoport 2019-03-12 7:01 ` Mike Rapoport 2019-03-12 12:29 ` Peter Xu 2019-03-12 12:29 ` Peter Xu 2019-03-12 7:49 ` Kirill A. Shutemov 2019-03-12 7:49 ` Kirill A. Shutemov 2019-03-12 7:49 ` Kirill A. Shutemov 2019-03-12 12:43 ` Peter Xu 2019-03-12 12:43 ` Peter Xu 2019-03-12 12:43 ` Peter Xu 2019-03-12 19:59 ` Mike Kravetz 2019-03-12 19:59 ` Mike Kravetz 2019-03-13 6:00 ` Peter Xu 2019-03-13 6:00 ` Peter Xu 2019-03-13 8:22 ` Paolo Bonzini 2019-03-13 8:22 ` Paolo Bonzini 2019-03-13 18:52 ` Andrea Arcangeli 2019-03-13 18:52 ` Andrea Arcangeli 2019-03-13 19:12 ` Paolo Bonzini 2019-03-13 19:12 ` Paolo Bonzini 2019-03-13 19:12 ` Paolo Bonzini 2019-03-13 23:44 ` Andrea Arcangeli 2019-03-13 23:44 ` Andrea Arcangeli 2019-03-14 10:58 ` Paolo Bonzini 2019-03-14 10:58 ` Paolo Bonzini 2019-03-14 15:23 ` Alexei Starovoitov 2019-03-14 15:23 ` Alexei Starovoitov 2019-03-14 15:23 ` Alexei Starovoitov 2019-03-14 16:00 ` Paolo Bonzini 2019-03-14 16:00 ` Paolo Bonzini 2019-03-14 16:16 ` Andrea Arcangeli 2019-03-14 16:16 ` Andrea Arcangeli 2019-03-15 16:09 ` Kees Cook 2019-03-15 16:09 ` Kees Cook 2019-03-15 16:09 ` Kees Cook 2019-03-13 20:01 ` Mike Kravetz 2019-03-13 23:55 ` Andrea Arcangeli 2019-03-13 23:55 ` Andrea Arcangeli 2019-03-14 3:32 ` Mike Kravetz 2019-03-14 3:32 ` Mike Kravetz 2019-03-13 17:50 ` Mike Kravetz 2019-03-13 17:50 ` Mike Kravetz 2019-03-15 8:26 ` Peter Xu 2019-03-15 8:26 ` Peter Xu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20190311093701.15734-3-peterx@redhat.com \ --to=peterx@redhat.com \ --cc=aarcange@redhat.com \ --cc=akpm@linux-foundation.org \ --cc=cracauer@cons.org \ --cc=dgilbert@redhat.com \ --cc=dplotnikov@virtuozzo.com \ --cc=gokhale2@llnl.gov \ --cc=hannes@cmpxchg.org \ --cc=hughd@google.com \ --cc=jglisse@redhat.com \ --cc=keescook@chromium.org \ --cc=kirill@shutemov.name \ --cc=kvm@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=maxime.coquelin@redhat.com \ --cc=mcfadden8@llnl.gov \ --cc=mcgrof@kernel.org \ --cc=mgorman@suse.de \ --cc=mike.kravetz@oracle.com \ --cc=pbonzini@redhat.com \ --cc=rppt@linux.vnet.ibm.com \ --cc=xemul@virtuozzo.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.