From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 64C45C433DB for ; Mon, 22 Feb 2021 09:39:11 +0000 (UTC) Received: from ml01.01.org (ml01.01.org [198.145.21.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DA78E601FE for ; Mon, 22 Feb 2021 09:39:10 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DA78E601FE Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-nvdimm-bounces@lists.01.org Received: from ml01.vlan13.01.org (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 07F1D100EBB6F; Mon, 22 Feb 2021 01:39:10 -0800 (PST) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=170.10.133.124; helo=us-smtp-delivery-124.mimecast.com; envelope-from=david@redhat.com; receiver= Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 0DFAA100EBB6B for ; Mon, 22 Feb 2021 01:39:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613986745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DFxc+0us/i36TuhQU4VjFE7oonKp2pd6VcvaTnTkT80=; b=VmpxmvcRyGmKaIDm/4oAjtcVQ+dojXtl9vYmbKm4KHVKxwCjbZj3WtniPGzAsFgmUZ4g4Q YDPSQgyqH693uC784GnWggclSPn8A3oeymrjqHZI4SjgXCLNLsZVGjzdwh1RoUblz3QgAW 8RU6a0CBku5H0o2ILlfu75IafAdwQr8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-60-uAjoBBddN9WmOEycYhZwYw-1; Mon, 22 Feb 2021 04:39:00 -0500 X-MC-Unique: uAjoBBddN9WmOEycYhZwYw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D047D18A2F09; Mon, 22 Feb 2021 09:38:20 +0000 (UTC) Received: from [10.36.115.16] (ovpn-115-16.ams2.redhat.com [10.36.115.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id BABB110589DD; Mon, 22 Feb 2021 09:38:11 +0000 (UTC) To: jejb@linux.ibm.com, Michal Hocko References: <20210214091954.GM242749@kernel.org> <052DACE9-986B-424C-AF8E-D6A4277DE635@redhat.com> <244f86cba227fa49ca30cd595c4e5538fe2f7c2b.camel@linux.ibm.com> <12c3890b233c8ec8e3967352001a7b72a8e0bfd0.camel@linux.ibm.com> <000cfaa0a9a09f07c5e50e573393cda301d650c9.camel@linux.ibm.com> <5a8567a9-6940-c23f-0927-e4b5c5db0d5e@redhat.com> From: David Hildenbrand Organization: Red Hat GmbH Subject: Re: [PATCH v17 07/10] mm: introduce memfd_secret system call to create "secret" memory areas Message-ID: <304e4c9d-81aa-20ac-cfbe-245ed0de9a86@redhat.com> Date: Mon, 22 Feb 2021 10:38:10 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Message-ID-Hash: 4RNVZ6VAHZUIX324J6CX6HGGKXVIAKOO X-Message-ID-Hash: 4RNVZ6VAHZUIX324J6CX6HGGKXVIAKOO X-MailFrom: david@redhat.com X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation CC: Mike Rapoport , Mike Rapoport , Andrew Morton , Alexander Viro , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Catalin Marinas , Christopher Lameter , Dave Hansen , Elena Reshetova , "H. Peter Anvin" , Ingo Molnar , "Kirill A. Shutemov" , Matthew Wilcox , Mark Rutland , Michael Kerrisk , Palmer Dabbelt , Paul Walmsley , Peter Zijlstra , Rick Edgecombe , Roman Gushchin , Shakeel Butt , Shuah Khan , Thomas Gleixner , Tycho Andersen , Will Deacon , linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-nvdimm@lists.01.org, linux-riscv@lists.infradead.org, x86@kernel.org, Hagen Paul Pfeifer , Palmer Dabbelt X-Mailman-Version: 3.1.1 Precedence: list List-Id: "Linux-nvdimm developer list." Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: text/plain; charset="us-ascii"; format="flowed" Content-Transfer-Encoding: 7bit On 17.02.21 17:19, James Bottomley wrote: > On Tue, 2021-02-16 at 18:16 +0100, David Hildenbrand wrote: > [...] >>>> The discussion regarding migratability only really popped up >>>> because this is a user-visible thing and not being able to >>>> migrate can be a real problem (fragmentation, ZONE_MOVABLE, ...). >>> >>> I think the biggest use will potentially come from hardware >>> acceleration. If it becomes simple to add say encryption to a >>> secret page with no cost, then no flag needed. However, if we only >>> have a limited number of keys so once we run out no more encrypted >>> memory then it becomes a costly resource and users might want a >>> choice of being backed by encryption or not. >> >> Right. But wouldn't HW support with configurable keys etc. need more >> syscall parameters (meaning, even memefd_secret() as it is would not >> be sufficient?). I suspect the simplistic flag approach might not >> be sufficient. I might be wrong because I have no clue about MKTME >> and friends. > > The theory I was operating under is key management is automatic and > hidden, but key scarcity can't be, so if you flag requesting hardware > backing then you either get success (the kernel found a key) or failure > (the kernel is out of keys). If we actually want to specify the key > then we need an extra argument and we *must* have a new system call. > >> Anyhow, I still think extending memfd_create() might just be good >> enough - at least for now. > > I really think this is the wrong approach for a user space ABI. If we > think we'll ever need to move to a separate syscall, we should begin > with one. The pain of trying to shift userspace from memfd_create to a > new syscall would be enormous. It's not impossible (see clone3) but > it's a pain we should avoid if we know it's coming. Sorry for the late reply, there is just too much going on :) *If* we ever realize we need to pass more parameters we can easily have a new syscall for that purpose. *Then*, we know how that syscall will look like. Right now, it's just pure speculation. Until then, going with memfd_create() works just fine IMHO. The worst think that could happen is that we might not be able to create all fancy sectremem flavors in the future via memfd_create() but only via different, highly specialized syscall. I don't see a real problem with that. -- Thanks, David / dhildenb _______________________________________________ Linux-nvdimm mailing list -- linux-nvdimm@lists.01.org To unsubscribe send an email to linux-nvdimm-leave@lists.01.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 35F25C433DB for ; Mon, 22 Feb 2021 09:41:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E1A5D64E92 for ; Mon, 22 Feb 2021 09:41:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230008AbhBVJkw (ORCPT ); Mon, 22 Feb 2021 04:40:52 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:46687 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229990AbhBVJkc (ORCPT ); Mon, 22 Feb 2021 04:40:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613986745; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DFxc+0us/i36TuhQU4VjFE7oonKp2pd6VcvaTnTkT80=; b=VmpxmvcRyGmKaIDm/4oAjtcVQ+dojXtl9vYmbKm4KHVKxwCjbZj3WtniPGzAsFgmUZ4g4Q YDPSQgyqH693uC784GnWggclSPn8A3oeymrjqHZI4SjgXCLNLsZVGjzdwh1RoUblz3QgAW 8RU6a0CBku5H0o2ILlfu75IafAdwQr8= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-60-uAjoBBddN9WmOEycYhZwYw-1; Mon, 22 Feb 2021 04:39:00 -0500 X-MC-Unique: uAjoBBddN9WmOEycYhZwYw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D047D18A2F09; Mon, 22 Feb 2021 09:38:20 +0000 (UTC) Received: from [10.36.115.16] (ovpn-115-16.ams2.redhat.com [10.36.115.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id BABB110589DD; Mon, 22 Feb 2021 09:38:11 +0000 (UTC) To: jejb@linux.ibm.com, Michal Hocko Cc: Mike Rapoport , Mike Rapoport , Andrew Morton , Alexander Viro , Andy Lutomirski , Arnd Bergmann , Borislav Petkov , Catalin Marinas , Christopher Lameter , Dan Williams , Dave Hansen , Elena Reshetova , "H. Peter Anvin" , Ingo Molnar , "Kirill A. Shutemov" , Matthew Wilcox , Mark Rutland , Michael Kerrisk , Palmer Dabbelt , Paul Walmsley , Peter Zijlstra , Rick Edgecombe , Roman Gushchin , Shakeel Butt , Shuah Khan , Thomas Gleixner , Tycho Andersen , Will Deacon , linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-nvdimm@lists.01.org, linux-riscv@lists.infradead.org, x86@kernel.org, Hagen Paul Pfeifer , Palmer Dabbelt References: <20210214091954.GM242749@kernel.org> <052DACE9-986B-424C-AF8E-D6A4277DE635@redhat.com> <244f86cba227fa49ca30cd595c4e5538fe2f7c2b.camel@linux.ibm.com> <12c3890b233c8ec8e3967352001a7b72a8e0bfd0.camel@linux.ibm.com> <000cfaa0a9a09f07c5e50e573393cda301d650c9.camel@linux.ibm.com> <5a8567a9-6940-c23f-0927-e4b5c5db0d5e@redhat.com> From: David Hildenbrand Organization: Red Hat GmbH Subject: Re: [PATCH v17 07/10] mm: introduce memfd_secret system call to create "secret" memory areas Message-ID: <304e4c9d-81aa-20ac-cfbe-245ed0de9a86@redhat.com> Date: Mon, 22 Feb 2021 10:38:10 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 17.02.21 17:19, James Bottomley wrote: > On Tue, 2021-02-16 at 18:16 +0100, David Hildenbrand wrote: > [...] >>>> The discussion regarding migratability only really popped up >>>> because this is a user-visible thing and not being able to >>>> migrate can be a real problem (fragmentation, ZONE_MOVABLE, ...). >>> >>> I think the biggest use will potentially come from hardware >>> acceleration. If it becomes simple to add say encryption to a >>> secret page with no cost, then no flag needed. However, if we only >>> have a limited number of keys so once we run out no more encrypted >>> memory then it becomes a costly resource and users might want a >>> choice of being backed by encryption or not. >> >> Right. But wouldn't HW support with configurable keys etc. need more >> syscall parameters (meaning, even memefd_secret() as it is would not >> be sufficient?). I suspect the simplistic flag approach might not >> be sufficient. I might be wrong because I have no clue about MKTME >> and friends. > > The theory I was operating under is key management is automatic and > hidden, but key scarcity can't be, so if you flag requesting hardware > backing then you either get success (the kernel found a key) or failure > (the kernel is out of keys). If we actually want to specify the key > then we need an extra argument and we *must* have a new system call. > >> Anyhow, I still think extending memfd_create() might just be good >> enough - at least for now. > > I really think this is the wrong approach for a user space ABI. If we > think we'll ever need to move to a separate syscall, we should begin > with one. The pain of trying to shift userspace from memfd_create to a > new syscall would be enormous. It's not impossible (see clone3) but > it's a pain we should avoid if we know it's coming. Sorry for the late reply, there is just too much going on :) *If* we ever realize we need to pass more parameters we can easily have a new syscall for that purpose. *Then*, we know how that syscall will look like. Right now, it's just pure speculation. Until then, going with memfd_create() works just fine IMHO. The worst think that could happen is that we might not be able to create all fancy sectremem flavors in the future via memfd_create() but only via different, highly specialized syscall. I don't see a real problem with that. -- Thanks, David / dhildenb From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D7180C433E0 for ; Mon, 22 Feb 2021 09:39:26 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 860EF64E44 for ; Mon, 22 Feb 2021 09:39:26 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 860EF64E44 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Type: Content-Transfer-Encoding:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:Subject: From:References:To:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=QIeMZxHvF6Wukx6Oi+FEALQLmh0J0e+74SRXBIQw8XA=; b=TlVNUV24tdWz7S/SJvlaUq+2c 1AIVvAYZKdUe+gg8phagr2TeAZyXudLdRDO1HxkZd8RPx8LMjSwXdJPjN8+q2JjDfnfx2ENHD8sNP JHWNTHj/ihIkDNWmJHXRDFinXxW47VNsCseSDQ1tK1QhVlignnHH8BiRZA30/vcU484aPe1j4lbrl GCNGSzEhdii5iiroV2FsLITDRiKmDLnbOGax/75+8SyHC2LjRMQcT9VeC26BeTK9NMpxCyhtesgBe 7LsPaIDqF4L5JCOo/PuZzgjiRoY0GYO81physJir+v7AeYooELIvBrxCAfnS03Sb9eGELTSqJuJgM I3BJq/Ypg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1lE7gO-0001k8-MQ; Mon, 22 Feb 2021 09:39:12 +0000 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1lE7gI-0001hQ-T7 for linux-riscv@lists.infradead.org; Mon, 22 Feb 2021 09:39:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613986746; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DFxc+0us/i36TuhQU4VjFE7oonKp2pd6VcvaTnTkT80=; b=NcY7trNoTvvWTG8xIfRbed/PeUCWvMP3Sfrwm7MBila42VYi0pvtbDYNujlR9amHOZBE28 anDccbeCtfEECO1yUIzOj0V+OOwFImMSM6t+ElED0OOK4fV+STgh6jV92AVvJnEUS5KLfT dkIRKsib5h6JdFZHOCzp9n3O+ff5aFc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-60-uAjoBBddN9WmOEycYhZwYw-1; Mon, 22 Feb 2021 04:39:00 -0500 X-MC-Unique: uAjoBBddN9WmOEycYhZwYw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D047D18A2F09; Mon, 22 Feb 2021 09:38:20 +0000 (UTC) Received: from [10.36.115.16] (ovpn-115-16.ams2.redhat.com [10.36.115.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id BABB110589DD; Mon, 22 Feb 2021 09:38:11 +0000 (UTC) To: jejb@linux.ibm.com, Michal Hocko References: <20210214091954.GM242749@kernel.org> <052DACE9-986B-424C-AF8E-D6A4277DE635@redhat.com> <244f86cba227fa49ca30cd595c4e5538fe2f7c2b.camel@linux.ibm.com> <12c3890b233c8ec8e3967352001a7b72a8e0bfd0.camel@linux.ibm.com> <000cfaa0a9a09f07c5e50e573393cda301d650c9.camel@linux.ibm.com> <5a8567a9-6940-c23f-0927-e4b5c5db0d5e@redhat.com> From: David Hildenbrand Organization: Red Hat GmbH Subject: Re: [PATCH v17 07/10] mm: introduce memfd_secret system call to create "secret" memory areas Message-ID: <304e4c9d-81aa-20ac-cfbe-245ed0de9a86@redhat.com> Date: Mon, 22 Feb 2021 10:38:10 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210222_043906_994185_76E5CF6D X-CRM114-Status: GOOD ( 25.02 ) X-BeenThere: linux-riscv@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Peter Zijlstra , Catalin Marinas , Dave Hansen , linux-mm@kvack.org, linux-kselftest@vger.kernel.org, "H. Peter Anvin" , Christopher Lameter , Shuah Khan , Thomas Gleixner , Elena Reshetova , linux-arch@vger.kernel.org, Tycho Andersen , linux-nvdimm@lists.01.org, Will Deacon , x86@kernel.org, Matthew Wilcox , Mike Rapoport , Ingo Molnar , Michael Kerrisk , Palmer Dabbelt , Arnd Bergmann , Hagen Paul Pfeifer , Borislav Petkov , Alexander Viro , Andy Lutomirski , Paul Walmsley , "Kirill A. Shutemov" , Dan Williams , linux-arm-kernel@lists.infradead.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Palmer Dabbelt , linux-fsdevel@vger.kernel.org, Shakeel Butt , Andrew Morton , Rick Edgecombe , Roman Gushchin , Mike Rapoport Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-riscv" Errors-To: linux-riscv-bounces+linux-riscv=archiver.kernel.org@lists.infradead.org On 17.02.21 17:19, James Bottomley wrote: > On Tue, 2021-02-16 at 18:16 +0100, David Hildenbrand wrote: > [...] >>>> The discussion regarding migratability only really popped up >>>> because this is a user-visible thing and not being able to >>>> migrate can be a real problem (fragmentation, ZONE_MOVABLE, ...). >>> >>> I think the biggest use will potentially come from hardware >>> acceleration. If it becomes simple to add say encryption to a >>> secret page with no cost, then no flag needed. However, if we only >>> have a limited number of keys so once we run out no more encrypted >>> memory then it becomes a costly resource and users might want a >>> choice of being backed by encryption or not. >> >> Right. But wouldn't HW support with configurable keys etc. need more >> syscall parameters (meaning, even memefd_secret() as it is would not >> be sufficient?). I suspect the simplistic flag approach might not >> be sufficient. I might be wrong because I have no clue about MKTME >> and friends. > > The theory I was operating under is key management is automatic and > hidden, but key scarcity can't be, so if you flag requesting hardware > backing then you either get success (the kernel found a key) or failure > (the kernel is out of keys). If we actually want to specify the key > then we need an extra argument and we *must* have a new system call. > >> Anyhow, I still think extending memfd_create() might just be good >> enough - at least for now. > > I really think this is the wrong approach for a user space ABI. If we > think we'll ever need to move to a separate syscall, we should begin > with one. The pain of trying to shift userspace from memfd_create to a > new syscall would be enormous. It's not impossible (see clone3) but > it's a pain we should avoid if we know it's coming. Sorry for the late reply, there is just too much going on :) *If* we ever realize we need to pass more parameters we can easily have a new syscall for that purpose. *Then*, we know how that syscall will look like. Right now, it's just pure speculation. Until then, going with memfd_create() works just fine IMHO. The worst think that could happen is that we might not be able to create all fancy sectremem flavors in the future via memfd_create() but only via different, highly specialized syscall. I don't see a real problem with that. -- Thanks, David / dhildenb _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B6D3C433DB for ; Mon, 22 Feb 2021 09:40:34 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0956564E2F for ; Mon, 22 Feb 2021 09:40:33 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0956564E2F Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Type: Content-Transfer-Encoding:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:Date:Message-ID:Subject: From:References:To:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=wTK/1WZ+xeDxMINqR3spRsE6ld+qHz5KVm0BcArwU5w=; b=XYKj4y11KNVxnHufrpKtkEJVh SP3lKlt/jAeBJzi1Rajm8iwcGNLvHUo7D9HoGPcRd8gCj9oa26pfK2zxCkHgqZTPVnN+lY8/pCHQX 6AYQNliHUqlpXV+fESqgkl+9M25/MgcR7Xcvp2OMhRg/dE+cd/ZK/LPJe7hbLiOf2e7N0dtHgRsFr 2+QoBjLL8rxXSmScZjK7zYrvIrIIHLTArKvZu9kgJRF9W63b8cqCPu6DgK2/xIPpTbWjUAqpJ1M3s qYwNa+btYmzhRg+hX3D9JLvA+sAsT4ZHrwHTHPw6ezKon8r0Zth8IRuCS3V3vWbXPYaTVwbfR+vtF 5fd6Nfe6w==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1lE7gM-0001jj-Ds; Mon, 22 Feb 2021 09:39:10 +0000 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1lE7gI-0001hR-SZ for linux-arm-kernel@lists.infradead.org; Mon, 22 Feb 2021 09:39:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613986746; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DFxc+0us/i36TuhQU4VjFE7oonKp2pd6VcvaTnTkT80=; b=NcY7trNoTvvWTG8xIfRbed/PeUCWvMP3Sfrwm7MBila42VYi0pvtbDYNujlR9amHOZBE28 anDccbeCtfEECO1yUIzOj0V+OOwFImMSM6t+ElED0OOK4fV+STgh6jV92AVvJnEUS5KLfT dkIRKsib5h6JdFZHOCzp9n3O+ff5aFc= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-60-uAjoBBddN9WmOEycYhZwYw-1; Mon, 22 Feb 2021 04:39:00 -0500 X-MC-Unique: uAjoBBddN9WmOEycYhZwYw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D047D18A2F09; Mon, 22 Feb 2021 09:38:20 +0000 (UTC) Received: from [10.36.115.16] (ovpn-115-16.ams2.redhat.com [10.36.115.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id BABB110589DD; Mon, 22 Feb 2021 09:38:11 +0000 (UTC) To: jejb@linux.ibm.com, Michal Hocko References: <20210214091954.GM242749@kernel.org> <052DACE9-986B-424C-AF8E-D6A4277DE635@redhat.com> <244f86cba227fa49ca30cd595c4e5538fe2f7c2b.camel@linux.ibm.com> <12c3890b233c8ec8e3967352001a7b72a8e0bfd0.camel@linux.ibm.com> <000cfaa0a9a09f07c5e50e573393cda301d650c9.camel@linux.ibm.com> <5a8567a9-6940-c23f-0927-e4b5c5db0d5e@redhat.com> From: David Hildenbrand Organization: Red Hat GmbH Subject: Re: [PATCH v17 07/10] mm: introduce memfd_secret system call to create "secret" memory areas Message-ID: <304e4c9d-81aa-20ac-cfbe-245ed0de9a86@redhat.com> Date: Mon, 22 Feb 2021 10:38:10 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210222_043906_953151_A502B126 X-CRM114-Status: GOOD ( 26.01 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , Peter Zijlstra , Catalin Marinas , Dave Hansen , linux-mm@kvack.org, linux-kselftest@vger.kernel.org, "H. Peter Anvin" , Christopher Lameter , Shuah Khan , Thomas Gleixner , Elena Reshetova , linux-arch@vger.kernel.org, Tycho Andersen , linux-nvdimm@lists.01.org, Will Deacon , x86@kernel.org, Matthew Wilcox , Mike Rapoport , Ingo Molnar , Michael Kerrisk , Palmer Dabbelt , Arnd Bergmann , Hagen Paul Pfeifer , Borislav Petkov , Alexander Viro , Andy Lutomirski , Paul Walmsley , "Kirill A. Shutemov" , Dan Williams , linux-arm-kernel@lists.infradead.org, linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, linux-riscv@lists.infradead.org, Palmer Dabbelt , linux-fsdevel@vger.kernel.org, Shakeel Butt , Andrew Morton , Rick Edgecombe , Roman Gushchin , Mike Rapoport Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org On 17.02.21 17:19, James Bottomley wrote: > On Tue, 2021-02-16 at 18:16 +0100, David Hildenbrand wrote: > [...] >>>> The discussion regarding migratability only really popped up >>>> because this is a user-visible thing and not being able to >>>> migrate can be a real problem (fragmentation, ZONE_MOVABLE, ...). >>> >>> I think the biggest use will potentially come from hardware >>> acceleration. If it becomes simple to add say encryption to a >>> secret page with no cost, then no flag needed. However, if we only >>> have a limited number of keys so once we run out no more encrypted >>> memory then it becomes a costly resource and users might want a >>> choice of being backed by encryption or not. >> >> Right. But wouldn't HW support with configurable keys etc. need more >> syscall parameters (meaning, even memefd_secret() as it is would not >> be sufficient?). I suspect the simplistic flag approach might not >> be sufficient. I might be wrong because I have no clue about MKTME >> and friends. > > The theory I was operating under is key management is automatic and > hidden, but key scarcity can't be, so if you flag requesting hardware > backing then you either get success (the kernel found a key) or failure > (the kernel is out of keys). If we actually want to specify the key > then we need an extra argument and we *must* have a new system call. > >> Anyhow, I still think extending memfd_create() might just be good >> enough - at least for now. > > I really think this is the wrong approach for a user space ABI. If we > think we'll ever need to move to a separate syscall, we should begin > with one. The pain of trying to shift userspace from memfd_create to a > new syscall would be enormous. It's not impossible (see clone3) but > it's a pain we should avoid if we know it's coming. Sorry for the late reply, there is just too much going on :) *If* we ever realize we need to pass more parameters we can easily have a new syscall for that purpose. *Then*, we know how that syscall will look like. Right now, it's just pure speculation. Until then, going with memfd_create() works just fine IMHO. The worst think that could happen is that we might not be able to create all fancy sectremem flavors in the future via memfd_create() but only via different, highly specialized syscall. I don't see a real problem with that. -- Thanks, David / dhildenb _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel