From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1F53C433EF for ; Mon, 22 Nov 2021 13:36:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239411AbhKVNjL (ORCPT ); Mon, 22 Nov 2021 08:39:11 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:47971 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239275AbhKVNjB (ORCPT ); Mon, 22 Nov 2021 08:39:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637588154; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=602lNvVOZar2m+HSFbxBYiyDNXrGO+dVi/Ze/KZAj6g=; b=ZNDVdueQ4xrwWe5pXhJgvmseao91pgGi4k943MKsjUnPjFhJBevrarVBZ/Y/Ght0GUGvXk FmHMfDzufOBWB+sPHo6bKBVpkZ+lMUvw/XAK8svFtTb9U9RdnRxN1+r6M/Y5LPG17FVzoR 9xfdcuB2bWSuUu1Z0DjXDXXh6biDfrs= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-232-VaIYIV5kM5K5BsEkOWa7mw-1; Mon, 22 Nov 2021 08:35:53 -0500 X-MC-Unique: VaIYIV5kM5K5BsEkOWa7mw-1 Received: by mail-wm1-f69.google.com with SMTP id 187-20020a1c02c4000000b003335872db8dso6324554wmc.2 for ; Mon, 22 Nov 2021 05:35:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:organization:in-reply-to :content-transfer-encoding; bh=602lNvVOZar2m+HSFbxBYiyDNXrGO+dVi/Ze/KZAj6g=; b=gFmPlXUghp6txxCiYFp08m59mUvVqVZQito8ENcJ8UDH8OwxFY03IiR1BsTl3Gfr5C bqUizhVm9xUbhkNTgBBPFqIxzrpBpm03bXLIzsWtxQbb99mXiWJiyXpdZHgF1KbOsMNl eIbcu3oeZj4HRlCjTDIMyd8qyRaEhGlCkEQte40LNseoq3ksrznJPB4k/DLkwyZ/wKBv uO9wrT4o5ldRGGeBENsvGwJLeeTxFQ8mIGfMLV8bfsNtmGh48a5ipTcF4V1T3uVmnS7G CVA4zs4XQ4D4wkI1bYRL6Nc/JtfjmYEsPX8cXj6wsFD6SiXZqfr3czF3/H8K94FxadSH t/Gw== X-Gm-Message-State: AOAM53341T1+wGA4wEdREuDZALUSn/+faq5nw08+oqXBV5Mjwxk/+m9y uoyiNlgLO8Oy8fY71JTONLujr8YDe5CMxg9aOtDwAhGm34YNRLcPf9Lp9XCftQISfagkdk5Qqwm rk0s1KZcCQL9diDiA10DDCwgA X-Received: by 2002:adf:f042:: with SMTP id t2mr39515200wro.180.1637588151974; Mon, 22 Nov 2021 05:35:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJw1uMKJXFglAoRaU5wdp0h6HMWbMcVgb35JuanaPUNLoA7JZ4ctjynARZIlt7KcqMq8Cl1Yqg== X-Received: by 2002:adf:f042:: with SMTP id t2mr39515155wro.180.1637588151703; Mon, 22 Nov 2021 05:35:51 -0800 (PST) Received: from [192.168.3.132] (p5b0c667b.dip0.t-ipconnect.de. [91.12.102.123]) by smtp.gmail.com with ESMTPSA id m34sm24540329wms.25.2021.11.22.05.35.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 22 Nov 2021 05:35:51 -0800 (PST) Message-ID: <56c0dffc-5fc4-c337-3e85-a5c9ce619140@redhat.com> Date: Mon, 22 Nov 2021 14:35:49 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST Content-Language: en-US To: Jason Gunthorpe Cc: Chao Peng , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, qemu-devel@nongnu.org, Paolo Bonzini , Jonathan Corbet , Sean Christopherson , Vitaly Kuznetsov , Wanpeng Li , Jim Mattson , Joerg Roedel , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, "H . Peter Anvin" , Hugh Dickins , Jeff Layton , "J . Bruce Fields" , Andrew Morton , Yu Zhang , "Kirill A . Shutemov" , luto@kernel.org, john.ji@intel.com, susie.li@intel.com, jun.nakajima@intel.com, dave.hansen@intel.com, ak@linux.intel.com References: <20211119134739.20218-1-chao.p.peng@linux.intel.com> <20211119134739.20218-2-chao.p.peng@linux.intel.com> <20211119151943.GH876299@ziepe.ca> <20211119160023.GI876299@ziepe.ca> <4efdccac-245f-eb1f-5b7f-c1044ff0103d@redhat.com> <20211122133145.GQ876299@ziepe.ca> From: David Hildenbrand Organization: Red Hat In-Reply-To: <20211122133145.GQ876299@ziepe.ca> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 22.11.21 14:31, Jason Gunthorpe wrote: > On Mon, Nov 22, 2021 at 10:26:12AM +0100, David Hildenbrand wrote: > >> I do wonder if we want to support sharing such memfds between processes >> in all cases ... we most certainly don't want to be able to share >> encrypted memory between VMs (I heard that the kernel has to forbid >> that). It would make sense in the use case you describe, though. > > If there is a F_SEAL_XX that blocks every kind of new access, who > cares if userspace passes the FD around or not? I was imagining that you actually would want to do some kind of "change ownership". But yeah, the intended semantics and all use cases we have in mind are not fully clear to me yet. If it's really "no new access" (side note: is "access" the right word?) then sure, we can pass the fd around. -- Thanks, David / dhildenb From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 4215BC433EF for ; Mon, 22 Nov 2021 13:42:49 +0000 (UTC) Received: from localhost ([::1]:48910 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mp9ap-00043M-Po for qemu-devel@archiver.kernel.org; Mon, 22 Nov 2021 08:42:47 -0500 Received: from eggs.gnu.org ([209.51.188.92]:37244) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mp9UD-0006Sr-30 for qemu-devel@nongnu.org; Mon, 22 Nov 2021 08:35:57 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:54091) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mp9UB-0001Qv-2H for qemu-devel@nongnu.org; Mon, 22 Nov 2021 08:35:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1637588154; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=602lNvVOZar2m+HSFbxBYiyDNXrGO+dVi/Ze/KZAj6g=; b=ZNDVdueQ4xrwWe5pXhJgvmseao91pgGi4k943MKsjUnPjFhJBevrarVBZ/Y/Ght0GUGvXk FmHMfDzufOBWB+sPHo6bKBVpkZ+lMUvw/XAK8svFtTb9U9RdnRxN1+r6M/Y5LPG17FVzoR 9xfdcuB2bWSuUu1Z0DjXDXXh6biDfrs= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-232-Wwof4F_aMOqHSTmsbgqaHw-1; Mon, 22 Nov 2021 08:35:53 -0500 X-MC-Unique: Wwof4F_aMOqHSTmsbgqaHw-1 Received: by mail-wm1-f71.google.com with SMTP id 138-20020a1c0090000000b00338bb803204so6071136wma.1 for ; Mon, 22 Nov 2021 05:35:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:organization:in-reply-to :content-transfer-encoding; bh=602lNvVOZar2m+HSFbxBYiyDNXrGO+dVi/Ze/KZAj6g=; b=ieDf2HtwihrvaBZDeImg3fO2h5tbx10RhCuDr9aQ3Ojjw8U9+QovbLP9iTwpP/cm0P Yus1ndt7hC4+oHKAY1eU4rji0qjPhumt/MeWsTypTyztfb6QDjKlctg/iySmJQ8MoOuq 00BnOkTJk7LTIrbRlpNt9JPfy4A8/ygrxx9F5L595lqY+tWKM60CdsWo2dI5Ugyt1Hh3 ONEqVd0cE2pxuGW/NvaNKvHW7CURY57aW8M2UMeNetIJ7iT7Izz+BOpprxuWT7MDHSbj zIb6i+2QbMIX7SjcPQnCQF8fq4WiDILhtpXtAyMB2NNIvexK2QNeFW2pbSpqLEziMeFN LOrA== X-Gm-Message-State: AOAM532Qf8esG71vIq96zZxXi2Dn0DGmASDV99X+FC5ZXMWXId52bVtW vifhLXikMAzlNJOnWTeBHX9+qi8wNLoE1x2TNCGbbqHeNZxzHN/v1ngiDVKW+Gam7nfigfGsbb3 jxKweQbnfqHZCc0o= X-Received: by 2002:adf:f042:: with SMTP id t2mr39515215wro.180.1637588151990; Mon, 22 Nov 2021 05:35:51 -0800 (PST) X-Google-Smtp-Source: ABdhPJw1uMKJXFglAoRaU5wdp0h6HMWbMcVgb35JuanaPUNLoA7JZ4ctjynARZIlt7KcqMq8Cl1Yqg== X-Received: by 2002:adf:f042:: with SMTP id t2mr39515155wro.180.1637588151703; Mon, 22 Nov 2021 05:35:51 -0800 (PST) Received: from [192.168.3.132] (p5b0c667b.dip0.t-ipconnect.de. [91.12.102.123]) by smtp.gmail.com with ESMTPSA id m34sm24540329wms.25.2021.11.22.05.35.50 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 22 Nov 2021 05:35:51 -0800 (PST) Message-ID: <56c0dffc-5fc4-c337-3e85-a5c9ce619140@redhat.com> Date: Mon, 22 Nov 2021 14:35:49 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: [RFC v2 PATCH 01/13] mm/shmem: Introduce F_SEAL_GUEST To: Jason Gunthorpe References: <20211119134739.20218-1-chao.p.peng@linux.intel.com> <20211119134739.20218-2-chao.p.peng@linux.intel.com> <20211119151943.GH876299@ziepe.ca> <20211119160023.GI876299@ziepe.ca> <4efdccac-245f-eb1f-5b7f-c1044ff0103d@redhat.com> <20211122133145.GQ876299@ziepe.ca> From: David Hildenbrand Organization: Red Hat In-Reply-To: <20211122133145.GQ876299@ziepe.ca> Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=david@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=170.10.133.124; envelope-from=david@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -35 X-Spam_score: -3.6 X-Spam_bar: --- X-Spam_report: (-3.6 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.709, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.097, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Wanpeng Li , jun.nakajima@intel.com, kvm@vger.kernel.org, qemu-devel@nongnu.org, "J . Bruce Fields" , linux-mm@kvack.org, "H . Peter Anvin" , Chao Peng , ak@linux.intel.com, Jonathan Corbet , Joerg Roedel , x86@kernel.org, Hugh Dickins , Ingo Molnar , Borislav Petkov , luto@kernel.org, Thomas Gleixner , Vitaly Kuznetsov , Jim Mattson , dave.hansen@intel.com, Sean Christopherson , susie.li@intel.com, Jeff Layton , linux-kernel@vger.kernel.org, john.ji@intel.com, Yu Zhang , linux-fsdevel@vger.kernel.org, Paolo Bonzini , Andrew Morton , "Kirill A . Shutemov" Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" On 22.11.21 14:31, Jason Gunthorpe wrote: > On Mon, Nov 22, 2021 at 10:26:12AM +0100, David Hildenbrand wrote: > >> I do wonder if we want to support sharing such memfds between processes >> in all cases ... we most certainly don't want to be able to share >> encrypted memory between VMs (I heard that the kernel has to forbid >> that). It would make sense in the use case you describe, though. > > If there is a F_SEAL_XX that blocks every kind of new access, who > cares if userspace passes the FD around or not? I was imagining that you actually would want to do some kind of "change ownership". But yeah, the intended semantics and all use cases we have in mind are not fully clear to me yet. If it's really "no new access" (side note: is "access" the right word?) then sure, we can pass the fd around. -- Thanks, David / dhildenb