From: Mike Rapoport <rppt@kernel.org> To: Andrew Morton <akpm@linux-foundation.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk>, Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>, Borislav Petkov <bp@alien8.de>, Catalin Marinas <catalin.marinas@arm.com>, Christopher Lameter <cl@linux.com>, Dan Williams <dan.j.williams@intel.com>, Dave Hansen <dave.hansen@linux.intel.com>, David Hildenbrand <david@redhat.com>, Elena Reshetova <elena.reshetova@intel.com>, "H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>, James Bottomley <jejb@linux.ibm.com>, "Kirill A. Shutemov" <kirill@shutemov.name>, Matthew Wilcox <willy@infradead.org>, Mark Rutland <mark.rutland@arm.com>, Mike Rapoport <rppt@linux.ibm.com>, Mike Rapoport <rppt@kernel.org>, Michael Kerrisk <mtk.manpages@gmail.com>, Palmer Dabbelt <palmer@dabbelt.com>, Paul Walmsley <paul.walmsley@sifive.com>, Peter Zijlstra <peterz@infradead.org>, Rick Edgecombe <rick.p.edgecombe@intel.com>, Roman Gushchin <guro@fb.com>, Shakeel Butt <shakeelb@google.com>, Shuah Khan <shuah@kernel.org>, Thomas Gleixner <tglx@linutronix.de>, Tycho Andersen <tycho@tycho.ws>, Will Deacon <will@kernel.org>, linux-api@vger.kernel.org, linux-arch@vger.kernel.org, linux-arm-kernel@lists.infradead.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-nvdimm@lists.01.org, linux-riscv@lists.infradead.org, x86@kernel.org, Hagen Paul Pfeifer <hagen@jauu.net>, Palmer Dabbelt <palmerdabbelt@google.com> Subject: [PATCH v16 09/11] PM: hibernate: disable when there are active secretmem users Date: Thu, 21 Jan 2021 14:27:21 +0200 Message-ID: <20210121122723.3446-10-rppt@kernel.org> (raw) In-Reply-To: <20210121122723.3446-1-rppt@kernel.org> From: Mike Rapoport <rppt@linux.ibm.com> It is unsafe to allow saving of secretmem areas to the hibernation snapshot as they would be visible after the resume and this essentially will defeat the purpose of secret memory mappings. Prevent hibernation whenever there are active secret memory users. Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Andy Lutomirski <luto@kernel.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Borislav Petkov <bp@alien8.de> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Christopher Lameter <cl@linux.com> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: David Hildenbrand <david@redhat.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Cc: Hagen Paul Pfeifer <hagen@jauu.net> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: "Kirill A. Shutemov" <kirill@shutemov.name> Cc: Mark Rutland <mark.rutland@arm.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: Palmer Dabbelt <palmer@dabbelt.com> Cc: Palmer Dabbelt <palmerdabbelt@google.com> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rick Edgecombe <rick.p.edgecombe@intel.com> Cc: Roman Gushchin <guro@fb.com> Cc: Shakeel Butt <shakeelb@google.com> Cc: Shuah Khan <shuah@kernel.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Tycho Andersen <tycho@tycho.ws> Cc: Will Deacon <will@kernel.org> --- include/linux/secretmem.h | 6 ++++++ kernel/power/hibernate.c | 5 ++++- mm/secretmem.c | 15 +++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/include/linux/secretmem.h b/include/linux/secretmem.h index 70e7db9f94fe..907a6734059c 100644 --- a/include/linux/secretmem.h +++ b/include/linux/secretmem.h @@ -6,6 +6,7 @@ bool vma_is_secretmem(struct vm_area_struct *vma); bool page_is_secretmem(struct page *page); +bool secretmem_active(void); #else @@ -19,6 +20,11 @@ static inline bool page_is_secretmem(struct page *page) return false; } +static inline bool secretmem_active(void) +{ + return false; +} + #endif /* CONFIG_SECRETMEM */ #endif /* _LINUX_SECRETMEM_H */ diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index da0b41914177..559acef3fddb 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -31,6 +31,7 @@ #include <linux/genhd.h> #include <linux/ktime.h> #include <linux/security.h> +#include <linux/secretmem.h> #include <trace/events/power.h> #include "power.h" @@ -81,7 +82,9 @@ void hibernate_release(void) bool hibernation_available(void) { - return nohibernate == 0 && !security_locked_down(LOCKDOWN_HIBERNATION); + return nohibernate == 0 && + !security_locked_down(LOCKDOWN_HIBERNATION) && + !secretmem_active(); } /** diff --git a/mm/secretmem.c b/mm/secretmem.c index 05026460e2ee..6ef32ad08184 100644 --- a/mm/secretmem.c +++ b/mm/secretmem.c @@ -45,6 +45,13 @@ struct secretmem_ctx { static struct cma *secretmem_cma; +static atomic_t secretmem_users; + +bool secretmem_active(void) +{ + return !!atomic_read(&secretmem_users); +} + static int secretmem_account_pages(struct page *page, gfp_t gfp, int order) { int err; @@ -193,6 +200,12 @@ static const struct vm_operations_struct secretmem_vm_ops = { .fault = secretmem_fault, }; +static int secretmem_release(struct inode *inode, struct file *file) +{ + atomic_dec(&secretmem_users); + return 0; +} + static int secretmem_mmap(struct file *file, struct vm_area_struct *vma) { unsigned long len = vma->vm_end - vma->vm_start; @@ -215,6 +228,7 @@ bool vma_is_secretmem(struct vm_area_struct *vma) } static const struct file_operations secretmem_fops = { + .release = secretmem_release, .mmap = secretmem_mmap, }; @@ -330,6 +344,7 @@ SYSCALL_DEFINE1(memfd_secret, unsigned long, flags) file->f_flags |= O_LARGEFILE; fd_install(fd, file); + atomic_inc(&secretmem_users); return fd; err_put_fd: -- 2.28.0
next prev parent reply index Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-01-21 12:27 [PATCH v16 00/11] mm: introduce memfd_secret system call to create "secret" memory areas Mike Rapoport 2021-01-21 12:27 ` [PATCH v16 01/11] mm: add definition of PMD_PAGE_ORDER Mike Rapoport 2021-01-21 12:27 ` [PATCH v16 02/11] mmap: make mlock_future_check() global Mike Rapoport 2021-01-21 12:27 ` [PATCH v16 03/11] riscv/Kconfig: make direct map manipulation options depend on MMU Mike Rapoport 2021-01-21 12:27 ` [PATCH v16 04/11] set_memory: allow set_direct_map_*_noflush() for multiple pages Mike Rapoport 2021-01-21 12:27 ` [PATCH v16 05/11] set_memory: allow querying whether set_direct_map_*() is actually enabled Mike Rapoport 2021-01-21 12:27 ` [PATCH v16 06/11] mm: introduce memfd_secret system call to create "secret" memory areas Mike Rapoport 2021-01-25 17:01 ` Michal Hocko 2021-01-25 21:36 ` Mike Rapoport 2021-01-26 7:16 ` Michal Hocko 2021-01-26 8:33 ` Mike Rapoport 2021-01-26 9:00 ` Michal Hocko 2021-01-26 9:20 ` Mike Rapoport 2021-01-26 9:49 ` Michal Hocko 2021-01-26 9:53 ` David Hildenbrand 2021-01-26 10:19 ` Michal Hocko 2021-01-26 9:20 ` Michal Hocko 2021-02-03 12:15 ` Michal Hocko 2021-02-04 11:34 ` Mike Rapoport 2021-01-21 12:27 ` [PATCH v16 07/11] secretmem: use PMD-size pages to amortize direct map fragmentation Mike Rapoport 2021-01-26 11:46 ` Michal Hocko 2021-01-26 11:56 ` David Hildenbrand 2021-01-26 12:08 ` Michal Hocko 2021-01-28 9:22 ` Mike Rapoport 2021-01-28 13:01 ` Michal Hocko 2021-01-28 13:28 ` Christoph Lameter 2021-01-28 13:49 ` Michal Hocko 2021-01-28 15:56 ` Christoph Lameter 2021-01-28 16:23 ` Michal Hocko 2021-01-28 15:28 ` James Bottomley 2021-01-29 7:03 ` Mike Rapoport 2021-01-28 21:05 ` James Bottomley [not found] ` <YBPF8ETGBHUzxaZR@dhcp22.suse.cz> 2021-02-01 16:56 ` James Bottomley 2021-02-02 9:35 ` Michal Hocko 2021-02-02 12:48 ` Mike Rapoport 2021-02-02 13:14 ` David Hildenbrand 2021-02-02 13:32 ` Michal Hocko 2021-02-02 14:12 ` David Hildenbrand 2021-02-02 14:22 ` Michal Hocko 2021-02-02 14:26 ` David Hildenbrand 2021-02-02 14:32 ` Michal Hocko 2021-02-02 14:34 ` David Hildenbrand 2021-02-02 18:15 ` Mike Rapoport 2021-02-02 18:55 ` James Bottomley 2021-02-03 12:09 ` Michal Hocko 2021-02-04 11:31 ` Mike Rapoport 2021-02-02 13:27 ` Michal Hocko 2021-02-02 19:10 ` Mike Rapoport 2021-02-03 9:12 ` Michal Hocko 2021-02-04 9:58 ` Mike Rapoport 2021-02-04 13:02 ` Michal Hocko 2021-01-29 7:21 ` Mike Rapoport 2021-01-29 8:51 ` Michal Hocko 2021-02-02 14:42 ` David Hildenbrand 2021-01-21 12:27 ` [PATCH v16 08/11] secretmem: add memcg accounting Mike Rapoport 2021-01-25 16:17 ` Matthew Wilcox 2021-01-25 17:18 ` Shakeel Butt 2021-01-25 21:35 ` Mike Rapoport 2021-01-28 15:07 ` Shakeel Butt 2021-01-25 16:54 ` Michal Hocko 2021-01-25 21:38 ` Mike Rapoport 2021-01-26 7:31 ` Michal Hocko 2021-01-26 8:56 ` Mike Rapoport 2021-01-26 9:15 ` Michal Hocko 2021-01-26 14:48 ` Matthew Wilcox 2021-01-26 15:05 ` Michal Hocko 2021-01-27 18:42 ` Roman Gushchin 2021-01-28 7:58 ` Michal Hocko 2021-01-28 14:05 ` Shakeel Butt 2021-01-28 14:22 ` Michal Hocko 2021-01-28 14:57 ` Shakeel Butt 2021-01-21 12:27 ` Mike Rapoport [this message] 2021-01-21 12:27 ` [PATCH v16 10/11] arch, mm: wire up memfd_secret system call where relevant Mike Rapoport 2021-01-25 18:18 ` Catalin Marinas 2021-01-21 12:27 ` [PATCH v16 11/11] secretmem: test: add basic selftest for memfd_secret(2) Mike Rapoport 2021-01-21 22:18 ` [PATCH v16 00/11] mm: introduce memfd_secret system call to create "secret" memory areas Andrew Morton
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20210121122723.3446-10-rppt@kernel.org \ --to=rppt@kernel.org \ --cc=akpm@linux-foundation.org \ --cc=arnd@arndb.de \ --cc=bp@alien8.de \ --cc=catalin.marinas@arm.com \ --cc=cl@linux.com \ --cc=dan.j.williams@intel.com \ --cc=dave.hansen@linux.intel.com \ --cc=david@redhat.com \ --cc=elena.reshetova@intel.com \ --cc=guro@fb.com \ --cc=hagen@jauu.net \ --cc=hpa@zytor.com \ --cc=jejb@linux.ibm.com \ --cc=kirill@shutemov.name \ --cc=linux-api@vger.kernel.org \ --cc=linux-arch@vger.kernel.org \ --cc=linux-arm-kernel@lists.infradead.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-kselftest@vger.kernel.org \ --cc=linux-mm@kvack.org \ --cc=linux-nvdimm@lists.01.org \ --cc=linux-riscv@lists.infradead.org \ --cc=luto@kernel.org \ --cc=mark.rutland@arm.com \ --cc=mingo@redhat.com \ --cc=mtk.manpages@gmail.com \ --cc=palmer@dabbelt.com \ --cc=palmerdabbelt@google.com \ --cc=paul.walmsley@sifive.com \ --cc=peterz@infradead.org \ --cc=rick.p.edgecombe@intel.com \ --cc=rppt@linux.ibm.com \ --cc=shakeelb@google.com \ --cc=shuah@kernel.org \ --cc=tglx@linutronix.de \ --cc=tycho@tycho.ws \ --cc=viro@zeniv.linux.org.uk \ --cc=will@kernel.org \ --cc=willy@infradead.org \ --cc=x86@kernel.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Linux-api Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/linux-api/0 linux-api/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 linux-api linux-api/ https://lore.kernel.org/linux-api \ linux-api@vger.kernel.org public-inbox-index linux-api Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-api AGPL code for this site: git clone https://public-inbox.org/public-inbox.git