From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A34D6C34026 for ; Tue, 18 Feb 2020 16:03:55 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 5DFE4208C4 for ; Tue, 18 Feb 2020 16:03:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=kernel.org header.i=@kernel.org header.b="EBbEiQ3c" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5DFE4208C4 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id EBCBF6B0003; Tue, 18 Feb 2020 11:03:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id E46B46B0008; Tue, 18 Feb 2020 11:03:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id D35096B000A; Tue, 18 Feb 2020 11:03:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0040.hostedemail.com [216.40.44.40]) by kanga.kvack.org (Postfix) with ESMTP id B5B436B0003 for ; Tue, 18 Feb 2020 11:03:54 -0500 (EST) Received: from smtpin24.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 4A42E14534 for ; Tue, 18 Feb 2020 16:03:54 +0000 (UTC) X-FDA: 76503718788.24.curve86_69e81efe08f47 Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin24.hostedemail.com (Postfix) with ESMTP id 0A4741AA80 for ; Tue, 18 Feb 2020 16:02:08 +0000 (UTC) X-HE-Tag: curve86_69e81efe08f47 X-Filterd-Recvd-Size: 4357 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by imf03.hostedemail.com (Postfix) with ESMTP for ; Tue, 18 Feb 2020 16:02:07 +0000 (UTC) Received: from willie-the-truck (236.31.169.217.in-addr.arpa [217.169.31.236]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8FD2922527; Tue, 18 Feb 2020 16:02:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582041727; bh=hN28+Ay2H5jTjMOZ+hxg/ApwOVLJQlXIAGiMgkW6COs=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=EBbEiQ3cJH6oaErmMY0R8Ko5rR88owI20jhjGsyc8rNdegFlk+0TkdpO5pI/2o9rm 6lx9Ahe937zu+w1YgRxo+2V8q2myLs57kLp3Unhst/ducejPmi6CxCn6ssTK12dKjh N4+XPTbcs6kPQGiR38zZEULakQk4bXRsrchv+VHU= Date: Tue, 18 Feb 2020 16:02:00 +0000 From: Will Deacon To: Christian Borntraeger Cc: Janosch Frank , Andrew Morton , Marc Zyngier , Sean Christopherson , Tom Lendacky , KVM , Cornelia Huck , David Hildenbrand , Thomas Huth , Ulrich Weigand , Claudio Imbrenda , Andrea Arcangeli , linux-s390 , Michael Mueller , Vasily Gorbik , linux-mm@kvack.org, kvm-ppc@vger.kernel.org, Paolo Bonzini , mark.rutland@arm.com, qperret@google.com, palmerdabbelt@google.com Subject: Re: [PATCH 01/35] mm:gup/writeback: add callbacks for inaccessible pages Message-ID: <20200218160159.GA1133@willie-the-truck> References: <20200207113958.7320-1-borntraeger@de.ibm.com> <20200207113958.7320-2-borntraeger@de.ibm.com> <28792269-e053-ac70-a344-45612ee5c729@de.ibm.com> <20200211112611.GD8560@willie-the-truck> <618384fa-fa5e-66e8-221a-726e7dcf1d8c@de.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <618384fa-fa5e-66e8-221a-726e7dcf1d8c@de.ibm.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Feb 13, 2020 at 03:48:16PM +0100, Christian Borntraeger wrote: > > > On 11.02.20 12:26, Will Deacon wrote: > > On Mon, Feb 10, 2020 at 06:27:04PM +0100, Christian Borntraeger wrote: > >> CC Marc Zyngier for KVM on ARM. Marc, see below. Will there be any > >> use for this on KVM/ARM in the future? > > > > I can't speak for Marc, but I can say that we're interested in something > > like this for potentially isolating VMs from a KVM host in Android. > > However, we've currently been working on the assumption that the memory > > removed from the host won't usually be touched by the host (i.e. no > > KSM or swapping out), so all we'd probably want at the moment is to be > > able to return an error back from arch_make_page_accessible(). Its return > > code is ignored in this patch :/ > > I think there are two ways at the moment. One is to keep the memory away from > Linux, e.g. by using the memory as device driver memory like kmalloc. This is > kind of what Power does. And I understand you as you want to follow that model > and do not want to use paging, file backing or so. Correct. > Our approach tries to fully integrate into the existing Linux LRU methods. > > Back to your approach. What happens when a malicious QEMU would start direct I/O > on such isolated memory? Is that what you meant by adding error checking in these > hooks. For the gup.c code returning an error seems straightforward. Yes, it would be nice if the host could avoid even trying to access the page if it's inaccessible and so returning an error from arch_make_page_accessible() would be a good way to achieve that. If the access goes ahead anyway, then the hypervisor will have to handle the fault and effectively ignore the host access (writes will be lost, reads will return poison). > I have no idea what to do in writeback. When somebody managed to trigger writeback > on such a page, it already seems too late. For now, we could just have a BUG_ON(). Will