From: Michal Hocko <mhocko@suse.com>
To: Mike Rapoport <rppt@kernel.org>
Cc: Mike Rapoport <rppt@linux.ibm.com>,
Andrew Morton <akpm@linux-foundation.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Borislav Petkov <bp@alien8.de>,
Catalin Marinas <catalin.marinas@arm.com>,
Christopher Lameter <cl@linux.com>,
Dan Williams <dan.j.williams@intel.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
David Hildenbrand <david@redhat.com>,
Elena Reshetova <elena.reshetova@intel.com>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@redhat.com>,
James Bottomley <jejb@linux.ibm.com>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Matthew Wilcox <willy@infradead.org>,
Mark Rutland <mark.rutland@arm.com>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Peter Zijlstra <peterz@infradead.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
Roman Gushchin <guro@fb.com>, Shakeel Butt <shakeelb@google.com>,
Shuah Khan <shuah@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Tycho Andersen <tycho@tycho.ws>, Will Deacon <will@kernel.org>,
linux-api@vger.kernel.org, linux-arch@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-nvdimm@lists.01.org, linux-riscv@lists.infradead.org,
x86@kernel.org, Hagen Paul Pfeifer <hagen@jauu.net>,
Palmer Dabbelt <palmerdabbelt@google.com>
Subject: Re: [PATCH v17 07/10] mm: introduce memfd_secret system call to create "secret" memory areas
Date: Thu, 11 Feb 2021 13:30:42 +0100 [thread overview]
Message-ID: <YCUjck0I8qgjB24i@dhcp22.suse.cz> (raw)
In-Reply-To: <20210211112008.GH242749@kernel.org>
On Thu 11-02-21 13:20:08, Mike Rapoport wrote:
[...]
> Sealing is anyway controlled via fcntl() and I don't think
> MFD_ALLOW_SEALING makes much sense for the secretmem because it is there to
> prevent rogue file sealing in tmpfs/hugetlbfs.
This doesn't really match my understanding. The primary usecase for the
sealing is to safely and predictably coordinate over shared memory. I
absolutely do not see why this would be incompatible with an additional
requirement to unmap the memory from the kernel to prevent additional
interference from the kernel side. Quite contrary it looks like a very
nice extension to this model.
> As for the huge pages, I'm not sure at all that supporting huge pages in
> secretmem will involve hugetlbfs.
Have a look how hugetlb proliferates through our MM APIs. I strongly
suspect this is strong signal that this won't be any different.
> And even if yes, adding SECRETMEM_HUGE
> flag seems to me less confusing than saying "from kernel x.y you can use
> MFD_CREATE | MFD_SECRET | MFD_HUGE" etc for all possible combinations.
I really fail to see your point. This is a standard model we have. It is
quite natural that flags are added. Moreover adding a new syscall will
not make it any less of a problem.
> > I by no means do not insist one way or the other but from what I have
> > seen so far I have a feeling that the interface hasn't been thought
> > through enough.
>
> It has been, but we have different thoughts about it ;-)
Then you must be carrying a lot of implicit knowledge which I want you
to document.
--
Michal Hocko
SUSE Labs
next prev parent reply other threads:[~2021-02-11 12:49 UTC|newest]
Thread overview: 73+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-08 8:49 [PATCH v17 00/10] mm: introduce memfd_secret system call to create "secret" memory areas Mike Rapoport
2021-02-08 8:49 ` [PATCH v17 01/10] mm: add definition of PMD_PAGE_ORDER Mike Rapoport
2021-02-08 8:49 ` [PATCH v17 02/10] mmap: make mlock_future_check() global Mike Rapoport
2021-02-08 8:49 ` [PATCH v17 03/10] riscv/Kconfig: make direct map manipulation options depend on MMU Mike Rapoport
2021-02-08 8:49 ` [PATCH v17 04/10] set_memory: allow set_direct_map_*_noflush() for multiple pages Mike Rapoport
2021-02-08 8:49 ` [PATCH v17 05/10] set_memory: allow querying whether set_direct_map_*() is actually enabled Mike Rapoport
2021-02-08 8:49 ` [PATCH v17 06/10] arm64: kfence: fix header inclusion Mike Rapoport
2021-02-08 8:49 ` [PATCH v17 07/10] mm: introduce memfd_secret system call to create "secret" memory areas Mike Rapoport
2021-02-08 10:49 ` Michal Hocko
2021-02-08 21:26 ` Mike Rapoport
2021-02-09 8:47 ` Michal Hocko
2021-02-09 9:09 ` Mike Rapoport
2021-02-09 13:17 ` Michal Hocko
2021-02-11 7:13 ` Mike Rapoport
2021-02-11 8:39 ` Michal Hocko
2021-02-11 9:01 ` David Hildenbrand
2021-02-11 9:38 ` Michal Hocko
2021-02-11 9:48 ` David Hildenbrand
2021-02-11 10:02 ` David Hildenbrand
2021-02-11 11:29 ` Mike Rapoport
2021-02-11 11:27 ` Mike Rapoport
2021-02-11 12:07 ` David Hildenbrand
2021-02-11 23:09 ` Mike Rapoport
2021-02-12 9:18 ` David Hildenbrand
2021-02-14 9:19 ` Mike Rapoport
2021-02-14 9:58 ` David Hildenbrand
2021-02-14 19:21 ` James Bottomley
2021-02-15 9:13 ` Michal Hocko
2021-02-15 18:14 ` James Bottomley
2021-02-15 19:20 ` Michal Hocko
2021-02-16 16:25 ` James Bottomley
2021-02-16 16:34 ` David Hildenbrand
2021-02-16 16:44 ` James Bottomley
2021-02-16 17:16 ` David Hildenbrand
2021-02-17 16:19 ` James Bottomley
2021-02-22 9:38 ` David Hildenbrand
2021-02-22 10:50 ` David Hildenbrand
2021-02-16 16:51 ` Michal Hocko
2021-02-11 11:20 ` Mike Rapoport
2021-02-11 12:30 ` Michal Hocko [this message]
2021-02-11 22:59 ` Mike Rapoport
2021-02-12 9:02 ` Michal Hocko
2021-02-08 8:49 ` [PATCH v17 08/10] PM: hibernate: disable when there are active secretmem users Mike Rapoport
2021-02-08 10:18 ` Michal Hocko
2021-02-08 10:32 ` David Hildenbrand
2021-02-08 10:51 ` Michal Hocko
2021-02-08 10:53 ` David Hildenbrand
2021-02-08 10:57 ` Michal Hocko
2021-02-08 11:13 ` David Hildenbrand
2021-02-08 11:14 ` David Hildenbrand
2021-02-08 11:26 ` David Hildenbrand
2021-02-08 12:17 ` Michal Hocko
2021-02-08 13:34 ` Michal Hocko
2021-02-08 13:40 ` David Hildenbrand
2021-02-08 21:28 ` Mike Rapoport
2021-02-22 7:34 ` Matthew Garrett
2021-02-22 10:23 ` Mike Rapoport
2021-02-22 18:27 ` Matthew Garrett
2021-02-22 19:17 ` Dan Williams
2021-02-22 19:21 ` James Bottomley
2021-02-08 8:49 ` [PATCH v17 09/10] arch, mm: wire up memfd_secret system call where relevant Mike Rapoport
2021-02-08 8:49 ` [PATCH v17 10/10] secretmem: test: add basic selftest for memfd_secret(2) Mike Rapoport
2021-02-08 9:27 ` [PATCH v17 00/10] mm: introduce memfd_secret system call to create "secret" memory areas David Hildenbrand
2021-02-08 21:13 ` Mike Rapoport
2021-02-08 21:38 ` David Hildenbrand
2021-02-09 8:59 ` Michal Hocko
2021-02-09 9:15 ` David Hildenbrand
2021-02-09 9:53 ` Michal Hocko
2021-02-09 10:23 ` David Hildenbrand
2021-02-09 10:30 ` David Hildenbrand
2021-02-09 13:25 ` Michal Hocko
2021-02-09 16:17 ` David Hildenbrand
2021-02-09 20:08 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YCUjck0I8qgjB24i@dhcp22.suse.cz \
--to=mhocko@suse.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=cl@linux.com \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=david@redhat.com \
--cc=elena.reshetova@intel.com \
--cc=guro@fb.com \
--cc=hagen@jauu.net \
--cc=hpa@zytor.com \
--cc=jejb@linux.ibm.com \
--cc=kirill@shutemov.name \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-nvdimm@lists.01.org \
--cc=linux-riscv@lists.infradead.org \
--cc=luto@kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@redhat.com \
--cc=mtk.manpages@gmail.com \
--cc=palmer@dabbelt.com \
--cc=palmerdabbelt@google.com \
--cc=paul.walmsley@sifive.com \
--cc=peterz@infradead.org \
--cc=rick.p.edgecombe@intel.com \
--cc=rppt@kernel.org \
--cc=rppt@linux.ibm.com \
--cc=shakeelb@google.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=tycho@tycho.ws \
--cc=viro@zeniv.linux.org.uk \
--cc=will@kernel.org \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).