Mailing List Archive

[RFC PATCH v3 0/2] Providing mount in memfd_restricted() syscall
Hello,

This patchset builds upon the memfd_restricted() system call that was
discussed in the ‘KVM: mm: fd-based approach for supporting KVM’ patch
series, at
https://lore.kernel.org/lkml/20221202061347.1070246-1-chao.p.peng@linux.intel.com/T/

The tree can be found at:
https://github.com/googleprodkernel/linux-cc/tree/restrictedmem-provide-mount-fd-rfc-v3

In this patchset, a modification to the memfd_restricted() syscall is
proposed, which allows userspace to provide a mount, on which the
restrictedmem file will be created and returned from the
memfd_restricted().

Allowing userspace to provide a mount allows userspace to control
various memory binding policies via tmpfs mount options, such as
Transparent HugePage memory allocation policy through
‘huge=always/never’ and NUMA memory allocation policy through
‘mpol=local/bind:*’.

Changes since RFCv2:
+ Tightened semantics to accept only fds of the root of a tmpfs mount,
as Christian suggested
+ Added permissions check on the inode represented by the fd to guard
against creation of restrictedmem files on read-only tmpfs
filesystems or mounts
+ Renamed RMFD_TMPFILE to RMFD_USERMNT to better represent providing a
userspace mount to create a restrictedmem file on
+ Updated selftests for tighter semantics and added selftests to check
for permissions

Changes since RFCv1:
+ Use fd to represent mount instead of path string, as Kirill
suggested. I believe using fds makes this syscall interface more
aligned with the other syscalls like fsopen(), fsconfig(), and
fsmount() in terms of using and passing around fds
+ Remove unused variable char *orig_shmem_enabled from selftests

Dependencies:
+ Sean’s iteration of the ‘KVM: mm: fd-based approach for supporting
KVM’ patch series at
https://github.com/sean-jc/linux/tree/x86/upm_base_support
+ Proposed fixes for these issues mentioned on the mailing list:
+ https://lore.kernel.org/lkml/diqzzga0fv96.fsf@ackerleytng-cloudtop-sg.c.googlers.com/

Links to earlier patch series:
+ RFC v2: https://lore.kernel.org/lkml/cover.1679428901.git.ackerleytng@google.com/T/
+ RFC v1: https://lore.kernel.org/lkml/cover.1676507663.git.ackerleytng@google.com/T/

---

Ackerley Tng (2):
mm: restrictedmem: Allow userspace to specify mount for
memfd_restricted
selftests: restrictedmem: Check hugepage-ness of shmem file backing
restrictedmem fd

include/linux/syscalls.h | 2 +-
include/uapi/linux/restrictedmem.h | 8 +
mm/restrictedmem.c | 74 ++-
tools/testing/selftests/Makefile | 1 +
.../selftests/restrictedmem/.gitignore | 3 +
.../testing/selftests/restrictedmem/Makefile | 15 +
.../testing/selftests/restrictedmem/common.c | 9 +
.../testing/selftests/restrictedmem/common.h | 8 +
.../restrictedmem_hugepage_test.c | 486 ++++++++++++++++++
9 files changed, 599 insertions(+), 7 deletions(-)
create mode 100644 include/uapi/linux/restrictedmem.h
create mode 100644 tools/testing/selftests/restrictedmem/.gitignore
create mode 100644 tools/testing/selftests/restrictedmem/Makefile
create mode 100644 tools/testing/selftests/restrictedmem/common.c
create mode 100644 tools/testing/selftests/restrictedmem/common.h
create mode 100644 tools/testing/selftests/restrictedmem/restrictedmem_hugepage_test.c

--
2.40.0.348.gf938b09366-goog