From patchwork Wed Dec 11 10:37:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alice Ryhl X-Patchwork-Id: 13903327 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBF25E77182 for ; Wed, 11 Dec 2024 10:37:51 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 56C0C6B011A; Wed, 11 Dec 2024 05:37:49 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 4800A8D001B; Wed, 11 Dec 2024 05:37:49 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 20E778D0017; Wed, 11 Dec 2024 05:37:49 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id EABD96B011A for ; Wed, 11 Dec 2024 05:37:48 -0500 (EST) Received: from smtpin12.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id A34E0A0C87 for ; Wed, 11 Dec 2024 10:37:48 +0000 (UTC) X-FDA: 82882326744.12.6BD787D Received: from mail-wm1-f74.google.com (mail-wm1-f74.google.com [209.85.128.74]) by imf13.hostedemail.com (Postfix) with ESMTP id DD06E20019 for ; Wed, 11 Dec 2024 10:37:23 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="MkhoqML/"; spf=pass (imf13.hostedemail.com: domain of 3eWtZZwkKCPYYjgacpwfjemmejc.amkjglsv-kkitYai.mpe@flex--aliceryhl.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=3eWtZZwkKCPYYjgacpwfjemmejc.amkjglsv-kkitYai.mpe@flex--aliceryhl.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733913456; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=H9J7APDOlzo7bms4ez8DHMnNHWyqhL35jyR1kYpr9QI=; b=FyiFBVlnujKeILRgWg21avG18e8+kmb1PCc0veW/XXgLPyo7uLWa3KuLBXmOszr4PIk4vm uyDncDbz/1GFjaqkRThm6wpu4eDq0B+z/7NmxTWySsBJ2VDUKSmwOybpuL+eg8iCWyFqth c/L6wSKq1H9GYzytxGR5aPGkUMqQOFU= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b="MkhoqML/"; spf=pass (imf13.hostedemail.com: domain of 3eWtZZwkKCPYYjgacpwfjemmejc.amkjglsv-kkitYai.mpe@flex--aliceryhl.bounces.google.com designates 209.85.128.74 as permitted sender) smtp.mailfrom=3eWtZZwkKCPYYjgacpwfjemmejc.amkjglsv-kkitYai.mpe@flex--aliceryhl.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733913456; a=rsa-sha256; cv=none; b=H2SuiAff4YDGt+qs0ab4UcvCCeem+XX4w5lWCBHjPAx/Yad3wLVwkvai3cM7QkuGMQmlXn 1enW0Vipc+x8zGl0a5UUV1s/uisEdoVJthh6cqJzRlXe5NJINKynDYUwCiJwsy/iL7M4ZA 68/npIh9PM9lQV7A7aNOCSi9vEhFiiA= Received: by mail-wm1-f74.google.com with SMTP id 5b1f17b1804b1-434e9e1b4d7so2245595e9.3 for ; Wed, 11 Dec 2024 02:37:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1733913465; x=1734518265; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=H9J7APDOlzo7bms4ez8DHMnNHWyqhL35jyR1kYpr9QI=; b=MkhoqML/cY+sZrM8fgtXKopU97S02fMMRo/iNq0Sk2Q5MVE+agtGL+I5np6dKR+wpx AA6GTyo3Mg2SF9sSncyAM6K1Lrb4L7kkYesMGVxwqe1k4V10rSFLRq841sXu9hEXXHUn NQOnY3UTfyZ21LxbrDXGz24RoWJTJ/LPSsQKS5jTTEGtKwDQxV2R1xrgJ4Em5F9l1ex/ 5ftIAjLQdlKwpBfqH9HypKUvbHWleBswAic2nnDrUEhSv1FsUtvcWhjNxz6yf94IoRpj 3ybU1TTJ1OJFQzus5NlaDhCi9pvsd+W+Uh1N8qlE2EelMDsz9MdQrHj0G2Hz2frKZSj5 04Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733913465; x=1734518265; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=H9J7APDOlzo7bms4ez8DHMnNHWyqhL35jyR1kYpr9QI=; b=g9noUT7Df/An9HeFOiNs+Q9IPK03Lw5J50dfOuZjajlpXfe2Ak/vIMIvFBdouYGYDJ Ab95M8S+75IpFa/MkHOpAbH/ki5rFY7F+/VXeF8zpkAeHw1RwRjj7m2drFzUm6GkIawA qHLoBFG+YdGRlu0Q8FtBgrRVbCtpt+KExuNbo63PRXcjR8v1klRauB7mhLJhfn1yWvhw RiTGWND41fmmh9hWwJeIxil7/5gPfhPfBZ0XAIv9/NdMPCtPMfkDQB3tg0/Q7g2PJD61 AbblW8MvCuiR4Zjc2R382IKHDCeaaBiRcwYkXxeNiEXuFpDyaNTvjFlO1Snx7VRuczp9 IBbg== X-Forwarded-Encrypted: i=1; AJvYcCUQToXtR69ScnlHGbGPDV8VM6lVl7Gs9NTJtZVKVlN5pPUmVwfMvDLU59zw4AXH2l/+jgsDCmYG/g==@kvack.org X-Gm-Message-State: AOJu0YxyDqLQTKt9IMEv0NQXFtGqQguP/oS8tOq5gD7XPTmnicGSic7i z0ehr0CR5195m1djHtEmnHlOyG0qONrl0sS+cJLTwXaMvMVu3auQkpN0JLKhKuql7qgXiYHlX/x kygkvcii2ix+Q6g== X-Google-Smtp-Source: AGHT+IEHXGYW3IxnBDufE3uW2/yO/pfGqLpiPsVXzHTtpypegQgEznYG6piRm0MwSTPxkbuG6wjEylcUkB+RemI= X-Received: from wmlu15.prod.google.com ([2002:a05:600c:210f:b0:434:f0d4:cbaf]) (user=aliceryhl job=prod-delivery.src-stubby-dispatcher) by 2002:a05:600c:3b94:b0:434:f0df:9f6 with SMTP id 5b1f17b1804b1-4361c346814mr18704535e9.3.1733913465503; Wed, 11 Dec 2024 02:37:45 -0800 (PST) Date: Wed, 11 Dec 2024 10:37:10 +0000 In-Reply-To: <20241211-vma-v11-0-466640428fc3@google.com> Mime-Version: 1.0 References: <20241211-vma-v11-0-466640428fc3@google.com> X-Developer-Key: i=aliceryhl@google.com; a=openpgp; fpr=49F6C1FAA74960F43A5B86A1EE7A392FDE96209F X-Developer-Signature: v=1; a=openpgp-sha256; l=8235; i=aliceryhl@google.com; h=from:subject:message-id; bh=seaPzXRr+ND8q/GQYnUjLUdeX+eDlOtmUd9qc8R35Uw=; b=owEBbQKS/ZANAwAKAQRYvu5YxjlGAcsmYgBnWWtph/aiDjcWSnagWFqg3c8CayEabkssTHofo IIZe48WPGWJAjMEAAEKAB0WIQSDkqKUTWQHCvFIvbIEWL7uWMY5RgUCZ1lraQAKCRAEWL7uWMY5 RhAmD/48pALXpz/NRk7/Fwz/9MCuo0u66DfT05kQmm6LINIciACvTECWnSEQ0tqAKRNpsp/3Fex M4Jpu48j5eDcPWEe/l1C35rsiOmHX4W4JVrnnbQZp+/CjgyqyKCcGdDeeAsbF9Fup1VX8msId3D /03PP6NhmDZYipxZdlby2oUlmR34VgBi5vhQUaLndkfR7m4sEFY9dttHnlypa8gl+V0gKxmY79U 9JhN1ZFWyvUIYXm8lClnAsbDLy08fgFrDbEUeFzSMhVR1kTYVdrrhv5dekv/RSP83A632PXlet0 PYeKGYna7WKapvDmtx8K7d0S/9kzlS2ohG7IDbWe5ZGerwfda1ceER8EtUwLQcpx6Lodt9LYOWU 0WrCa6ARlGG4I/YVU2U6dzSxkYI3Kozqnl6EzH58UkK9BXMGdSGAL+HX19s8k94rmcbVe5P7PHi W+05YwL+uuVwdmWJJ3JWrwvQTW1iF2nFdQXtgZ2iGluLiOIQYSiG9J8og/1HIcZ0hzT7VTzDTL7 8A3/CIHP3KV5PwM6wFMQXsbOnuL1jQF2ZQmrxOfLskPlDXn3meCorLLNaO9pkEG5rjCOyNHwD6p 7r6CLbjSBFYOiYh8+hJVc36KbYuQafNb+ARWM1sWBLGLoe0W8HWuM103Eetus0orFCyJ79zlJFI VIEfxrJdZ6KH4lQ== X-Mailer: b4 0.13.0 Message-ID: <20241211-vma-v11-6-466640428fc3@google.com> Subject: [PATCH v11 6/8] mm: rust: add VmAreaNew for f_ops->mmap() From: Alice Ryhl To: Miguel Ojeda , Matthew Wilcox , Lorenzo Stoakes , Vlastimil Babka , John Hubbard , "Liam R. Howlett" , Andrew Morton , Greg Kroah-Hartman , Arnd Bergmann , Christian Brauner , Jann Horn , Suren Baghdasaryan Cc: Alex Gaynor , Boqun Feng , Gary Guo , " =?utf-8?q?Bj=C3=B6rn_Roy_Baron?= " , Benno Lossin , Andreas Hindborg , Trevor Gross , linux-kernel@vger.kernel.org, linux-mm@kvack.org, rust-for-linux@vger.kernel.org, Alice Ryhl X-Rspamd-Queue-Id: DD06E20019 X-Stat-Signature: tr1ao9sz9gibzt1zpmqwgjcot8m5fi1p X-Rspam-User: X-Rspamd-Server: rspam11 X-HE-Tag: 1733913443-31838 X-HE-Meta: U2FsdGVkX19l65nYFB934adfKhsmAkmTTdcQh1I2Jt+IMMHIZSSIw23Val44OlmhAz6dDVijKTFv5lVO5CTMi/AlwYHSR2Gbzui3TN75ecXFWPYfre1ZwCVKgyCrpzeCyfp8lCw8oncNK4yQBCAWJGATG0sa4WVxs9OopTFKLnqrQOuvIzXnZyPFGAgPTXarRzar59zpGrEQWwd0fA3O3GIwElmuHA9C/drecW4QCafglu6ra71Gh9J4uvICASqOj9GgD4Yv1tEEdUVblW7sBJK9000wggYkQ0XzKlMzmcnOVymDpNGaJwbOCvetBE42thu2qNqrsqXy+RtZIfs6HThY89kGjN9dnQO4lAl6xxWsZwpZ8V02ry2hKT1+UVsXADDqaOsp3FUSUCozalj+tpoKh10TGMHNjekclkgSKuFqPFDjP+yo7yhfI4Y9ox9fpUesvq4SFkYMl5BXjy8yLGuYBCok54Ya6YUTSCwhI/EJJ6iIcZ+2ANEWf8Wj0rf/KzVbD4L3ovJxm0T/A2Uzz5xG1XzHf0NJWuDWxHHpsYRP1LYWYGSjVrBL0g6q/tLTwpxFBmiwhgWiCYyz+UdsZ5AYG4YuxlqNCU3QZXPparEjaiRICVv+pEUKWvhRevaKUqChiQCqw131lEl5eRtkbouzrZPwzErrZD0M6eoHDgTau5eX16gLFxxelUNQzQpgnnnW9GxDIw0jHOCqaLg37xno3BAaE9kL5gd+nruiXcxm6bd1qXOtBuuYf+XDArLmRT/EfOEBXaZ2qK6bSbTYpXirjTakPE3H9VjD3ljb9g+7gMP/xAmWzdZcPAg+iMEtKDTqzSZCnK+ZmG/DGSXqZKssZZCHlBxJI2sBqT10tRS+ee/zh3+n2Z/ASDYmiWsE9Yyio9rOkWZPgJvCnYcwy1fT5IC/Qect4MnjZKsmoYKo7DUHKkYTwNTczpHSu5L0HfQ3mHjsjYbTc0YkQ30 U4Bx0lY4 yg/FidYwNaCaqgQ5LUDaTmSCY8it6OndOZqiCNSbZVMgD4NWJr4rsfWyeT2y+792LE6h5uR++n+Mwcj6vS6DYhOmDQTIIszK/1LAfegxHedjnRE8pZrS34QtULelZ4l/Pk6Daw+nvjupZqfTx5mfX5j2+dsLw5iT8S91n4HiTZ0IVum0WdQuQGR9r7dK47giA4+HFJ4GvS+zyxDM78sd5zRzy78m2PNLTd18S5QPz8sp2OozkmanzhgUajHNt0ZPrSd4TR+esk3WleemRoRa10iIIZf5CK3WoUldULk+VG+wm4buaMpmarYVxSg3nbI2qKLTYGi7EZXhzmIVewEHHHRx4N3CAIxvLKLx3RmZARynWjL70tr4DWqSwl7TLTlz0hXgrKb0/zkGPYQhKVEp4GJ/uBc5yEMINRivesMOl+3ubmlV3Iabg/KTJ3URj0pw7ifRgQTmOD8Rbi9V9OZDUO7El4rFBXcPrTVl5nGrMs9UFA6EDP1preI7P0b7671xy7JUurwiZ34d/e/9H6axSK5BQvSfNpD0iCGaFKqYnDcVemhmFbTr767nrDqiNx2I39XGd8kExawle5MXZ6BtEbonoGrQoelOC8PlbmprmRRz2aBm/JEhOI4CXZCMwthYEXYOcPZBdwjIqtOdXpzv9TPP9kFLNQ9JrTRco8PSIyW59nv4fkfLd9uwrqiMUbeU/bznCvwyrGhvdrgA= X-Bogosity: Unsure, tests=bogofilter, spamicity=0.496955, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: This type will be used when setting up a new vma in an f_ops->mmap() hook. Using a separate type from VmAreaRef allows us to have a separate set of operations that you are only able to use during the mmap() hook. For example, the VM_MIXEDMAP flag must not be changed after the initial setup that happens during the f_ops->mmap() hook. To avoid setting invalid flag values, the methods for clearing VM_MAYWRITE and similar involve a check of VM_WRITE, and return an error if VM_WRITE is set. Trying to use `try_clear_maywrite` without checking the return value results in a compilation error because the `Result` type is marked #[must_use]. For now, there's only a method for VM_MIXEDMAP and not VM_PFNMAP. When we add a VM_PFNMAP method, we will need some way to prevent you from setting both VM_MIXEDMAP and VM_PFNMAP on the same vma. Acked-by: Lorenzo Stoakes (for mm bits) Reviewed-by: Jann Horn Signed-off-by: Alice Ryhl --- rust/kernel/mm/virt.rs | 181 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 180 insertions(+), 1 deletion(-) diff --git a/rust/kernel/mm/virt.rs b/rust/kernel/mm/virt.rs index 3a23854e14f4..6d9ba56d4f95 100644 --- a/rust/kernel/mm/virt.rs +++ b/rust/kernel/mm/virt.rs @@ -6,7 +6,7 @@ use crate::{ bindings, - error::{to_result, Result}, + error::{code::EINVAL, to_result, Result}, mm::MmWithUser, page::Page, types::Opaque, @@ -171,6 +171,185 @@ pub fn vm_insert_page(&self, address: usize, page: &Page) -> Result { } } +/// A builder for setting up a vma in an `f_ops->mmap()` hook. +/// +/// # Invariants +/// +/// For the duration of 'a, the referenced vma must be undergoing initialization in an +/// `f_ops->mmap()` hook. +pub struct VmAreaNew { + vma: VmAreaRef, +} + +// Make all `VmAreaRef` methods available on `VmAreaNew`. +impl Deref for VmAreaNew { + type Target = VmAreaRef; + + #[inline] + fn deref(&self) -> &VmAreaRef { + &self.vma + } +} + +impl VmAreaNew { + /// Access a virtual memory area given a raw pointer. + /// + /// # Safety + /// + /// Callers must ensure that `vma` is undergoing initial vma setup for the duration of 'a. + #[inline] + pub unsafe fn from_raw<'a>(vma: *const bindings::vm_area_struct) -> &'a Self { + // SAFETY: The caller ensures that the invariants are satisfied for the duration of 'a. + unsafe { &*vma.cast() } + } + + /// Internal method for updating the vma flags. + /// + /// # Safety + /// + /// This must not be used to set the flags to an invalid value. + #[inline] + unsafe fn update_flags(&self, set: vm_flags_t, unset: vm_flags_t) { + let mut flags = self.flags(); + flags |= set; + flags &= !unset; + + // SAFETY: This is not a data race: the vma is undergoing initial setup, so it's not yet + // shared. Additionally, `VmAreaNew` is `!Sync`, so it cannot be used to write in parallel. + // The caller promises that this does not set the flags to an invalid value. + unsafe { (*self.as_ptr()).__bindgen_anon_2.__vm_flags = flags }; + } + + /// Set the `VM_MIXEDMAP` flag on this vma. + /// + /// This enables the vma to contain both `struct page` and pure PFN pages. Returns a reference + /// that can be used to call `vm_insert_page` on the vma. + #[inline] + pub fn set_mixedmap(&self) -> &VmAreaMixedMap { + // SAFETY: We don't yet provide a way to set VM_PFNMAP, so this cannot put the flags in an + // invalid state. + unsafe { self.update_flags(flags::MIXEDMAP, 0) }; + + // SAFETY: We just set `VM_MIXEDMAP` on the vma. + unsafe { VmAreaMixedMap::from_raw(self.vma.as_ptr()) } + } + + /// Set the `VM_IO` flag on this vma. + /// + /// This is used for memory mapped IO and similar. The flag tells other parts of the kernel to + /// avoid looking at the pages. For memory mapped IO this is useful as accesses to the pages + /// could have side effects. + #[inline] + pub fn set_io(&self) { + // SAFETY: Setting the VM_IO flag is always okay. + unsafe { self.update_flags(flags::IO, 0) }; + } + + /// Set the `VM_DONTEXPAND` flag on this vma. + /// + /// This prevents the vma from being expanded with `mremap()`. + #[inline] + pub fn set_dontexpand(&self) { + // SAFETY: Setting the VM_DONTEXPAND flag is always okay. + unsafe { self.update_flags(flags::DONTEXPAND, 0) }; + } + + /// Set the `VM_DONTCOPY` flag on this vma. + /// + /// This prevents the vma from being copied on fork. This option is only permanent if `VM_IO` + /// is set. + #[inline] + pub fn set_dontcopy(&self) { + // SAFETY: Setting the VM_DONTCOPY flag is always okay. + unsafe { self.update_flags(flags::DONTCOPY, 0) }; + } + + /// Set the `VM_DONTDUMP` flag on this vma. + /// + /// This prevents the vma from being included in core dumps. This option is only permanent if + /// `VM_IO` is set. + #[inline] + pub fn set_dontdump(&self) { + // SAFETY: Setting the VM_DONTDUMP flag is always okay. + unsafe { self.update_flags(flags::DONTDUMP, 0) }; + } + + /// Returns whether `VM_READ` is set. + /// + /// This flag indicates whether userspace is mapping this vma as readable. + #[inline] + pub fn get_read(&self) -> bool { + (self.flags() & flags::READ) != 0 + } + + /// Try to clear the `VM_MAYREAD` flag, failing if `VM_READ` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma readable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYREAD` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayread(&self) -> Result { + if self.get_read() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYREAD` is okay when `VM_READ` is not set. + unsafe { self.update_flags(0, flags::MAYREAD) }; + Ok(()) + } + + /// Returns whether `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is mapping this vma as writable. + #[inline] + pub fn get_write(&self) -> bool { + (self.flags() & flags::WRITE) != 0 + } + + /// Try to clear the `VM_MAYWRITE` flag, failing if `VM_WRITE` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma writable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYWRITE` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_maywrite(&self) -> Result { + if self.get_write() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYWRITE` is okay when `VM_WRITE` is not set. + unsafe { self.update_flags(0, flags::MAYWRITE) }; + Ok(()) + } + + /// Returns whether `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is mapping this vma as executable. + #[inline] + pub fn get_exec(&self) -> bool { + (self.flags() & flags::EXEC) != 0 + } + + /// Try to clear the `VM_MAYEXEC` flag, failing if `VM_EXEC` is set. + /// + /// This flag indicates whether userspace is allowed to make this vma executable with + /// `mprotect()`. + /// + /// Note that this operation is irreversible. Once `VM_MAYEXEC` has been cleared, it can never + /// be set again. + #[inline] + pub fn try_clear_mayexec(&self) -> Result { + if self.get_exec() { + return Err(EINVAL); + } + // SAFETY: Clearing `VM_MAYEXEC` is okay when `VM_EXEC` is not set. + unsafe { self.update_flags(0, flags::MAYEXEC) }; + Ok(()) + } +} + /// The integer type used for vma flags. #[doc(inline)] pub use bindings::vm_flags_t;