tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

mm: memfd_luo: preserve file seals

File seals are used on memfd for making shared memory communication with
untrusted peers safer and simpler. Seals provide a guarantee that certain
operations won't be allowed on the file such as writes or truncations.
Maintaining these guarantees across a live update will help keeping such
use cases secure.

These guarantees will also be needed for IOMMUFD preservation with LUO.
Normally when IOMMUFD maps a memfd, it pins all its pages to make sure any
truncation operations on the memfd don't lead to IOMMUFD using freed
memory. This doesn't work with LUO since the preserved memfd might have
completely different pages after a live update, and mapping them back to
the IOMMUFD will cause all sorts of problems. Using and preserving the
seals allows IOMMUFD preservation logic to trust the memfd.

Since the uABI defines seals as an int, preserve them by introducing a new
u32 field. There are currently only 6 possible seals, so the extra bits
are unused and provide room for future expansion. Since the seals are
uABI, it is safe to use them directly in the ABI. While at it, also add a
u32 flags field. It makes sure the struct is nicely aligned, and can be
used later to support things like MFD_CLOEXEC.

Since the serialization structure is changed, bump the version number to
"memfd-v2".

It is important to note that the memfd-v2 version only supports seals that
existed when this version was defined. This set is defined by
MEMFD_LUO_ALL_SEALS. Any new seal might bring a completely different
semantic with it and the parser for memfd-v2 cannot be expected to deal
with that. If there are any future seals added, they will need another
version bump.

Link: https://lkml.kernel.org/r/20260216185946.1215770-3-pratyush@kernel.org
Signed-off-by: Pratyush Yadav (Google) <pratyush@kernel.org>
Tested-by: Samiullah Khawaja <skhawaja@google.com>
Cc: Alexander Graf <graf@amazon.com>
Cc: Baolin Wang <baolin.wang@linux.alibaba.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>
Cc: Mike Rapoport (Microsoft) <rppt@kernel.org>
Cc: Pasha Tatashin <pasha.tatashin@soleen.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Pratyush Yadav (Google) and committed by
Andrew Morton 8a552d68 1beb9b72

+50 -3
+17 -1
include/linux/kho/abi/memfd.h
··· 56 56 u64 index; 57 57 } __packed; 58 58 59 + /* 60 + * The set of seals this version supports preserving. If support for any new 61 + * seals is needed, add it here and bump version. 62 + */ 63 + #define MEMFD_LUO_ALL_SEALS (F_SEAL_SEAL | \ 64 + F_SEAL_SHRINK | \ 65 + F_SEAL_GROW | \ 66 + F_SEAL_WRITE | \ 67 + F_SEAL_FUTURE_WRITE | \ 68 + F_SEAL_EXEC) 69 + 59 70 /** 60 71 * struct memfd_luo_ser - Main serialization structure for a memfd. 61 72 * @pos: The file's current position (f_pos). 62 73 * @size: The total size of the file in bytes (i_size). 74 + * @seals: The seals present on the memfd. The seals are uABI so it is safe 75 + * to directly use them in the ABI. 76 + * @flags: Flags for the file. Unused flag bits must be set to 0. 63 77 * @nr_folios: Number of folios in the folios array. 64 78 * @folios: KHO vmalloc descriptor pointing to the array of 65 79 * struct memfd_luo_folio_ser. ··· 81 67 struct memfd_luo_ser { 82 68 u64 pos; 83 69 u64 size; 70 + u32 seals; 71 + u32 flags; 84 72 u64 nr_folios; 85 73 struct kho_vmalloc folios; 86 74 } __packed; 87 75 88 76 /* The compatibility string for memfd file handler */ 89 - #define MEMFD_LUO_FH_COMPATIBLE "memfd-v1" 77 + #define MEMFD_LUO_FH_COMPATIBLE "memfd-v2" 90 78 91 79 #endif /* _LINUX_KHO_ABI_MEMFD_H */
+33 -2
mm/memfd_luo.c
··· 79 79 #include <linux/shmem_fs.h> 80 80 #include <linux/vmalloc.h> 81 81 #include <linux/memfd.h> 82 + #include <uapi/linux/memfd.h> 83 + 82 84 #include "internal.h" 83 85 84 86 static int memfd_luo_preserve_folios(struct file *file, ··· 261 259 struct memfd_luo_folio_ser *folios_ser; 262 260 struct memfd_luo_ser *ser; 263 261 u64 nr_folios; 264 - int err = 0; 262 + int err = 0, seals; 265 263 266 264 inode_lock(inode); 267 265 shmem_freeze(inode, true); ··· 273 271 goto err_unlock; 274 272 } 275 273 274 + seals = memfd_get_seals(args->file); 275 + if (seals < 0) { 276 + err = seals; 277 + goto err_free_ser; 278 + } 279 + 280 + /* Make sure the file only has the seals supported by this version. */ 281 + if (seals & ~MEMFD_LUO_ALL_SEALS) { 282 + err = -EOPNOTSUPP; 283 + goto err_free_ser; 284 + } 285 + 276 286 ser->pos = args->file->f_pos; 277 287 ser->size = i_size_read(inode); 288 + ser->seals = seals; 278 289 279 290 err = memfd_luo_preserve_folios(args->file, &ser->folios, 280 291 &folios_ser, &nr_folios); ··· 501 486 if (!ser) 502 487 return -EINVAL; 503 488 504 - file = memfd_alloc_file("", 0); 489 + /* Make sure the file only has seals supported by this version. */ 490 + if (ser->seals & ~MEMFD_LUO_ALL_SEALS) { 491 + err = -EOPNOTSUPP; 492 + goto free_ser; 493 + } 494 + 495 + /* 496 + * The seals are preserved. Allow sealing here so they can be added 497 + * later. 498 + */ 499 + file = memfd_alloc_file("", MFD_ALLOW_SEALING); 505 500 if (IS_ERR(file)) { 506 501 pr_err("failed to setup file: %pe\n", file); 507 502 err = PTR_ERR(file); 508 503 goto free_ser; 504 + } 505 + 506 + err = memfd_add_seals(file, ser->seals); 507 + if (err) { 508 + pr_err("failed to add seals: %pe\n", ERR_PTR(err)); 509 + goto put_file; 509 510 } 510 511 511 512 vfs_setpos(file, ser->pos, MAX_LFS_FILESIZE);