On Thu, Feb 22, 2024 at 03:43:56PM -0800, Elliot Berman wrote: > > This creates the situation where access to successfully mmap()'d > > memory might SIGBUS at page fault. There is precedence for > > similar behavior in the kernel I believe, with MADV_HWPOISON and > > the hugetlbfs cgroups controller, which could SIGBUS at page > > fault time depending on the accounting limit. > > I added a test: folio_mmapped() [1] which checks if there's a vma > covering the corresponding offset into the guest_memfd. I use this > test before trying to make page private to guest and I've been able to > ensure that userspace can't even mmap() private guest memory. If I try > to make memory private, I can test that it's not mmapped and not allow > memory to become private. In my testing so far, this is enough to > prevent SIGBUS from happening. > > This test probably should be moved outside Gunyah specific code, and was > looking for maintainer to suggest the right home for it :) > > [1]: https://lore.kernel.org/all/20240222-gunyah-v17-20-1e9da6763d38@xxxxxxxxxxx/ You, um, might have wanted to send an email to linux-mm, not bury it in the middle of a series of 35 patches? So this isn't folio_mapped() because you're interested if anyone _could_ fault this page, not whether the folio is currently present in anyone's page tables. It's like walk_page_mapping() but with a trivial mm_walk_ops; not sure it's worth the effort to use walk_page_mapping(), but I would defer to David.
