1
2
3
4
5
6
7
8#include <linux/mm.h>
9#include <linux/fs.h>
10#include <linux/swap.h>
11#include <linux/mount.h>
12#include <linux/memfd.h>
13#include <linux/bitops.h>
14#include <linux/printk.h>
15#include <linux/pagemap.h>
16#include <linux/syscalls.h>
17#include <linux/pseudo_fs.h>
18#include <linux/secretmem.h>
19#include <linux/set_memory.h>
20#include <linux/sched/signal.h>
21
22#include <uapi/linux/magic.h>
23
24#include <asm/tlbflush.h>
25
26#include "internal.h"
27
28#undef pr_fmt
29#define pr_fmt(fmt) "secretmem: " fmt
30
31
32
33
34
35#define SECRETMEM_MODE_MASK (0x0)
36#define SECRETMEM_FLAGS_MASK SECRETMEM_MODE_MASK
37
38static bool secretmem_enable __ro_after_init;
39module_param_named(enable, secretmem_enable, bool, 0400);
40MODULE_PARM_DESC(secretmem_enable,
41 "Enable secretmem and memfd_secret(2) system call");
42
43static atomic_t secretmem_users;
44
45bool secretmem_active(void)
46{
47 return !!atomic_read(&secretmem_users);
48}
49
50static vm_fault_t secretmem_fault(struct vm_fault *vmf)
51{
52 struct address_space *mapping = vmf->vma->vm_file->f_mapping;
53 struct inode *inode = file_inode(vmf->vma->vm_file);
54 pgoff_t offset = vmf->pgoff;
55 gfp_t gfp = vmf->gfp_mask;
56 unsigned long addr;
57 struct page *page;
58 int err;
59
60 if (((loff_t)vmf->pgoff << PAGE_SHIFT) >= i_size_read(inode))
61 return vmf_error(-EINVAL);
62
63retry:
64 page = find_lock_page(mapping, offset);
65 if (!page) {
66 page = alloc_page(gfp | __GFP_ZERO);
67 if (!page)
68 return VM_FAULT_OOM;
69
70 err = set_direct_map_invalid_noflush(page);
71 if (err) {
72 put_page(page);
73 return vmf_error(err);
74 }
75
76 __SetPageUptodate(page);
77 err = add_to_page_cache_lru(page, mapping, offset, gfp);
78 if (unlikely(err)) {
79 put_page(page);
80
81
82
83
84
85 set_direct_map_default_noflush(page);
86 if (err == -EEXIST)
87 goto retry;
88
89 return vmf_error(err);
90 }
91
92 addr = (unsigned long)page_address(page);
93 flush_tlb_kernel_range(addr, addr + PAGE_SIZE);
94 }
95
96 vmf->page = page;
97 return VM_FAULT_LOCKED;
98}
99
100static const struct vm_operations_struct secretmem_vm_ops = {
101 .fault = secretmem_fault,
102};
103
104static int secretmem_release(struct inode *inode, struct file *file)
105{
106 atomic_dec(&secretmem_users);
107 return 0;
108}
109
110static int secretmem_mmap(struct file *file, struct vm_area_struct *vma)
111{
112 unsigned long len = vma->vm_end - vma->vm_start;
113
114 if ((vma->vm_flags & (VM_SHARED | VM_MAYSHARE)) == 0)
115 return -EINVAL;
116
117 if (mlock_future_check(vma->vm_mm, vma->vm_flags | VM_LOCKED, len))
118 return -EAGAIN;
119
120 vma->vm_flags |= VM_LOCKED | VM_DONTDUMP;
121 vma->vm_ops = &secretmem_vm_ops;
122
123 return 0;
124}
125
126bool vma_is_secretmem(struct vm_area_struct *vma)
127{
128 return vma->vm_ops == &secretmem_vm_ops;
129}
130
131static const struct file_operations secretmem_fops = {
132 .release = secretmem_release,
133 .mmap = secretmem_mmap,
134};
135
136static bool secretmem_isolate_page(struct page *page, isolate_mode_t mode)
137{
138 return false;
139}
140
141static int secretmem_migratepage(struct address_space *mapping,
142 struct page *newpage, struct page *page,
143 enum migrate_mode mode)
144{
145 return -EBUSY;
146}
147
148static void secretmem_freepage(struct page *page)
149{
150 set_direct_map_default_noflush(page);
151 clear_highpage(page);
152}
153
154const struct address_space_operations secretmem_aops = {
155 .set_page_dirty = __set_page_dirty_no_writeback,
156 .freepage = secretmem_freepage,
157 .migratepage = secretmem_migratepage,
158 .isolate_page = secretmem_isolate_page,
159};
160
161static struct vfsmount *secretmem_mnt;
162
163static struct file *secretmem_file_create(unsigned long flags)
164{
165 struct file *file = ERR_PTR(-ENOMEM);
166 struct inode *inode;
167
168 inode = alloc_anon_inode(secretmem_mnt->mnt_sb);
169 if (IS_ERR(inode))
170 return ERR_CAST(inode);
171
172 file = alloc_file_pseudo(inode, secretmem_mnt, "secretmem",
173 O_RDWR, &secretmem_fops);
174 if (IS_ERR(file))
175 goto err_free_inode;
176
177 mapping_set_gfp_mask(inode->i_mapping, GFP_HIGHUSER);
178 mapping_set_unevictable(inode->i_mapping);
179
180 inode->i_mapping->a_ops = &secretmem_aops;
181
182
183 inode->i_mode |= S_IFREG;
184 inode->i_size = 0;
185
186 return file;
187
188err_free_inode:
189 iput(inode);
190 return file;
191}
192
193SYSCALL_DEFINE1(memfd_secret, unsigned int, flags)
194{
195 struct file *file;
196 int fd, err;
197
198
199 BUILD_BUG_ON(SECRETMEM_FLAGS_MASK & O_CLOEXEC);
200
201 if (!secretmem_enable)
202 return -ENOSYS;
203
204 if (flags & ~(SECRETMEM_FLAGS_MASK | O_CLOEXEC))
205 return -EINVAL;
206 if (atomic_read(&secretmem_users) < 0)
207 return -ENFILE;
208
209 fd = get_unused_fd_flags(flags & O_CLOEXEC);
210 if (fd < 0)
211 return fd;
212
213 file = secretmem_file_create(flags);
214 if (IS_ERR(file)) {
215 err = PTR_ERR(file);
216 goto err_put_fd;
217 }
218
219 file->f_flags |= O_LARGEFILE;
220
221 atomic_inc(&secretmem_users);
222 fd_install(fd, file);
223 return fd;
224
225err_put_fd:
226 put_unused_fd(fd);
227 return err;
228}
229
230static int secretmem_init_fs_context(struct fs_context *fc)
231{
232 return init_pseudo(fc, SECRETMEM_MAGIC) ? 0 : -ENOMEM;
233}
234
235static struct file_system_type secretmem_fs = {
236 .name = "secretmem",
237 .init_fs_context = secretmem_init_fs_context,
238 .kill_sb = kill_anon_super,
239};
240
241static int secretmem_init(void)
242{
243 int ret = 0;
244
245 if (!secretmem_enable)
246 return ret;
247
248 secretmem_mnt = kern_mount(&secretmem_fs);
249 if (IS_ERR(secretmem_mnt))
250 ret = PTR_ERR(secretmem_mnt);
251
252
253 secretmem_mnt->mnt_flags |= MNT_NOEXEC;
254
255 return ret;
256}
257fs_initcall(secretmem_init);
258
