On Fri, 2024-06-21 at 22:14 +0200, Roman Kagan wrote: > > Compared to the approach used in the orignal series, where a dedicated kernel > address range and thus a dedicated PGD was used for mm-local allocations, the > one proposed here may have certain drawbacks, in particular > > - using user addresses for kernel memory may violate assumptions in various > parts of kernel code which we may not have identified with smoke tests we did > > - the allocated addresses are guessable by the userland (ATM they are even > visible in /proc/PID/maps but that's fixable) which may weaken the security > posture I think this approach makes sense as it's generic and applies immediately to all architectures. I'm slightly uncomfortable about using userspace addresses though, and the special cases that it introduces. I'd like to see a per-arch ARCH_HAS_PROCLOCAL_PGD so that it *can* be put back into a dedicated address range where possible. Looking forward to the x86 KVM code from before being dusted off and put on top of this, and also the Arm version of same. A test driver and test case is all very well, but it's less exciting than the real use case :)
Attachment:
smime.p7s
Description: S/MIME cryptographic signature