All, I've been working on confining memory accesses of subroutines of a single process. The idea is to protect the process's memory integrity (and perhaps confidentiality) from potentially buggy libraries. From the user space standpoint its functionally similar to making a lot of mprotect calls before and after calling the subroutine. The initial implementation was done using some existing MM facuilities (dup_mm, pgd_dup, use_mm, change_pud_range) to build a new system call that allows the calling process to create, and switch between, a number of page tables. Initial benchmarks based on this code show a 2 to 10 time improvement on shared memory IPC performance. Unfortunately the implementation is just a prototype - it doesn't behave properly when interleaving allocation or with multi-threaded processes. A better implementation might use the thread infrastructure to track (and periodically activate) these alternate page tables. I figure this could behave properly in the face of allocation and threading with less work on my part by using more existing code. Perhaps there are other solutions you can think of, if so I'd be happy to see a conversation on this front. Cheers, Thomas -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxxx For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom policy in Canada: sign http://dissolvethecrtc.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>