On 22.01.19 04:18, Peter Xu wrote: > On Mon, Jan 21, 2019 at 03:33:21PM +0100, David Hildenbrand wrote: > > [...] > >> Does this series fix the "false positives" case I experienced on early >> prototypes of uffd-wp? (getting notified about a write access although >> it was not a write access?) > > Hi, David, > > Yes it should solve it. Terrific, as my use case for uffd-wp really rely on not having false positives these are good news :) ... however it will take a while until I actually have time to look back into it (too much stuff on my table). Just for reference (we talked about this offline once): My plan is to use this for virtio-mem in QEMU. Memory that a virtio-mem device provides to a guest can either be plugged or unplugged. When unplugging, memory will be MADVISE_DONTNEED'ed and uffd-wp'ed. The guest can still read memory (e.g. for dumping) but writing to it is considered bad (as the guest could this way consume more memory as intended). So I can detect malicious guests without too much overhead this way. False positives would mean that I would detect guests as malicious although they are not. So it really would be harmful. Thanks! > > The early prototype in Andrea's tree hasn't yet applied the new > PTE/swap bits for uffd-wp hence it was not able to avoid those fause > positives. This series has applied all those ideas (which actually > come from Andrea as well) so the protection information will be > persisent per PTE rather than per VMA and it will be kept even through > swapping and page migrations. > > Thanks, > -- Thanks, David / dhildenb
