On Mon, Oct 28, 2019 at 09:23:17PM +0100, Florian Weimer wrote: > * Mike Rapoport: > > > On October 27, 2019 12:30:21 PM GMT+02:00, Florian Weimer > > <fw@xxxxxxxxxxxxx> wrote: > >>* Mike Rapoport: > >> > >>> The patch below aims to allow applications to create mappins that > >>have > >>> pages visible only to the owning process. Such mappings could be used > >>to > >>> store secrets so that these secrets are not visible neither to other > >>> processes nor to the kernel. > >> > >>How is this expected to interact with CRIU? > > > > CRIU dumps the memory contents using a parasite code from inside the > > dumpee address space, so it would work the same way as for the other > > mappings. Of course, at the restore time the exclusive mapping should > > be recreated with the appropriate flags. > > Hmm, so it would use a bounce buffer to perform the extraction? At first I thought that CRIU would extract the memory contents from these mappings just as it does now using vmsplice(). But it seems that such mappings won't play well with pipes, so CRIU will need a bounce buffer indeed. > >>> I've only tested the basic functionality, the changes should be > >>verified > >>> against THP/migration/compaction. Yet, I'd appreciate early feedback. > >> > >>What are the expected semantics for VM migration? Should it fail? > > > > I don't quite follow. If qemu would use such mappings it would be able > > to transfer them during live migration. > > I was wondering if the special state is supposed to bubble up to the > host eventually. Well, that was not intended. -- Sincerely yours, Mike.