On Mon, Oct 28, 2019 at 02:44:23PM -0600, Andy Lutomirski wrote: > > > On Oct 27, 2019, at 4:17 AM, Mike Rapoport <rppt@xxxxxxxxxx> wrote: > > > > From: Mike Rapoport <rppt@xxxxxxxxxxxxx> > > > > Hi, > > > > The patch below aims to allow applications to create mappins that have > > pages visible only to the owning process. Such mappings could be used to > > store secrets so that these secrets are not visible neither to other > > processes nor to the kernel. > > > > I've only tested the basic functionality, the changes should be verified > > against THP/migration/compaction. Yet, I'd appreciate early feedback. > > I’ve contemplated the concept a fair amount, and I think you should > consider a change to the API. In particular, rather than having it be a > MAP_ flag, make it a chardev. You can, at least at first, allow only > MAP_SHARED, and admins can decide who gets to use it. It might also play > better with the VM overall, and you won’t need a VM_ flag for it — you > can just wire up .fault to do the right thing. I think mmap()/mprotect()/madvise() are the natural APIs for such interface. Switching to a chardev doesn't solve the major problem of direct map fragmentation and defeats the ability to use exclusive memory mappings with the existing allocators, while mprotect() and madvise() do not. -- Sincerely yours, Mike.
