On 09.04.21 16:12, Kirill A. Shutemov wrote:
On Fri, Apr 09, 2021 at 03:50:42PM +0200, David Hildenbrand wrote:
3. Allow selected users to still grab the pages (esp. KVM to fault them into
the page tables).
As long as fault leads to non-present PTEs we are fine. Usespace still may
want to mlock() some of guest memory. There's no reason to prevent this.
I'm curious, even get_user_pages() will lead to a present PTE as is, no? So
that will need modifications I assume. (although I think it fundamentally
differs to the way get_user_pages() works - trigger a fault first, then
lookup the PTE in the page tables).
For now, the patch has two step poisoning: first fault in, on the add to
shadow PTE -- poison. By the time VM has chance to use the page it's
poisoned and unmapped from the host userspace.
IIRC, this then assumes that while a page is protected, it will remain
mapped into the NPT; because, there is no way to remap into NPT later
because the pages have already been poisoned.
--
Thanks,
David / dhildenb
