Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp3589904ybg;
        Mon, 28 Oct 2019 15:29:39 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwmTfXodVmOjpL7SMOWueajEwbEtyqOJVcdsAXtuM4Vts8Q6Ks6Er9uBPWhdtGsBXNCdDqU
X-Received: by 2002:aa7:d805:: with SMTP id v5mr22448678edq.297.1572301779801;
        Mon, 28 Oct 2019 15:29:39 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1572301779; cv=none;
        d=google.com; s=arc-20160816;
        b=MkhyguD3iEhg5pxnl/870DFBjwrqy5Vic6TqbwQaPCjF7KVQ7ThSRMyL/PpzUkIUng
         ccvRmNnJQxn+z9CCrW2uHUvY+A1dd4FzuKzix20nGm1ZBkL/+1F1Ta9p5XyBOJEt5hJk
         C7h7JP9zQKzQvvkDupJRT0j+WhbkgzuJOe7lx3cAH8q0mNh6PV4ZjoeVp81ryVASWKwy
         Rc+K23DUgoIIbMcF+oMzC3Cos7qCFzaf9co0EQRoaT0XmYkeJMuG5ueptQuu/rwsKr7j
         OoE6PwISpr12OEdnHkTRlN/gUussGtbvB5sw/h7yaHcJU4yD0wwht3qLk5pM+bMiSIau
         VHPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:to:in-reply-to:cc:references:message-id
         :date:subject:mime-version:from:content-transfer-encoding
         :dkim-signature;
        bh=KOjhDV2bOtkoryUtZNdedbIyz5aUvjz8VRxxdiXfCZg=;
        b=PudLP6C9iZ0Nc8GcH22HtEhMvAOqZ36DchN1qSOcp/A3TYaM036UayxxC8oLK3y8H/
         2xPEUK5tmZutc3h+S0x0F9M3Uj9uv2szogULomfiN7bOAqpSHERHMDUdlC3hstq1Mpds
         M1QxTKQ0GXakjOkcPZamyv6Utk4vkQHjawuaJSGQVReKee3TzFhZgqTMnpRqKajox5Wr
         NlJdHE158gBQKmTtE4atJ8krNweKohidCZ9XAAGavmvgr2i019vX3TGTlYssCtQ1H1gU
         S8crm0LC6ASycyjqy3h3ADg1eHnI0TvaXPesjI5Ui3Jp9rXx9nOFPatIvXjg0GVfD4r9
         UerQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=fcUjf9zk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y26si2661611edb.360.2019.10.28.15.29.16;
        Mon, 28 Oct 2019 15:29:39 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=fcUjf9zk;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388165AbfJ1Up0 (ORCPT <rfc822;deadfox.tw@gmail.com>
        + 99 others); Mon, 28 Oct 2019 16:45:26 -0400
Received: from mail-pg1-f195.google.com ([209.85.215.195]:37307 "EHLO
        mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725867AbfJ1UpY (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 28 Oct 2019 16:45:24 -0400
Received: by mail-pg1-f195.google.com with SMTP id p1so7753731pgi.4
        for <linux-kernel@vger.kernel.org>; Mon, 28 Oct 2019 13:45:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=amacapital-net.20150623.gappssmtp.com; s=20150623;
        h=content-transfer-encoding:from:mime-version:subject:date:message-id
         :references:cc:in-reply-to:to;
        bh=KOjhDV2bOtkoryUtZNdedbIyz5aUvjz8VRxxdiXfCZg=;
        b=fcUjf9zk+4oJ62eLTSygNM/iUtrrnBl2+URBZKh9513ri3eVyRIWYt6bIgH6oBx4X0
         LB5TPZm0P2iY/11cju/J8f/fRgRBSAwMe0CVXk0tW/1XHV0t8T2PQd/ceyOdSMnCnni5
         9LeWRxiN2X+mhcgqmGe1cusQKUg8mFqlilKv2a9SwKST9Q/GowMmIwMwzcO2c2AGkhL4
         xKH5DOsYPndupfQyJrxwYB7Z09GUJSFWJ7UqrM1qLKEiwtJqH80kHN5F87HbqAbzaiMR
         uc5E7aoW6XA++r+uZ3QAikuJFPVAapX76VSsqSRNVeE3589Cdh9fCi9NV4M6qqamGUpI
         w21Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:content-transfer-encoding:from:mime-version
         :subject:date:message-id:references:cc:in-reply-to:to;
        bh=KOjhDV2bOtkoryUtZNdedbIyz5aUvjz8VRxxdiXfCZg=;
        b=XOCB4SxzxiNTnU8IlmA4X2YLL4LlbXjmP4/+FjHb4oFzmECHxByTJcV9vO7Zbq7c9A
         cVgwXtv/CFDJhYPj7YfO4v47OUxuDF57POL9K+tve5TPkseXcGKQxiVtLwJPKQP0MySo
         2pefiqV9e4Rp9Er/Zh57Kc2i8ltnd2OVzs4JiPhr55CBff0G0POKVmSQKvacyw3/v90W
         hSrpz2SeKSdfcpVEV4IbSVodqHOcEEGbQfVdFNVD3rrECUYiVRBHgn8/KotzDNC9JiST
         AlDFDm5GghgnoC9cKy2wUDzA8H/PFisuyeMNCnfPPXbw9D2TQcqM1l0w3uUf4fbHOI3+
         vroA==
X-Gm-Message-State: APjAAAW6tcA1iDVgInE4bnmOSG0rvSKYCTxKsFKa8Up7WO8SfsNkktHP
        jBdrrTNTGNlrbSDvMOTKmXsoRw==
X-Received: by 2002:a63:a03:: with SMTP id 3mr24167392pgk.112.1572295524109;
        Mon, 28 Oct 2019 13:45:24 -0700 (PDT)
Received: from [100.96.218.121] (241.sub-174-237-138.myvzw.com. [174.237.138.241])
        by smtp.gmail.com with ESMTPSA id l72sm372781pjb.18.2019.10.28.13.45.15
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 28 Oct 2019 13:45:22 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
From:   Andy Lutomirski <luto@amacapital.net>
Mime-Version: 1.0 (1.0)
Subject: Re: [PATCH RFC] mm: add MAP_EXCLUSIVE to create exclusive user mappings
Date:   Mon, 28 Oct 2019 14:44:23 -0600
Message-Id: <CA5C22D9-BC3E-4B69-8DD9-4D3B75E40BD5@amacapital.net>
References: <1572171452-7958-1-git-send-email-rppt@kernel.org>
Cc:     linux-kernel@vger.kernel.org,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Andy Lutomirski <luto@kernel.org>,
        Arnd Bergmann <arnd@arndb.de>, Borislav Petkov <bp@alien8.de>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        James Bottomley <jejb@linux.ibm.com>,
        Peter Zijlstra <peterz@infradead.org>,
        Steven Rostedt <rostedt@goodmis.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        "H. Peter Anvin" <hpa@zytor.com>, linux-api@vger.kernel.org,
        linux-mm@kvack.org, x86@kernel.org,
        Mike Rapoport <rppt@linux.ibm.com>
In-Reply-To: <1572171452-7958-1-git-send-email-rppt@kernel.org>
To:     Mike Rapoport <rppt@kernel.org>
X-Mailer: iPhone Mail (17A878)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


> On Oct 27, 2019, at 4:17 AM, Mike Rapoport <rppt@kernel.org> wrote:
>=20
> =EF=BB=BFFrom: Mike Rapoport <rppt@linux.ibm.com>
>=20
> Hi,
>=20
> The patch below aims to allow applications to create mappins that have
> pages visible only to the owning process. Such mappings could be used to
> store secrets so that these secrets are not visible neither to other
> processes nor to the kernel.
>=20
> I've only tested the basic functionality, the changes should be verified
> against THP/migration/compaction. Yet, I'd appreciate early feedback.

I=E2=80=99ve contemplated the concept a fair amount, and I think you should c=
onsider a change to the API. In particular, rather than having it be a MAP_ f=
lag, make it a chardev.  You can, at least at first, allow only MAP_SHARED, a=
nd admins can decide who gets to use it.  It might also play better with the=
 VM overall, and you won=E2=80=99t need a VM_ flag for it =E2=80=94 you can j=
ust wire up .fault to do the right thing.