Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1812847ybh;
        Fri, 17 Jul 2020 01:39:01 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzO6IqeKMZL0f/HJU7ZsI1agENEVsNIQu3AVIl7HwHZyM4M0KKV0HiV2ie5WFgIXoWwRwYb
X-Received: by 2002:a17:906:5e0b:: with SMTP id n11mr7739168eju.15.1594975140954;
        Fri, 17 Jul 2020 01:39:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1594975140; cv=none;
        d=google.com; s=arc-20160816;
        b=hvls1MWcfE6Kl5WL3eXSahH7VJUJkTAukBmE7cgw6jMc/qNLj4XjnP0Ky1vaWQK5dW
         gnqfQJ1YXPRvEFW3ZcJ7PLA/+fppBZQx1SUjjryLVY4nckxl9CH/tGmnfcX1xMI4bNhd
         hw5WtUdux+Fc7qmr0uBLkwWdV7F4fSyeiAY4gaT//VmTJfS9RwS675/il4CIKphYKjdn
         EGZtCP9IRGI8kX8VNyx/aKnxYesfHWBmqX9C370XVoMjIzTA+NnEeFU3lbrimw3N1J6f
         Y6mVB5dtz8HrCrPfokha6+DteTbL2US9WoZHvrU3qn4UOs+IQ5orz+p/pwLYaiaoT0iq
         SHEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=Dulk+gVj9NBuys4qaE0k7m6F8o/Jd0ua+wHrVOZvD5U=;
        b=P8R3KqiOmN8aEgNISzZUdVRJBmUFCO9sgsRPdONdpZx5xjVnOaWx4xDlyDU76nB2ai
         /Inu8IUtfj+arLPkQUDpnqhOOevvEtYddlsXi0KA1cZa0dqyUYecrhkgwTtzZw74XHpF
         AGMwvmML3p5rBX31+5NENO6HhZTU/iVzUo3tF3m2spzOn8UGIsWXOUFXydEXZ/X3F9DH
         icySUIE6YkhfuiVtrV3vIm58es3sOEjUHrRzo1UKYNEouIJ27TR2S7sfj5JlJTwzpLT6
         XmAPSP4jvpd+mnD8Lua1z+2Fl9kXBwM6wbqg9Z0yIN+hdGOyV5Ze6RHzegyQyyPfy+Kp
         Z9zw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id e26si4649031ejd.180.2020.07.17.01.38.37;
        Fri, 17 Jul 2020 01:39:00 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726344AbgGQIgH (ORCPT <rfc822;zzmahb@gmail.com> + 99 others);
        Fri, 17 Jul 2020 04:36:07 -0400
Received: from jabberwock.ucw.cz ([46.255.230.98]:56568 "EHLO
        jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1725864AbgGQIgF (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 17 Jul 2020 04:36:05 -0400
Received: by jabberwock.ucw.cz (Postfix, from userid 1017)
        id D8FF61C0BDF; Fri, 17 Jul 2020 10:36:02 +0200 (CEST)
Date:   Fri, 17 Jul 2020 10:36:02 +0200
From:   Pavel Machek <pavel@ucw.cz>
To:     Mike Rapoport <rppt@kernel.org>
Cc:     linux-kernel@vger.kernel.org, Alan Cox <alan@linux.intel.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Andy Lutomirski <luto@kernel.org>,
        Christopher Lameter <cl@linux.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Idan Yaniv <idan.yaniv@ibm.com>,
        James Bottomley <jejb@linux.ibm.com>,
        "Kirill A. Shutemov" <kirill@shutemov.name>,
        Matthew Wilcox <willy@infradead.org>,
        Peter Zijlstra <peterz@infradead.org>,
        "Reshetova, Elena" <elena.reshetova@intel.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Tycho Andersen <tycho@tycho.ws>, linux-api@vger.kernel.org,
        linux-mm@kvack.org, Mike Rapoport <rppt@linux.ibm.com>
Subject: Re: [RFC PATCH v2 0/5] mm: extend memfd with ability to create
 "secret" memory areas
Message-ID: <20200717083601.GB1027@bug>
References: <20200706172051.19465-1-rppt@kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20200706172051.19465-1-rppt@kernel.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi!

> This is a second version of "secret" mappings implementation backed by a
> file descriptor. 
> 
> The file descriptor is created using memfd_create() syscall with a new
> MFD_SECRET flag. The file descriptor should be configured using ioctl() to
> define the desired protection and then mmap() of the fd will create a
> "secret" memory mapping. The pages in that mapping will be marked as not
> present in the direct map and will have desired protection bits set in the
> user page table. For instance, current implementation allows uncached
> mappings.
> 
> Hiding secret memory mappings behind an anonymous file allows (ab)use of
> the page cache for tracking pages allocated for the "secret" mappings as
> well as using address_space_operations for e.g. page migration callbacks.
> 
> The anonymous file may be also used implicitly, like hugetlb files, to
> implement mmap(MAP_SECRET) and use the secret memory areas with "native" mm
> ABIs.

I believe unix userspace normally requires mappings to be... well... protected from
other users. How is this "secret" thing different? How do you explain the difference
to userland programmers?

Best regards,
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html