On Thu, 14 Dec 2017, Peter Zijlstra wrote:
> So here's a second posting of the VMA based LDT implementation; now without
> most of the crazy.
>
> I took out the write fault handler and the magic LAR touching code.
>
> Additionally there are a bunch of patches that address generic vm issue.
>
> - gup() access control; In specific I looked at accessing !_PAGE_USER pages
> because these patches rely on not being able to do that.
>
> - special mappings; A whole bunch of mmap ops don't make sense on special
> mappings so disallow them.
>
> Both things make sense independent of the rest of the series. Similarly, the
> patches that kill that rediculous LDT inherit on exec() are also
> unquestionably
> good.
>
> So I think at least the first 6 patches are good, irrespective of the
> VMA approach.
>
> On the whole VMA approach, Andy I know you hate it with a passion, but I
> really
> rather like how it ties the LDT to the process that it belongs to and it
> reduces the amount of 'special' pages in the whole PTI mapping.
>
> I'm not the one going to make the decision on this; but I figured I at least
> post a version without the obvious crap parts of the last one.
>
> Note: if we were to also disallow munmap() for special mappings (which I
> suppose makes perfect sense) then we could further reduce the actual LDT
> code (we'd no longer need the sm::close callback and related things).
That makes a lot of sense for the other special mapping users like VDSO and
kprobes.
Thanks,
tglx
