On Mon, May 14, 2018 at 08:28:01PM +0300, Boaz Harrosh wrote: > On a call to mmap an mmap provider (like an FS) can put > this flag on vma->vm_flags. > > The VM_LOCAL_CPU flag tells the Kernel that the vma will be used > from a single-core only, and therefore invalidation (flush_tlb) of > PTE(s) need not be a wide CPU scheduling.
I still don't get this. You're opening the kernel up to being exploited by any application which can persuade it to set this flag on a VMA. > NOTE: This vma (VM_LOCAL_CPU) is never used during a page_fault. It is > always used in a synchronous way from a thread pinned to a single core. It's not a question of how your app is going to use this flag. It's a question about how another app can abuse this flag (or how your app is going to be exploited to abuse this flag) to break into the kernel.
