Thread (57 messages) 57 messages, 14 authors, 2020-11-17

Re: [PATCH v6 3/6] mm: introduce memfd_secret system call to create "secret" memory areas

From: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Date: 2020-09-29 05:55:09
Also in: linux-arch, linux-arm-kernel, linux-fsdevel, linux-kselftest, linux-mm, linux-riscv, lkml, nvdimm

On Thu, 2020-09-24 at 16:29 +0300, Mike Rapoport wrote:
Introduce "memfd_secret" system call with the ability to create
memory
areas visible only in the context of the owning process and not
mapped not
only to other processes but in the kernel page tables as well.

The user will create a file descriptor using the memfd_secret()
system call
where flags supplied as a parameter to this system call will define
the
desired protection mode for the memory associated with that file
descriptor.

 Currently there are two protection modes:

* exclusive - the memory area is unmapped from the kernel direct map
and it
              is present only in the page tables of the owning mm.
Seems like there were some concerns raised around direct map
efficiency, but in case you are going to rework this...how does this
memory work for the existing kernel functionality that does things like
this?

get_user_pages(, &page);
ptr = kmap(page);
foo = *ptr;

Not sure if I'm missing something, but I think apps could cause the
kernel to access a not-present page and oops.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help