Re: [patch 05/16] mm: Allow special mappings with user access cleared
From: Peter Zijlstra
Date: Wed Dec 13 2017 - 17:13:26 EST
On Wed, Dec 13, 2017 at 01:50:22PM -0800, Matthew Wilcox wrote:
> On Tue, Dec 12, 2017 at 06:32:26PM +0100, Thomas Gleixner wrote:
> > From: Peter Zijstra <peterz@xxxxxxxxxxxxx>
> >
> > In order to create VMAs that are not accessible to userspace create a new
> > VM_NOUSER flag. This can be used in conjunction with
> > install_special_mapping() to inject 'kernel' data into the userspace map.
>
> Maybe I misunderstand the intent behind this, but I was recently looking
> at something kind of similar. I was calling it VM_NOTLB and it wouldn't
> put TLB entries into the userspace map at all. The idea was to be able
> to use the user address purely as a handle for specific kernel pages,
> which were guaranteed to never be mapped into userspace, so we didn't
> need to send TLB invalidations when we took those pages away from the user
> process again. But we'd be able to pass the address to read() or write().
>
> So I was going to check the VMA flags in no_page_table() and return the
> struct page that was notmapped there. I didn't get as far as constructing
> a prototype yet, and I'm not entirely sure I understand the purpose of
> this patch, so perhaps there's no synergy here at all (and perhaps my
> idea wouldn't have worked anyway).
Yeah, completely different. This here actually needs the page table
entries. Currently we keep the LDT in kernel memory, but with PTI we
loose the entire kernel map.
Since the LDT is strictly per process, the idea was to actually inject
it into the userspace map. Except of course, userspace must not actually
be able to access it. So by mapping it !_PAGE_USER its 'invisible'.
But the CPU very much needs the mapping, it will load the LDT entries
through them.