Re: Rename restrictedmem => guardedmem? (was: Re: [PATCH v10 0/9] KVM: mm: fd-based approach for supporting KVM)
From: Sean Christopherson
Date: Mon Apr 17 2023 - 14:17:42 EST
On Mon, Apr 17, 2023, Ackerley Tng wrote:
> Sean Christopherson <seanjc@xxxxxxxxxx> writes:
>
> > On Mon, Apr 17, 2023, David Hildenbrand wrote:
> > > On 17.04.23 17:40, Sean Christopherson wrote:
> > > > I want to start referring to the code/patches by its
> > > syscall/implementation name
> > > > instead of "UPM", as "UPM" is (a) very KVM centric, (b) refers to
> > > the broader effort
> > > > and not just the non-KVM code, and (c) will likely be confusing
> > > for future reviewers
> > > > since there's nothing in the code that mentions "UPM" in any way.
> > > >
> > > > But typing out restrictedmem is quite tedious, and git grep shows
> > > that "rmem" is
Your mail client appears to be wrapping too aggressively and mangling quotes. I'm
guessing gmail is to blame?
> > > > already used to refer to "reserved memory".
> > > >
> > > > Renaming the syscall to "guardedmem"...
>
> > > restrictedmem, guardedmem, ... all fairly "suboptimal" if you'd ask
> > > me ...
>
> > I'm definitely open to other suggestions, but I suspect it's going to be
> > difficult
> > to be more precise than something like "guarded".
>
> > E.g. we discussed "unmappable" at one point, but the memory can still be
> > mapped,
> > just not via mmap(). And it's not just about mappings, e.g. read() and
> > its many
> > variants are all disallowed too, despite the kernel direct map still
> > being live
> > (modulo SNP requirements).
>
> I'm for renaming the concept because restrictedmem is quite a
> mouthful. :)
>
> How about "concealedmem" or "obscuredmem" to highlight the idea of this
> memory being hidden/unreadable/unmappable from userspace?
I'm hesitant to use something like "concealed" becuase it's too close to secretmem,
e.g. might be miscontrued as concealing the memory from anything _but_ the process
that creates the file.
Obscured has similar problems, and obscure often suggests that something is unclear,
as opposed to outright unreachable.
The other aspect of hidden/concealed/etc is that the memory isn't necessarily
concealed from the user. Long term, I hope to get to the point where even "normal"
VMs use restricted/guarded/??? memory, e.g. to guard (heh) against _unintentional_
access from userspace. In that use case, the memory isn't truly concealed, espeically
if the user is both the "admin" and the consumer.
Though by that argument, "guarded" is also a poor choice. And now I'm remembering
how we ended up with "restricted"...
> Guarded is better than restricted but doesn't really highlight how/in
> what way it is being guarded.
Ya, though in practice I think it's infeasible for us to get a name that is both
precise and succinct.