Re: [PATCH v2 00/17] x86/ldt: Use a VMA based read only mapping

[Thomas Gleixner]

On Thu, 14 Dec 2017, Peter Zijlstra wrote:
> So here's a second posting of the VMA based LDT implementation; now without
> most of the crazy.
> 
> I took out the write fault handler and the magic LAR touching code.
> 
> Additionally there are a bunch of patches that address generic vm issue.
> 
>  - gup() access control; In specific I looked at accessing !_PAGE_USER pages
>    because these patches rely on not being able to do that.
> 
>  - special mappings; A whole bunch of mmap ops don't make sense on special
>    mappings so disallow them.
> 
> Both things make sense independent of the rest of the series. Similarly, the
> patches that kill that rediculous LDT inherit on exec() are also unquestionably
> good.
> 
> So I think at least the first 6 patches are good, irrespective of the
> VMA approach.
> 
> On the whole VMA approach, Andy I know you hate it with a passion, but I really
> rather like how it ties the LDT to the process that it belongs to and it
> reduces the amount of 'special' pages in the whole PTI mapping.
> 
> I'm not the one going to make the decision on this; but I figured I at least
> post a version without the obvious crap parts of the last one.
> 
> Note: if we were to also disallow munmap() for special mappings (which I
> suppose makes perfect sense) then we could further reduce the actual LDT
> code (we'd no longer need the sm::close callback and related things).

That makes a lot of sense for the other special mapping users like VDSO and
kprobes.

Thanks,

	tglx