| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Apr 2023 19:09:51 +0200
From: David Hildenbrand <david@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: Chao Peng <chao.p.peng@...ux.intel.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>,
"Maciej S . Szmigiero" <mail@...iej.szmigiero.name>,
Vlastimil Babka <vbabka@...e.cz>,
Vishal Annapurve <vannapurve@...gle.com>,
Yu Zhang <yu.c.zhang@...ux.intel.com>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
dhildenb@...hat.com, Quentin Perret <qperret@...gle.com>,
tabba@...gle.com, Michael Roth <michael.roth@....com>,
wei.w.wang@...el.com, Mike Rapoport <rppt@...nel.org>,
Liam Merwick <liam.merwick@...cle.com>,
Isaku Yamahata <isaku.yamahata@...il.com>,
Jarkko Sakkinen <jarkko@...nel.org>,
Ackerley Tng <ackerleytng@...gle.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: Rename restrictedmem => guardedmem? (was: Re: [PATCH v10 0/9]
KVM: mm: fd-based approach for supporting KVM)
On 17.04.23 18:40, Sean Christopherson wrote:
> On Mon, Apr 17, 2023, David Hildenbrand wrote:
>> On 17.04.23 17:40, Sean Christopherson wrote:
>>> I want to start referring to the code/patches by its syscall/implementation name
>>> instead of "UPM", as "UPM" is (a) very KVM centric, (b) refers to the broader effort
>>> and not just the non-KVM code, and (c) will likely be confusing for future reviewers
>>> since there's nothing in the code that mentions "UPM" in any way.
>>>
>>> But typing out restrictedmem is quite tedious, and git grep shows that "rmem" is
>>> already used to refer to "reserved memory".
>>>
>>> Renaming the syscall to "guardedmem"...
>>
>> restrictedmem, guardedmem, ... all fairly "suboptimal" if you'd ask me ...
>
> I'm definitely open to other suggestions, but I suspect it's going to be difficult
> to be more precise than something like "guarded".
Guardedmem is just as bad as restrictedmem IMHO, sorry.
Restricted: what's restricted? how does the restriction manifest?
secretmem also has it's restrictions/limitations (pinning), why does
that one not fall under the same category?
Make a stranger guess what "restrictedmem" is and I can guarantee that
it has nothing to do with the concept we're introducing here.
Guarded: what's guarded? From whom? For which purpose? How does the
"guarding" manifest?
Again, make a stranger guess what "guardedmem" is and I can guarantee
that it has nothing to do with the concept we're introducing here.
If, at all, the guess might be "guarded storage" [1] on s390x, which, of
course, has nothing to do with the concept here. (storage on s390x is
just the dinosaur slang for memory)
Often, if we fail to find a good name, the concept is either unclear or
not well defined.
So what are the characteristics we want to generalize under that new
name? We want to have an fd, that
(a) cannot be mapped into user space (mmap)
(b) cannot be accessed using ordinary system calls (read/write)
(c) can still be managed like other fds (fallocate, future NUMA
policies?)
(d) can be consumed by some special entities that are allowed to
read/write/map.
So the fd content is inaccessible using the ordinary POSIX syscalls.
It's only accessible by special entities (e.g., KVM).
Most probably I am forgetting something. But maybe that will help to
find a more expressive name. Maybe :)
>
> E.g. we discussed "unmappable" at one point, but the memory can still be mapped,
> just not via mmap(). And it's not just about mappings, e.g. read() and its many
> variants are all disallowed too, despite the kernel direct map still being live
> (modulo SNP requirements).
>
[1] https://man.archlinux.org/man/s390_guarded_storage.2.en
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists