From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=0xW6=CN=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1
	autolearn=unavailable autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3E51CC43461
	for <linux-mm@archiver.kernel.org>; Fri,  4 Sep 2020 20:18:28 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id DA7372084D
	for <linux-mm@archiver.kernel.org>; Fri,  4 Sep 2020 20:18:27 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="WM6pVwt3"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DA7372084D
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 2DFCB6B0002; Fri,  4 Sep 2020 16:18:26 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 2904C6B0003; Fri,  4 Sep 2020 16:18:26 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 157E26B0037; Fri,  4 Sep 2020 16:18:26 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0044.hostedemail.com [216.40.44.44])
	by kanga.kvack.org (Postfix) with ESMTP id F36D06B0002
	for <linux-mm@kvack.org>; Fri,  4 Sep 2020 16:18:25 -0400 (EDT)
Received: from smtpin29.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id B462A181AEF07
	for <linux-mm@kvack.org>; Fri,  4 Sep 2020 20:18:25 +0000 (UTC)
X-FDA: 77226491370.29.news50_0b178d2270b5
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin29.hostedemail.com (Postfix) with ESMTP id 8DE8618085CE0
	for <linux-mm@kvack.org>; Fri,  4 Sep 2020 20:18:25 +0000 (UTC)
X-HE-Tag: news50_0b178d2270b5
X-Filterd-Recvd-Size: 5207
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120])
	by imf44.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Fri,  4 Sep 2020 20:18:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1599250704;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=4ur9HpmZf28TON8CHWc9+9TwgcC5lgzfKgaHYfzgcxs=;
	b=WM6pVwt3EX3U9cvMGrv0oWw7pWAsn4tTazjggQ4WJdAnU8oY+hVJUaisCB6ChKRGNsiCTF
	Xrz7eIEuiLGA1Sw5zJ2nhcfwD/Rx+W29Y7Ii+ihixHIYK69POJ+/jdEiX/WAc8qypElKLc
	O/m6w892SGpLv7nVlHgYoiyO6f8l7X8=
Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com
 [209.85.208.69]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-31-xNtw8kL7PcmKe-XS5gFuXQ-1; Fri, 04 Sep 2020 16:18:20 -0400
X-MC-Unique: xNtw8kL7PcmKe-XS5gFuXQ-1
Received: by mail-ed1-f69.google.com with SMTP id r8so3102682edy.17
        for <linux-mm@kvack.org>; Fri, 04 Sep 2020 13:18:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=4ur9HpmZf28TON8CHWc9+9TwgcC5lgzfKgaHYfzgcxs=;
        b=XMfSXDYfTsSLmceJbDKx96WJNK5mZIuz0OrGSgkWuRKE5VFJG6uKwk5lejutXn/0f5
         AtVkmNRKz2x6wmbtYwXFIYOvl/kBP+VyF8WXcdqMrPKJCyRayuPcGO9hfHuktaLNzSLj
         q11XQchYvTGP5xE4DZf+nxTnWJq7GpCpfdcaQc46s0oUk5k2osq+BC4+PKN/xlBXa/8c
         2mr4XM033X7S5ZMfHdAofgzGEro07paRkRME8a0Nxe59MQpv5vnpeo442R/hr3+hsmkb
         L2dXceVQz1nMqaN6DWSfDT30aQSKtSvUB0c/w6+sxMMqzmme0M1oWY3heGEcuBqX2kiv
         x/nA==
X-Gm-Message-State: AOAM532+xI6Bs9i5nuzZirA51DzjYowyttqHJ5qG3uymIw4HfucIxVg2
	UuSA+8+W90zUaDxkiccr4zYh34CAxrxnkgIck6cnqGrgDoklNSTH1yfhtEDxEvhs3dPVJ2ybchB
	b2GI34wEWfv4=
X-Received: by 2002:a17:906:b154:: with SMTP id bt20mr9625635ejb.272.1599250699549;
        Fri, 04 Sep 2020 13:18:19 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJw8Ggiccs73r/w622i0UNJHJe4gtmawevHQ5W9SQCuqBXAXICrfKwM/er78OQ+xfgsFYnvaOA==
X-Received: by 2002:a17:906:b154:: with SMTP id bt20mr9625611ejb.272.1599250699359;
        Fri, 04 Sep 2020 13:18:19 -0700 (PDT)
Received: from ?IPv6:2001:b07:6468:f312:6276:52ed:96d5:c094? ([2001:b07:6468:f312:6276:52ed:96d5:c094])
        by smtp.gmail.com with ESMTPSA id ci27sm7276701ejc.23.2020.09.04.13.18.18
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 04 Sep 2020 13:18:18 -0700 (PDT)
Subject: Re: [RESEND RFC PATCH 0/5] Remote mapping
To: Florian Weimer <fw@deneb.enyo.de>, =?UTF-8?Q?Adalbert_Laz=c4=83r?=
 <alazar@bitdefender.com>
Cc: linux-mm@kvack.org, linux-api@vger.kernel.org,
 Andrew Morton <akpm@linux-foundation.org>, Alexander Graf <graf@amazon.com>,
 Stefan Hajnoczi <stefanha@redhat.com>, Jerome Glisse <jglisse@redhat.com>,
 =?UTF-8?Q?Mihai_Don=c8=9bu?= <mdontu@bitdefender.com>,
 Mircea Cirjaliu <mcirjaliu@bitdefender.com>,
 Andy Lutomirski <luto@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
 Sargun Dhillon <sargun@sargun.me>, Aleksa Sarai <cyphar@cyphar.com>,
 Oleg Nesterov <oleg@redhat.com>, Jann Horn <jannh@google.com>,
 Kees Cook <keescook@chromium.org>, Matthew Wilcox <willy@infradead.org>,
 Christian Brauner <christian.brauner@ubuntu.com>
References: <20200904113116.20648-1-alazar@bitdefender.com>
 <87pn71gxi8.fsf@mid.deneb.enyo.de>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <5447a405-4e4f-8034-eb86-ec2f6ddf45f0@redhat.com>
Date: Fri, 4 Sep 2020 22:18:17 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <87pn71gxi8.fsf@mid.deneb.enyo.de>
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=pbonzini@redhat.com
X-Mimecast-Spam-Score: 0.001
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-Rspamd-Queue-Id: 8DE8618085CE0
X-Spamd-Result: default: False [0.00 / 100.00]
X-Rspamd-Server: rspam01
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On 04/09/20 21:19, Florian Weimer wrote:
> I'm not sure what the advantage is of returning separate file
> descriptors, and nit operating directly on the pidfd.

For privilege separation.  So far, the common case of pidfd operations
has been that whoever possesses a pidfd has "power" over the target
process.  Here however we also want to cover the case where one
privileged process wants to set up and manage a memory range for
multiple children.  The privilege process can do so by passing the
access file descriptor via SCM_RIGHTS.

We also want different children to have visibility over different
ranges, which is why there are multiple control fds rather than using
the pidfd itself as control fd.  You could have the map/unmap/lock ioctl
on the pidfd itself and the access fd as an argument of the ioctl, but
it seems cleaner to represent the pidfd-mem control capability as its
own file descriptor.

Paolo