On Thu, Jan 07, 2021 at 03:04:00PM -0500, Andrea Arcangeli wrote: > vmsplice syscall API is insecure allowing long term GUP PINs without > privilege.
Lots of places are relying on pin_user_pages long term pins of memory, and cannot be converted to notifiers. I don't think it is reasonable to just declare that insecure and requires privileges, it is a huge ABI break. FWIW, vhost tries to use notifiers as a replacement for GUP, and I think it ended up quite strange and complicated. It is hard to maintain performance when every access to the pages needs to hold some protection against parallel invalidation. Jason
