| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Oct 2007 08:56:18 +1000 From: David Chinner <dgc@....com> To: Jeremy Fitzhardinge <jeremy@...p.org> Cc: David Chinner <dgc@....com>, xfs@....sgi.com, Xen-devel <xen-devel@...ts.xensource.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Mark Williamson <mark.williamson@...cam.ac.uk>, Morten Bøgeskov <xen-users@...ten.bogeskov.dk>, xfs-masters@....sgi.com, nickpiggin@...oo.com.au Subject: Re: Interaction between Xen and XFS: stray RW mappings On Fri, Oct 12, 2007 at 09:58:43AM -0700, Jeremy Fitzhardinge wrote: > Hi Dave & other XFS folk, > > I'm tracking down a bug which appears to be a bad interaction between XFS > and Xen. It looks like XFS is holding RW mappings on free pages, which Xen > is trying to get an exclusive RO mapping on so it can turn them into > pagetables. > > I'm assuming the pages are actually free, and this isn't a use after free > problem. From a quick poke around, the most likely pieces of XFS code is > the stuff in xfs_map.c which creates a virtually contiguous mapping of pages > with vmap, and seems to delay unmapping them. You mean xfs_buf.c. And yes, we delay unmapping pages until we have a batch of them to unmap. vmap and vunmap do not scale, so this is batching helps alleviate some of the worst of the problems. > When pinning a pagetable, Xen tries to eliminate any RW aliases of the pages > its using. This is generally trivial because pages returned by > get_free_page don't have any mappings aside from the normal kernel mapping. > High pages, when using CONFIG_HIGHPTE, may have a residual kmap mapping, so > we clear out the kmap cache if we encounter a highpage in the pagetable. > > I guess we could create a special-case interface to do the same thing with > XFS mappings, but it would be nicer to have something more generic. *nod* > Is my analysis correct? Or should XFS not be holding stray mappings? Or is > there already some kind of generic mechanism I can use to get it to release > its mappings? The xfsbufd cleans out any stale mappings - it's woken by the memory shrinker interface (i.e. calls xfsbufd_wakeup()). Otherwise every 64th buffer being vmap()d will flush out stale mappings. Realistically, if this delayed release of vmaps is a problem for Xen, then I think that some generic VM solution is needed to this problem as vmap() is likely to become more common in future (think large blocks in filesystems). Nick - any comments? Cheers, Dave. -- Dave Chinner Principal Engineer SGI Australian Software Group - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists