lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 01 Apr 2009 21:36:31 -0500
From:	Anthony Liguori <anthony@...emonkey.ws>
To:	Chris Wright <chrisw@...hat.com>
CC:	Andrea Arcangeli <aarcange@...hat.com>,
	Izik Eidus <ieidus@...hat.com>, linux-kernel@...r.kernel.org,
	kvm@...r.kernel.org, linux-mm@...ck.org, avi@...hat.com,
	riel@...hat.com, jeremy@...p.org, mtosatti@...hat.com,
	hugh@...itas.com, corbet@....net, yaniv@...hat.com,
	dmonakhov@...nvz.org
Subject: Re: [PATCH 4/4] add ksm kernel shared memory driver.

Chris Wright wrote:
> * Anthony Liguori (anthony@...emonkey.ws) wrote:
>   
>> The ioctl() interface is quite bad for what you're doing.  You're  
>> telling the kernel extra information about a VA range in userspace.   
>> That's what madvise is for.  You're tweaking simple read/write values of  
>> kernel infrastructure.  That's what sysfs is for.
>>     
>
> I agree re: sysfs (brought it up myself before).  As far as madvise vs.
> ioctl, the one thing that comes from the ioctl is fops->release to
> automagically unregister memory on exit.

This is precisely why ioctl() is a bad interface.  fops->release isn't 
tied to the process but rather tied to the open file.  The file can stay 
open long after the process exits either by a fork()'d child inheriting 
the file descriptor or through something more sinister like SCM_RIGHTS.

In fact, a common mistake is to leak file descriptors by not closing 
them when exec()'ing a process.  Instead of just delaying a close, if 
you rely on this behavior to unregister memory regions, you could 
potentially have badness happen in the kernel if ksm attempted to access 
an invalid memory region.

So you absolutely have to automatically unregister regions in something 
other than the fops->release handler based on something that's tied to 
the pid's life cycle.

Using an interface like madvise() would force the issue to be dealt with 
properly from the start :-)

I'm often afraid of what sort of bugs we'd uncover in kvm if we passed 
the fds around via SCM_RIGHTS and started poking around :-/

Regards,

Anthony Liguori


>   This needs to be handled
> anyway if some -p pid is added to add a process after it's running,
> so less weight there.
>
> thanks,
> -chris
>   

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ