| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 08 May 2014 09:38:40 -0700 From: John Stultz <john.stultz@...aro.org> To: Minchan Kim <minchan@...nel.org> CC: LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Android Kernel Team <kernel-team@...roid.com>, Johannes Weiner <hannes@...xchg.org>, Robert Love <rlove@...gle.com>, Mel Gorman <mel@....ul.ie>, Hugh Dickins <hughd@...gle.com>, Dave Hansen <dave@...1.net>, Rik van Riel <riel@...hat.com>, Dmitry Adamushko <dmitry.adamushko@...il.com>, Neil Brown <neilb@...e.de>, Andrea Arcangeli <aarcange@...hat.com>, Mike Hommey <mh@...ndium.org>, Taras Glek <tglek@...illa.com>, Jan Kara <jack@...e.cz>, KOSAKI Motohiro <kosaki.motohiro@...il.com>, Michel Lespinasse <walken@...gle.com>, Keith Packard <keithp@...thp.com>, "linux-mm@...ck.org" <linux-mm@...ck.org> Subject: Re: [PATCH 2/4] MADV_VOLATILE: Add MADV_VOLATILE/NONVOLATILE hooks and handle marking vmas On 05/07/2014 06:21 PM, Minchan Kim wrote: > Hey John, > > On Tue, Apr 29, 2014 at 02:21:21PM -0700, John Stultz wrote: >> This patch introduces MADV_VOLATILE/NONVOLATILE flags to madvise(), >> which allows for specifying ranges of memory as volatile, and able >> to be discarded by the system. >> >> This initial patch simply adds flag handling to madvise, and the >> vma handling, splitting and merging the vmas as needed, and marking >> them with VM_VOLATILE. >> >> No purging or discarding of volatile ranges is done at this point. >> >> This a simplified implementation which reuses some of the logic >> from Minchan's earlier efforts. So credit to Minchan for his work. > Remove purged argument is really good thing but I'm not sure merging > the feature into madvise syscall is good idea. > My concern is how we support user who don't want SIGBUS. > I believe we should support them because someuser(ex, sanitizer) really > want to avoid MADV_NONVOLATILE call right before overwriting their cache > (ex, If there was purged page for cyclic cache, user should call NONVOLATILE > right before overwriting to avoid SIGBUS). So... Why not use MADV_FREE then for this case? Just to be clear, by moving back to madvise, I'm not trying to replace MADV_FREE. I think you're work there is still useful and splitting the semantics between the two is cleaner. > Moreover, this changes made unmarking cost O(N) so I'd like to avoid > NOVOLATILE syscall if possible. Well, I think that was made in v13, but yes. NONVOLATILE is currently an expensive operation in order to keep the semantics simpler, as requested by Johannes and Kosaki-san. > For me, SIGBUS is more special usecase for code pages but I believe > both are reasonable for each usecase so my preference is MADV_VOLATILE > is just zero-filled page and MADV_VOLATILE_SIGBUS, another new advise > if you really want to merge volatile range feature with madvise. This I disagree with. Even for non-code page cases, SIGBUS on volatile page access is important for normal users who might accidentally touch volatile data, so they know they are corrupting their data. I know Johannes suggested this is simply a use-after-free issue, but I really feel it results in having very strange semantics. And for those cases where there is a benefit to zero-fill, MADV_FREE seems more appropriate. thanks -john -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists