| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Mar 2015 22:30:35 +0000 (UTC) From: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Michael Sullivan <sully@...lly.net>, lttng-dev@...ts.lttng.org, LKML <linux-kernel@...r.kernel.org>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Peter Zijlstra <peterz@...radead.org>, Ingo Molnar <mingo@...nel.org>, Thomas Gleixner <tglx@...utronix.de>, Steven Rostedt <rostedt@...dmis.org> Subject: Re: Alternative to signals/sys_membarrier() in liburcu ----- Original Message ----- > From: "Linus Torvalds" <torvalds@...ux-foundation.org> > To: "Mathieu Desnoyers" <mathieu.desnoyers@...icios.com> > Cc: "Michael Sullivan" <sully@...lly.net>, lttng-dev@...ts.lttng.org, "LKML" <linux-kernel@...r.kernel.org>, "Paul E. > McKenney" <paulmck@...ux.vnet.ibm.com>, "Peter Zijlstra" <peterz@...radead.org>, "Ingo Molnar" <mingo@...nel.org>, > "Thomas Gleixner" <tglx@...utronix.de>, "Steven Rostedt" <rostedt@...dmis.org> > Sent: Thursday, March 12, 2015 5:47:05 PM > Subject: Re: Alternative to signals/sys_membarrier() in liburcu > > On Thu, Mar 12, 2015 at 1:53 PM, Mathieu Desnoyers > <mathieu.desnoyers@...icios.com> wrote: > > > > So the question as it stands appears to be: would you be comfortable > > having users abuse mprotect(), relying on its side-effect of issuing > > a smp_mb() on each targeted CPU for the TLB shootdown, as > > an effective implementation of process-wide memory barrier ? > > Be *very* careful. > > Just yesterday, in another thread (discussing the auto-numa TLB > performance regression), we were discussing skipping the TLB > invalidates entirely if the mprotect relaxes the protections. > > Because if you *used* to be read-only, and them mprotect() something > so that it is read-write, there really is no need to send a TLB > invalidate, at least on x86. You can just change the page tables, and > *if* any entries are stale in the TLB they'll take a microfault on > access and then just reload the TLB. > > So mprotect() to a more permissive mode is not necessarily serializing. The idea here is to always mprotect() to a more restrictive mode, which should trigger the TLB shootdown. > > Also, you need to make sure that your page is actually in memory, > because otherwise the kernel may end up seeing "oh, it's not even > present", and never flush the TLB at all. > > So now you need to mlock that page. Which can be problematic for non-root. I'm aware the default amount of locked memory is usually quite low (64kB here). So we'd need to handle cases where we run out of locked memory. We could fallback to a slower userspace RCU scheme if this occurs. > > In other words, I'd be a bit leery about it. There may be other > gotcha's about it. Looking again at this old proposed patch (https://lkml.org/lkml/2010/4/18/15) which adds a few memory barriers around updates to mm_cpumask for sys_membarrier makes me wonder whether mprotect() may not skip some CPU from the mask that would actually need to be taken care of in very narrow race scenarios. Thanks, Mathieu > > Linus > -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists