| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Mar 2009 04:09:50 +0100 From: Eric Dumazet <dada1@...mosbay.com> To: Andrew Morton <akpm@...ux-foundation.org> CC: Jeff Moyer <jmoyer@...hat.com>, Avi Kivity <avi@...hat.com>, linux-aio <linux-aio@...ck.org>, zach.brown@...cle.com, bcrl@...ck.org, linux-kernel@...r.kernel.org, Davide Libenzi <davidel@...ilserver.org>, Christoph Lameter <cl@...ux-foundation.org> Subject: Re: [patch] aio: remove aio-max-nr and instead use the memlock rlimit to limit the number of pages pinned for the aio completion ring Eric Dumazet a écrit : > Eric Dumazet a écrit : >> Jeff Moyer a écrit : >>> Avi Kivity <avi@...hat.com> writes: >>> >>>> Jeff Moyer wrote: >>>>> Hi, >>>>> >>>>> Believe it or not, I get numerous questions from customers about the >>>>> suggested tuning value of aio-max-nr. aio-max-nr limits the total >>>>> number of io events that can be reserved, system wide, for aio >>>>> completions. Each time io_setup is called, a ring buffer is allocated >>>>> that can hold nr_events I/O completions. That ring buffer is then >>>>> mapped into the process' address space, and the pages are pinned in >>>>> memory. So, the reason for this upper limit (I believe) is to keep a >>>>> malicious user from pinning all of kernel memory. Now, this sounds like >>>>> a much better job for the memlock rlimit to me, hence the following >>>>> patch. >>>>> >>>> Is it not possible to get rid of the pinning entirely? Pinning >>>> interferes with page migration which is important for NUMA, among >>>> other issues. >>> aio_complete is called from interrupt handlers, so can't block faulting >>> in a page. Zach mentions there is a possibility of handing completions >>> off to a kernel thread, with all of the performance worries and extra >>> bookkeeping that go along with such a scheme (to help frame my concerns, >>> I often get lambasted over .5% performance regressions). >> This aio_completion from interrupt handlers keep us from using SLAB_DESTROY_BY_RCU >> instead of call_rcu() for "struct file" freeing. >> >> http://lkml.org/lkml/2008/12/17/364 >> >> I would love if we could get rid of this mess... > > Speaking of that, I tried to take a look at this aio stuff and have one question. > > Assuming that __fput() cannot be called from interrupt context. > -> fput() should not be called from interrupt context as well. > > How comes we call fput(req->ki_eventfd) from really_put_req() > from interrupt context ? > > If user program closes eventfd, then inflight AIO requests can trigger > a bug. > Path could be : 1) fput() changes so that calling it from interrupt context is possible (Using a working queue to make sure __fput() is called from process context) 2) Changes aio to use fput() as is (and zap its internal work_queue and aio_fput_routine() stuff) 3) Once atomic_long_dec_and_test(&filp->f_count) only performed in fput(), SLAB_DESTROY_BY_RCU for "struct file" get back :) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists