| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Apr 2009 00:35:45 +0200 From: Andi Kleen <andi@...stfloor.org> To: Christoph Lameter <cl@...ux.com> Cc: Andi Kleen <andi@...stfloor.org>, Lee.Schermerhorn@...com, npiggin@...e.de, linux-kernel@...r.kernel.org, linux-mm@...ck.org, x86@...nel.org Subject: Re: [PATCH] [10/16] POISON: Use bitmask/action code for try_to_unmap behaviour On Tue, Apr 07, 2009 at 06:04:39PM -0400, Christoph Lameter wrote: > On Tue, 7 Apr 2009, Andi Kleen wrote: > > > > Ignoring MLOCK? This means we are violating POSIX which says that an > > > MLOCKed page cannot be unmapped from a process? > > > > I'm sure if you can find sufficiently vague language in the document > > to standards lawyer around that requirement @) > > > > The alternative would be to panic. > > > If you unmmap a MLOCKed page then you may get memory corruption because > f.e. the Infiniband layer is doing DMA to that page. The page is not going away, it's poisoned in hardware and software and stays. There is currently no mechanism to unpoison pages without rebooting. DMA should actually cause a bus abort on the hardware level, at least for RMW. I currently don't have a cancel mechanism for such kinds of mappings though. It just does cancel_dirty_page(), but when IO is happening In theory one could add a more forceful IO cancel mechanism using special driver callbacks, but I'm not sure it's worth it. Normally the hardware should abort on hitting poison (although some might do strange things) and you'll get some more (recoverable) machine checks. > > > How does that work for the poisoning case? We substitute a fresh page? > > > > It depends on the state of the page. If it was a clean disk mapped > > page yes (it's just invalidated and can be reloaded). If it's a dirty anon > > page the process is normally killed first (with advisory mode on) or only > > killed when it hits the corrupted page. The process can also > > catch the signal if it choses so. The late killing works with > > a special entry similar to the migration case, but that results > > in a special SIGBUS. > > I think a process needs to be killed if any MLOCKed page gets corrupted > because the OS cannot keep the POSIX guarantees. That's the default behaviour with vm.memory_failure_early_kill = 1 However the process can catch the signal if it wants. -Andi -- ak@...ux.intel.com -- Speaking for myself only. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists