| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Mar 2011 15:04:01 +0100 From: Andrea Arcangeli <aarcange@...hat.com> To: Hidetoshi Seto <seto.hidetoshi@...fujitsu.com> Cc: Andi Kleen <andi@...stfloor.org>, Andrew Morton <akpm@...ux-foundation.org>, Huang Ying <ying.huang@...el.com>, Jin Dongming <jin.dongming@...css.fujitsu.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH 3/4] Check whether pages are poisoned before copying Hello Hidetoshi, On Thu, Mar 17, 2011 at 04:43:03PM +0900, Hidetoshi Seto wrote: > Still I think making the window smaller than now is worthwhile, > no matter it is change from 0.1% to 0.01%, or from 0.01% to 0.001%. > > Or did you find the downside of the check here? Well it makes the code more a little more complicated for something that looks impossible to trigger in the first place. The slowdown of these changes is probably not significant because the 2m copy should dominate the collapse_huge_page cost, but it still add locked ops and loops that weren't there before so technically it is a microslowdown. NOTE: if this closed the race window 100% I would not disagree with this. If there's still a 0.001% chance of hitting the race like Andi hints, then I don't find it very attractive. I think memory failure isn't 100% correct and probably it's impossible to make it 100% correct across the whole kernel (for example the compound_head is safe for THP but it's still unsafe for hugetlbfs while the page is being tear down), so it's probably ok that it tends to work in practice 100% reliably when the task is running in userland but we leave holes when kernel is mangling the page structures and moving stuff around, otherwise we litter the kernel code without much practical benefit, I guess KSM has the same issues of khugepaged for example. So again, I'm not against making these changes, but I don't find them very attractive and I'm unsure if we should go down this route whenever the objective of the patch is only to reduce the race window (that is incredibly small and not reproducible to start with, and it's a theoretical race that hardly anybody could trigger) instead of actually closing the race completely. But thanks a lot for your effort, I see your point, I'm just not sure if it's worth it. I think I'll let other comments on this... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists