| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 7 Oct 2014 09:13:20 -0700 From: Peter Feiner <pfeiner@...gle.com> To: Andrea Arcangeli <aarcange@...hat.com> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, "Dr. David Alan Gilbert" <dgilbert@...hat.com>, qemu-devel@...gnu.org, KVM list <kvm@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, linux-mm <linux-mm@...ck.org>, Linux API <linux-api@...r.kernel.org>, Andres Lagar-Cavilla <andreslc@...gle.com>, Dave Hansen <dave@...1.net>, Paolo Bonzini <pbonzini@...hat.com>, Rik van Riel <riel@...hat.com>, Mel Gorman <mgorman@...e.de>, Andy Lutomirski <luto@...capital.net>, Andrew Morton <akpm@...ux-foundation.org>, Sasha Levin <sasha.levin@...cle.com>, Hugh Dickins <hughd@...gle.com>, Christopher Covington <cov@...eaurora.org>, Johannes Weiner <hannes@...xchg.org>, Android Kernel Team <kernel-team@...roid.com>, Robert Love <rlove@...gle.com>, Dmitry Adamushko <dmitry.adamushko@...il.com>, Neil Brown <neilb@...e.de>, Mike Hommey <mh@...ndium.org>, Taras Glek <tglek@...illa.com>, Jan Kara <jack@...e.cz>, KOSAKI Motohiro <kosaki.motohiro@...il.com>, Michel Lespinasse <walken@...gle.com>, Minchan Kim <minchan@...nel.org>, Keith Packard <keithp@...thp.com>, "Huangpeng (Peter)" <peter.huangpeng@...wei.com>, Isaku Yamahata <yamahata@...inux.co.jp>, Anthony Liguori <anthony@...emonkey.ws>, Stefan Hajnoczi <stefanha@...il.com>, Wenchao Xia <wenchaoqemu@...il.com>, Andrew Jones <drjones@...hat.com>, Juan Quintela <quintela@...hat.com> Subject: Re: [PATCH 10/17] mm: rmap preparation for remap_anon_pages On Tue, Oct 07, 2014 at 05:52:47PM +0200, Andrea Arcangeli wrote: > I probably grossly overestimated the benefits of resolving the > userfault with a zerocopy page move, sorry. [...] For posterity, I think it's worth noting that most expensive aspect of a TLB shootdown is the interprocessor interrupt necessary to flush other CPUs' TLBs. On a many-core machine, copying 4K of data looks pretty cheap compared to taking an interrupt and invalidating TLBs on many cores :-) > [...] So if we entirely drop the > zerocopy behavior and the TLB flush of the old page like you > suggested, the way to keep the userfaultfd mechanism decoupled from > the userfault resolution mechanism would be to implement an > atomic-copy syscall. That would work for SIGBUS userfaults too without > requiring a pseudofd then. It would be enough then to call > mcopy_atomic(userfault_addr,tmp_addr,len) with the only constraints > that len must be a multiple of PAGE_SIZE. Of course mcopy_atomic > wouldn't page fault or call GUP into the destination address (it can't > otherwise the in-flight partial copy would be visible to the process, > breaking the atomicity of the copy), but it would fill in the > pte/trans_huge_pmd with the same strict behavior that remap_anon_pages > currently has (in turn it would by design bypass the VM_USERFAULT > check and be ideal for resolving userfaults). > > mcopy_atomic could then be also extended to tmpfs and it would work > without requiring the source page to be a tmpfs page too without > having to convert page types on the fly. > > If I add mcopy_atomic, the patch in subject (10/17) can be dropped of > course so it'd be even less intrusive than the current > remap_anon_pages and it would require zero TLB flush during its > runtime (it would just require an atomic copy). I like this new approach. It will be good to have a single interface for resolving anon and tmpfs userfaults. > So should I try to embed a mcopy_atomic inside userfault_write or can > I expose it to userland as a standalone new syscall? Or should I do > something different? Comments? One interesting (ab)use of userfault_write would be that the faulting process and the fault-handling process could be different, which would be necessary for post-copy live migration in CRIU (http://criu.org). Aside from the asthetic difference, I can't think of any advantage in favor of a syscall. Peter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists