| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jul 2016 18:50:32 -0400 From: Chris Metcalf <cmetcalf@...lanox.com> To: Andy Lutomirski <luto@...capital.net> CC: Gilad Ben Yossef <giladb@...lanox.com>, Steven Rostedt <rostedt@...dmis.org>, Ingo Molnar <mingo@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Andrew Morton <akpm@...ux-foundation.org>, "Rik van Riel" <riel@...hat.com>, Tejun Heo <tj@...nel.org>, Frederic Weisbecker <fweisbec@...il.com>, Thomas Gleixner <tglx@...utronix.de>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Christoph Lameter <cl@...ux.com>, Viresh Kumar <viresh.kumar@...aro.org>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will.deacon@....com>, Daniel Lezcano <daniel.lezcano@...aro.org>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>, Linux API <linux-api@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v13 00/12] support "task_isolation" mode On 7/18/2016 6:11 PM, Andy Lutomirski wrote: >>> As an example, enough vmalloc/vfree activity will eventually cause >>> flush_tlb_kernel_range to be called and*boom*, there goes your shiny >>> production dataplane application. >> >> Well, that's actually a refinement that I did not inflict on this patch >> series. > Submit it separately, perhaps? > > The "kill the process if it goofs" thing while there are known goofs > in the kernel, apparently with patches written but unsent, seems > questionable. Sure, that's a good idea. I think what I will plan to do is, once the patch series is accepted into some tree, return to this piece. I'll have to go back and look at the internal Tilera version of this code, since we have diverged quite a ways from that in the 13 versions of the patch series, but my memory is that the kernel TLB flush management was the only substantial piece of additional code not in the initial batch of changes. The extra requirement is the need to have a hook very early on in the kernel entry path that you can hook in all paths; arm64 has the ct_user_exit macro and tile has the finish_interrupt_save macro, but I'm not sure there's something equivalent on x86 to catch all entries. It's worth noting that the typical target application for task isolation, though (at least in our experience) is a pretty dedicated machine, with the primary application running in task isolation mode almost all of the time, and so you are generally in pretty good control of all aspects of the system, including whether or not you are generating kernel TLB flushes from your non task isolation cores. So I would argue the kernel TLB flush management piece is an improvement to, not a requirement for, the main patch series. -- Chris Metcalf, Mellanox Technologies http://www.mellanox.com
Powered by blists - more mailing lists