[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171016205822.dgcp2klsosqq6a5f@dhcp22.suse.cz>
Date: Mon, 16 Oct 2017 22:58:22 +0200
From: Michal Hocko <mhocko@...nel.org>
To: Mike Kravetz <mike.kravetz@...cle.com>
Cc: Guy Shattah <sguy@...lanox.com>,
Christopher Lameter <cl@...ux.com>, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, linux-api@...r.kernel.org,
Marek Szyprowski <m.szyprowski@...sung.com>,
Michal Nazarewicz <mina86@...a86.com>,
"Aneesh Kumar K . V" <aneesh.kumar@...ux.vnet.ibm.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Anshuman Khandual <khandual@...ux.vnet.ibm.com>,
Laura Abbott <labbott@...hat.com>,
Vlastimil Babka <vbabka@...e.cz>
Subject: Re: [RFC PATCH 3/3] mm/map_contig: Add mmap(MAP_CONTIG) support
On Mon 16-10-17 13:32:45, Mike Kravetz wrote:
> On 10/16/2017 11:07 AM, Michal Hocko wrote:
[...]
> > That depends on who is actually going to use the contiguous memory. If
> > we are talking about drivers to communication to the userspace then
> > using driver specific fd with its mmap implementation then we do not
> > need any special fs nor a seperate infrastructure. Well except for a
> > library function to handle the MM side of the thing.
>
> If we embed this functionality into device specific mmap calls it will
> closely tie the usage to the devices. However, don't we still have to
> worry about potential interaction with other parts of the mm as you mention
> below? I guess that would be the library function and how it is used
> by drivers.
Yes, those problems with pinning the amount of contiguous memory are
simply inherent. You have to be really careful when allowing to reserve large
partions of the contiguous memory. Especially if this is going to be a
very dynamic allocator. The main advantage of the per
device mmap is that it has its access control by default via file
permissions. You can simply rule the untrusted user out of the game. You
can also implement the per device usage limits. So you have some tools to
keep the usage under leash and evaluate potential costs vs. benefits.
That sounds to me much more safer than a generic API which would have
a tricky accounting and access control restrictions.
--
Michal Hocko
SUSE Labs
Powered by blists - more mailing lists