lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Jan 2020 18:58:37 +0300 From: "Kirill A. Shutemov" <kirill@...temov.name> To: Michal Hocko <mhocko@...nel.org> Cc: Minchan Kim <minchan@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, LKML <linux-kernel@...r.kernel.org>, linux-mm <linux-mm@...ck.org>, linux-api@...r.kernel.org, oleksandr@...hat.com, Suren Baghdasaryan <surenb@...gle.com>, Tim Murray <timmurray@...gle.com>, Daniel Colascione <dancol@...gle.com>, Sandeep Patil <sspatil@...gle.com>, Sonny Rao <sonnyrao@...gle.com>, Brian Geffon <bgeffon@...gle.com>, Johannes Weiner <hannes@...xchg.org>, Shakeel Butt <shakeelb@...gle.com>, John Dias <joaodias@...gle.com>, ktkhai@...tuozzo.com, christian.brauner@...ntu.com, sjpark@...zon.de Subject: Re: [PATCH v2 2/5] mm: introduce external memory hinting API On Fri, Jan 17, 2020 at 12:52:25PM +0100, Michal Hocko wrote: > On Thu 16-01-20 15:59:50, Minchan Kim wrote: > > There is usecase that System Management Software(SMS) want to give > > a memory hint like MADV_[COLD|PAGEEOUT] to other processes and > > in the case of Android, it is the ActivityManagerService. > > > > It's similar in spirit to madvise(MADV_WONTNEED), but the information > > required to make the reclaim decision is not known to the app. Instead, > > it is known to the centralized userspace daemon(ActivityManagerService), > > and that daemon must be able to initiate reclaim on its own without > > any app involvement. > > > > To solve the issue, this patch introduces new syscall process_madvise(2). > > It uses pidfd of an external processs to give the hint. > > > > int process_madvise(int pidfd, void *addr, size_t length, int advise, > > unsigned long flag); > > > > Since it could affect other process's address range, only privileged > > process(CAP_SYS_PTRACE) or something else(e.g., being the same UID) > > gives it the right to ptrace the process could use it successfully. > > The flag argument is reserved for future use if we need to extend the > > API. > > > > I think supporting all hints madvise has/will supported/support to > > process_madvise is rather risky. Because we are not sure all hints make > > sense from external process and implementation for the hint may rely on > > the caller being in the current context so it could be error-prone. > > Thus, I just limited hints as MADV_[COLD|PAGEOUT] in this patch. > > > > If someone want to add other hints, we could hear hear the usecase and > > review it for each hint. It's more safe for maintainace rather than > > introducing a buggy syscall but hard to fix it later. > > I have brought this up when we discussed this in the past but there is > no reflection on that here so let me bring that up again. > > I believe that the interface has an inherent problem that it is racy. > The external entity needs to know the address space layout of the target > process to do anyhing useful on it. The address space is however under > the full control of the target process though and the external entity > has no means to find out that the layout has changed. So > time-to-check-time-to-act is an inherent problem. > > This is a serious design flaw and it should be explained why it doesn't > matter or how to use the interface properly to prevent that problem. I agree, it looks flawed. Also I don't see what System Management Software can generically do on sub-process level. I mean how can it decide which part of address space is less important than other. I see how a manager can indicate that this process (or a group of processes) is less important than other, but on per-addres-range basis? -- Kirill A. Shutemov
Powered by blists - more mailing lists