| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 Jul 2021 17:52:16 +0800
From: "Longpeng (Mike, Cloud Infrastructure Service Product Dept.)"
<longpeng2@...wei.com>
To: Anthony Yznaga <anthony.yznaga@...cle.com>,
<linux-kernel@...r.kernel.org>, <linux-fsdevel@...r.kernel.org>,
<linux-mm@...ck.org>, <linux-arch@...r.kernel.org>
CC: <mhocko@...nel.org>, <tglx@...utronix.de>, <mingo@...hat.com>,
<bp@...en8.de>, <x86@...nel.org>, <hpa@...or.com>,
<viro@...iv.linux.org.uk>, <akpm@...ux-foundation.org>,
<arnd@...db.de>, <ebiederm@...ssion.com>, <keescook@...omium.org>,
<gerg@...ux-m68k.org>, <ktkhai@...tuozzo.com>,
<christian.brauner@...ntu.com>, <peterz@...radead.org>,
<esyr@...hat.com>, <jgg@...pe.ca>, <christian@...lner.me>,
<areber@...hat.com>, <cyphar@...har.com>,
<steven.sistare@...cle.com>,
"Gonglei (Arei)" <arei.gonglei@...wei.com>
Subject: Re: [RFC PATCH 0/5] madvise MADV_DOEXEC
Hi Anthony and Steven,
在 2020/7/28 1:11, Anthony Yznaga 写道:
> This patchset adds support for preserving an anonymous memory range across
> exec(3) using a new madvise MADV_DOEXEC argument. The primary benefit for
> sharing memory in this manner, as opposed to re-attaching to a named shared
> memory segment, is to ensure it is mapped at the same virtual address in
> the new process as it was in the old one. An intended use for this is to
> preserve guest memory for guests using vfio while qemu exec's an updated
> version of itself. By ensuring the memory is preserved at a fixed address,
> vfio mappings and their associated kernel data structures can remain valid.
> In addition, for the qemu use case, qemu instances that back guest RAM with
> anonymous memory can be updated.
>
We have a requirement like yours, but ours seems more complex. We want to
isolate some memory regions from the VM's memory space and the start a child
process who will using these memory regions.
I've wrote a draft to support this feature, but I just find that my draft is
pretty like yours.
It seems that you've already abandoned this patchset, why ?
> Patches 1 and 2 ensure that loading of ELF load segments does not silently
> clobber existing VMAS, and remove assumptions that the stack is the only
> VMA in the mm when the stack is set up. Patch 1 re-introduces the use of
> MAP_FIXED_NOREPLACE to load ELF binaries that addresses the previous issues
> and could be considered on its own.
>
> Patches 3, 4, and 5 introduce the feature and an opt-in method for its use
> using an ELF note.
>
> Anthony Yznaga (5):
> elf: reintroduce using MAP_FIXED_NOREPLACE for elf executable mappings
> mm: do not assume only the stack vma exists in setup_arg_pages()
> mm: introduce VM_EXEC_KEEP
> exec, elf: require opt-in for accepting preserved mem
> mm: introduce MADV_DOEXEC
>
> arch/x86/Kconfig | 1 +
> fs/binfmt_elf.c | 196 +++++++++++++++++++++++++--------
> fs/exec.c | 33 +++++-
> include/linux/binfmts.h | 7 +-
> include/linux/mm.h | 5 +
> include/uapi/asm-generic/mman-common.h | 3 +
> kernel/fork.c | 2 +-
> mm/madvise.c | 25 +++++
> mm/mmap.c | 47 ++++++++
> 9 files changed, 266 insertions(+), 53 deletions(-)
>
--
Sincerely yours,
Longpeng(Mike)
Powered by blists - more mailing lists