| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Apr 2022 18:01:14 -0400
From: Peter Xu <peterx@...hat.com>
To: Johannes Weiner <hannes@...xchg.org>
Cc: linux-kernel@...r.kernel.org, linux-mm@...ck.org,
Mike Kravetz <mike.kravetz@...cle.com>,
Nadav Amit <nadav.amit@...il.com>,
Matthew Wilcox <willy@...radead.org>,
Mike Rapoport <rppt@...ux.vnet.ibm.com>,
David Hildenbrand <david@...hat.com>,
Hugh Dickins <hughd@...gle.com>,
Jerome Glisse <jglisse@...hat.com>,
"Kirill A . Shutemov" <kirill@...temov.name>,
Andrea Arcangeli <aarcange@...hat.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Axel Rasmussen <axelrasmussen@...gle.com>,
Alistair Popple <apopple@...dia.com>
Subject: Re: [PATCH v8 22/23] mm: Enable PTE markers by default
On Tue, Apr 19, 2022 at 05:24:28PM -0400, Johannes Weiner wrote:
> On Tue, Apr 19, 2022 at 04:28:16PM -0400, Peter Xu wrote:
> > On Tue, Apr 19, 2022 at 04:14:11PM -0400, Johannes Weiner wrote:
> > > On Tue, Apr 19, 2022 at 03:59:21PM -0400, Peter Xu wrote:
> > > > @@ -910,16 +910,16 @@ config ANON_VMA_NAME
> > > Btw, this doesn't do much without userfaultfd being enabled in
> > > general, right?
> >
> > So far yes, but I'm thinking there can be potential other users of
> > PTE_MARKERS from mm world. The most close discussion is on the swap read
> > failures and this patch proposed by Miaohe:
> >
> > https://lore.kernel.org/lkml/20220416030549.60559-1-linmiaohe@huawei.com/
> >
> > So I hope we can still keep them around here under mm/ if possible, and
> > from the gut feeling it really should..
>
> Agreed, mm/ seems a good fit for PTE_MARKER.
>
> If it's invisible and gets selected as needed, it's less of a concern,
> IMO. I'm somewhat worried about when and how the user-visible options
> show up right now, though...
>
> > > Would it make sense to have it next to 'config USERFAULTFD' as a
> > > sub-option?
> >
> > Yes another good question. :)
> >
> > IIUC CONFIG_USERFAULTFD resides in init/Kconfig because it introduces a new
> > syscall. Same to the rest of the bits for uffd since then, namely:
> >
> > - USERFAULTFD_WP
> > - USERFAULTFD_MINOR
> >
> > What I am thinking now is the other way round of your suggestion: whether
> > we should move most of them out, at least the _WP and _MINOR configs into
> > mm/? Because IMHO they are really pure mm ideas and they're irrelevant to
> > syscalls and init.
>
> I'm thinking the MM submenu would probably be a better fit for all
> user-visible userfaultfd options, including the syscall. Like you say,
> it's an MM concept.
>
> But if moving the syscall knob out from init isn't popular, IMO it
> would be better to add the new WP option to init as well. This ensures
> that when somebody selects userfaultfd, they also see the relevant
> suboptions and don't have to chase them down across multiple submenus.
>
> Conversely, they should also have the necessary depend clauses so that
> suboptions aren't visible without the main feature. E.g. it asked me
> for userfaultd options even though I have CONFIG_USERFAULTFD=n.
Hmm, this is a bit weird... since we do have that dependency chain for
PTE_MARKER_UFFD_WP -> HAVE_ARCH_USERFAULTFD_WP -> USERFAULTFD:
in arch/x86/Kconfig:
config X86
...
select HAVE_ARCH_USERFAULTFD_WP if X86_64 && USERFAULTFD
in mm/Kconfig (with/without the "mm/uffd: Hide PTE_MARKER" patch applied):
config PTE_MARKER_UFFD_WP
...
depends on HAVE_ARCH_USERFAULTFD_WP
So logically if !USERFAULTFD we shouldn't see PTE_MARKER_UFFD_WP at all?
That's also what I got when I tried it out for either !USERFAULTFD on x86,
or any non-x86 platforms (because there we have !HAVE_ARCH_USERFAULTFD_WP
constantly irrelevant of USERFAULTFD). Though I could have missed
something..
>
> What do you think?
I don't have a strong preference here, I think it's okay if it's preferred
that we only put user-visible configs into mm/Kconfig. It's just that I
see we have tons of user-invisible configs already in mm/Kconfig, to list
some:
config ARCH_HAS_HUGEPD
config MAPPING_DIRTY_HELPERS
config KMAP_LOCAL
config KMAP_LOCAL_NON_LINEAR_PTE_ARRAY
But I'm not sure whether it's a rule of thumb somewhere else.
At the meantime, I also looked at whether syscall configs are always and
only be put under init/, and funnily I got:
$ find . -name Kconfig | xargs grep --color -E "\".*syscall.*\""
./init/Kconfig: bool "Enable process_vm_readv/writev syscalls"
./init/Kconfig: bool "uselib syscall"
./init/Kconfig: bool "sgetmask/ssetmask syscalls support" if EXPERT
./init/Kconfig: bool "Sysfs syscall support" if EXPERT
./init/Kconfig: bool "open by fhandle syscalls" if EXPERT
./init/Kconfig: bool "Enable madvise/fadvise syscalls" if EXPERT
./arch/xtensa/Kconfig: bool "Enable fast atomic syscalls"
./arch/xtensa/Kconfig: bool "Enable spill registers syscall"
./arch/powerpc/Kconfig: bool "Support setting protections for 4k subpages (subpage_prot syscall)"
./arch/powerpc/Kconfig: bool "Enable filtering of RTAS syscalls"
./arch/Kconfig: bool "Support for randomizing kernel stack offset on syscall entry" if EXPERT
./arch/s390/Kconfig: bool "Verify kernel signature during kexec_file_load() syscall"
./arch/sh/mm/Kconfig: bool "Support vsyscall page"
./arch/x86/Kconfig: bool "Enable vsyscall emulation" if EXPERT
./arch/x86/Kconfig: bool "Verify kernel signature during kexec_file_load() syscall"
./arch/x86/Kconfig: bool "Require a valid signature in kexec_file_load() syscall"
./arch/x86/Kconfig: prompt "vsyscall table for legacy applications"
./arch/arm64/Kconfig: bool "Verify kernel signature during kexec_file_load() syscall"
./arch/arm64/Kconfig: bool "Enable the tagged user addresses syscall ABI"
./kernel/trace/Kconfig: bool "Trace syscalls"
./kernel/trace/Kconfig: bool "Run selftest on syscall events"
So let's put aside arch specific lines, ftrace does have FTRACE_SYSCALLS
that lies in the kernel/trace/ dir.. not sure whether we could move
USERFAULTFD and all the rest into mm/ as well? Or perhaps that's just a
bad example? :)
Thanks,
--
Peter Xu
Powered by blists - more mailing lists