| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <248392c0-52d1-d09d-75ec-9e930435c053@redhat.com>
Date: Thu, 6 Apr 2023 17:51:52 +0200
From: David Hildenbrand <david@...hat.com>
To: Peter Zijlstra <peterz@...radead.org>,
Marcelo Tosatti <mtosatti@...hat.com>
Cc: Frederic Weisbecker <frederic@...nel.org>,
Yair Podemsky <ypodemsk@...hat.com>, linux@...linux.org.uk,
mpe@...erman.id.au, npiggin@...il.com, christophe.leroy@...roup.eu,
hca@...ux.ibm.com, gor@...ux.ibm.com, agordeev@...ux.ibm.com,
borntraeger@...ux.ibm.com, svens@...ux.ibm.com,
davem@...emloft.net, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, dave.hansen@...ux.intel.com, x86@...nel.org,
hpa@...or.com, will@...nel.org, aneesh.kumar@...ux.ibm.com,
akpm@...ux-foundation.org, arnd@...db.de, keescook@...omium.org,
paulmck@...nel.org, jpoimboe@...nel.org, samitolvanen@...gle.com,
ardb@...nel.org, juerg.haefliger@...onical.com,
rmk+kernel@...linux.org.uk, geert+renesas@...der.be,
tony@...mide.com, linus.walleij@...aro.org,
sebastian.reichel@...labora.com, nick.hawkins@....com,
linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linuxppc-dev@...ts.ozlabs.org, linux-s390@...r.kernel.org,
sparclinux@...r.kernel.org, linux-arch@...r.kernel.org,
linux-mm@...ck.org, vschneid@...hat.com, dhildenb@...hat.com,
alougovs@...hat.com, jannh@...gle.com,
Yang Shi <shy828301@...il.com>
Subject: Re: [PATCH 3/3] mm/mmu_gather: send tlb_remove_table_smp_sync IPI
only to CPUs in kernel mode
On 06.04.23 17:02, Peter Zijlstra wrote:
> On Thu, Apr 06, 2023 at 04:04:23PM +0200, Peter Zijlstra wrote:
>> On Thu, Apr 06, 2023 at 03:29:28PM +0200, Peter Zijlstra wrote:
>>> On Thu, Apr 06, 2023 at 09:38:50AM -0300, Marcelo Tosatti wrote:
>>>
>>>>> To actually hit this path you're doing something really dodgy.
>>>>
>>>> Apparently khugepaged is using the same infrastructure:
>>>>
>>>> $ grep tlb_remove_table khugepaged.c
>>>> tlb_remove_table_sync_one();
>>>> tlb_remove_table_sync_one();
>>>>
>>>> So just enabling khugepaged will hit that path.
>>>
>>> Urgh, WTF..
>>>
>>> Let me go read that stuff :/
>>
>> At the very least the one on collapse_and_free_pmd() could easily become
>> a call_rcu() based free.
>>
>> I'm not sure I'm following what collapse_huge_page() does just yet.
>
> DavidH, what do you thikn about reviving Jann's patches here:
>
> https://bugs.chromium.org/p/project-zero/issues/detail?id=2365#c1
>
> Those are far more invasive, but afaict they seem to do the right thing.
>
I recall seeing those while discussed on security@...nel.org. What we
currently have was (IMHO for good reasons) deemed better to fix the
issue, especially when caring about backports and getting it right.
The alternative that was discussed in that context IIRC was to simply
allocate a fresh page table, place the fresh page table into the list
instead, and simply free the old page table (then using common machinery).
TBH, I'd wish (and recently raised) that we could just stop wasting
memory on page tables for THPs that are maybe never going to get
PTE-mapped ... and eventually just allocate on demand (with some
caching?) and handle the places where we're OOM and cannot PTE-map a THP
in some descend way.
... instead of trying to figure out how to deal with these page tables
we cannot free but have to special-case simply because of GUP-fast.
--
Thanks,
David / dhildenb
Powered by blists - more mailing lists