| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250925162426.00007474@huawei.com> Date: Thu, 25 Sep 2025 16:24:26 +0100 From: Jonathan Cameron <jonathan.cameron@...wei.com> To: Gregory Price <gourry@...rry.net> CC: Yiannis Nikolakopoulos <yiannis.nikolakop@...il.com>, Wei Xu <weixugc@...gle.com>, David Rientjes <rientjes@...gle.com>, Matthew Wilcox <willy@...radead.org>, Bharata B Rao <bharata@....com>, <linux-kernel@...r.kernel.org>, <linux-mm@...ck.org>, <dave.hansen@...el.com>, <hannes@...xchg.org>, <mgorman@...hsingularity.net>, <mingo@...hat.com>, <peterz@...radead.org>, <raghavendra.kt@....com>, <riel@...riel.com>, <sj@...nel.org>, <ying.huang@...ux.alibaba.com>, <ziy@...dia.com>, <dave@...olabs.net>, <nifan.cxl@...il.com>, <xuezhengchu@...wei.com>, <akpm@...ux-foundation.org>, <david@...hat.com>, <byungchul@...com>, <kinseyho@...gle.com>, <joshua.hahnjy@...il.com>, <yuanchu@...gle.com>, <balbirs@...dia.com>, <alok.rathore@...sung.com>, <yiannis@...corp.com>, "Adam Manzanares" <a.manzanares@...sung.com> Subject: Re: [RFC PATCH v2 0/8] mm: Hot page tracking and promotion infrastructure On Thu, 25 Sep 2025 11:08:59 -0400 Gregory Price <gourry@...rry.net> wrote: > On Thu, Sep 25, 2025 at 04:00:58PM +0100, Jonathan Cameron wrote: > > Now, if we can put this into a special pool where it is acceptable to drop the writes > > and return poison (so the application crashes) then that may be fine. > > > > Or block writes. Running compressed memory as read only CoW is one way to > > avoid this problem. > > > > This is an interesting thought. If you drop a write and return poison, > can you instead handle the poison message as a fault and promote on > fault? Then you might just be able to turn this whole thing into a > zswap backend that promotes on write. Poison only comes on subsequent read so you don't see anything at write (which are inherently asynchronous due to cache write back). There are only few ways to do writes that are allowed to fail (the 64 byte atomic deferrable write stuff) and I think on all architectures where they can even be pointed at main memory, they only defer if on uncacheable memory. Seeing poison on subsequent read is far too late to promote the page, you've lost the data. The poison only works as ultimate safety gate. Also once you've tripped it the device probably needs to drop all write and return poison on all reads, not just the problem one (otherwise things might fail much later). The CoW thing only works because it's a permissions fault at point of asking for permission to write (so way before it goes into the cache). Then you can check margins to make sure you can still sink all outstanding writes if they become uncompressible and only let the write through if safe - if not promote some stuff before letting it proceed. Or you just promote on write and rely on the demotion path performing those careful checks later. Jonathan > > Then you don't particular care about stronger isolation controls > (except maybe keeping kernel memory out of those regions). > > ~Gregory
Powered by blists - more mailing lists