From: Mel Gorman <mgorman@suse.de>
To: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
Cc: Anisse Astier <anisse@astier.eu>,
Andrew Morton <akpm@linux-foundation.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
David Rientjes <rientjes@google.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>,
PaX Team <pageexec@freemail.hu>,
Brad Spengler <spender@grsecurity.net>,
Kees Cook <keescook@chromium.org>,
Andi Kleen <andi@firstfloor.org>,
"Rafael J. Wysocki" <rjw@rjwysocki.net>,
Pavel Machek <pavel@ucw.cz>, Len Brown <len.brown@intel.com>,
linux-mm@kvack.org, linux-pm@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v4 0/3] Sanitizing freed pages
Date: Tue, 19 May 2015 14:56:04 +0100 [thread overview]
Message-ID: <20150519135604.GE2462@suse.de> (raw)
In-Reply-To: <20150519143540.70410b94@lxorguk.ukuu.org.uk>
On Tue, May 19, 2015 at 02:35:40PM +0100, One Thousand Gnomes wrote:
> > may be some benefits in some cases, I think it's a weak justification for
> > always zeroing pages on free.
>
> There are much better reasons for zero on free, including the improved
> latency when pages are faulted in.
Not necessarily. Not all pages are currently zero'd on allocation so we're
trading sometimes zeroing a page at with always zeroing a page on freee. It
might look good on a benchmark that measures the fault cost and not the
free but it's not a universal win.
> For virtualisation there are two
> interfaces that would probably make more sense
>
> 1. 'This page is of no further interest, you may fault it back in
> as random data'
>
> 2. 'This page is discardable, if I touch it *and* you have
> discarded it then please serve me an exception, if you've not discarded
> it them give it me back"
>
> If I remember my 390 bits the S/390 goes further including the ability to
> say "if I think this page is in memory but in fact the hypervisor is
> going to page it off disc then throw me an exception so I can do clever
> things with the delay time"
>
I think it's also used to grant another VM the page while it's not in
use. Overall though, there are better ideas for shrinking VM memory usage
than zeroing everything and depending on KSM to detect it.
> > > - finally, it can reduce infoleaks, although this is hard to measure.
> > >
> > It obscures them.
>
> Actually not. If you are doing debug work you zero on free and check for
> mysterious non zeroing before reusing the page. Without that its a win in
> the sense it wipes material (but crypto does that anyway), but it
> replaces that with the risk of a zeroed page being scibbled upon by the
> kernel and leaking kernel scribbles into allocated user pages.
>
Ok, I see now that we just crash differently. Previously the zero
on allocation would prevent a leak. With this applied the __GFP_ZERO is
ignored and so different classes of bugs can be detected. Not necessarily
better but I accept my point was wrong.
--
Mel Gorman
SUSE Labs
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-05-19 13:56 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-14 14:19 Anisse Astier
2015-05-14 14:19 ` [PATCH v4 1/3] PM / Hibernate: prepare for SANITIZE_FREED_PAGES Anisse Astier
2015-05-16 0:28 ` Rafael J. Wysocki
2015-05-18 10:23 ` Anisse Astier
2015-05-19 23:46 ` Rafael J. Wysocki
2015-05-20 11:45 ` PaX Team
2015-05-20 12:07 ` Anisse Astier
2015-05-21 1:11 ` Rafael J. Wysocki
2015-05-20 11:57 ` Anisse Astier
2015-05-14 14:19 ` [PATCH v4 2/3] mm/page_alloc.c: add config option to sanitize freed pages Anisse Astier
2015-05-18 11:21 ` Pavel Machek
2015-05-18 12:41 ` Anisse Astier
2015-05-18 13:02 ` Pavel Machek
2015-05-18 13:04 ` Anisse Astier
2015-05-19 1:58 ` yalin wang
2015-05-20 12:27 ` Anisse Astier
2015-05-14 14:19 ` [PATCH v4 3/3] mm: Add debug code for SANITIZE_FREED_PAGES Anisse Astier
2015-05-19 12:46 ` [PATCH v4 0/3] Sanitizing freed pages Mel Gorman
2015-05-19 13:35 ` One Thousand Gnomes
2015-05-19 13:56 ` Mel Gorman [this message]
2015-05-19 20:59 ` PaX Team
2015-05-20 12:24 ` Anisse Astier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150519135604.GE2462@suse.de \
--to=mgorman@suse.de \
--cc=akpm@linux-foundation.org \
--cc=andi@firstfloor.org \
--cc=anisse@astier.eu \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=keescook@chromium.org \
--cc=kirill.shutemov@linux.intel.com \
--cc=len.brown@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-pm@vger.kernel.org \
--cc=pageexec@freemail.hu \
--cc=pavel@ucw.cz \
--cc=peterz@infradead.org \
--cc=rientjes@google.com \
--cc=rjw@rjwysocki.net \
--cc=spender@grsecurity.net \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox