From: Linus Torvalds <torvalds@linux-foundation.org>
To: Dave Hansen <dave@linux.vnet.ibm.com>
Cc: Pekka Enberg <penberg@kernel.org>, Theodore Tso <tytso@mit.edu>,
Dan Rosenberg <drosenberg@vsecurity.com>,
Matt Mackall <mpm@selenic.com>,
cl@linux-foundation.org, linux-mm@kvack.org,
linux-kernel@vger.kernel.org, Ingo Molnar <mingo@elte.hu>,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] Make /proc/slabinfo 0400
Date: Fri, 4 Mar 2011 09:48:47 -0800 [thread overview]
Message-ID: <AANLkTim+XcYiiM9u8nT659FHaZO1RPDEtyAgFtiA8VOk@mail.gmail.com> (raw)
In-Reply-To: <1299260164.8493.4071.camel@nimitz>
On Fri, Mar 4, 2011 at 9:36 AM, Dave Hansen <dave@linux.vnet.ibm.com> wrote:
>
> We need to either keep the bad guys away from the counts (this patch),
> or de-correlate the counts moving around with the position of objects in
> the slab. Ted's suggestion is a good one, and the only other thing I
> can think of is to make the values useless, perhaps by batching and
> delaying the (exposed) counts by a random amount.
We might just decide to expose the 'active' count for regular users
(and then, in case there are tools there that parse this as normal
users, we could set the 'total' fields to be the same as the active
one, possibly rounded up to the slab allocation or something.
I know, I know, from a memory usage standpoint, 'active' is secondary,
but it still correlates fairly well, so it's still useful. And for
seeing memory leaks (as opposed to slab fragmentation etc issues),
it's actually the interesting case.
And at the same time, it's actually much less involved with actual
physical allocations than 'total' is, and thus much less of an attack
vector. The fact that we got another socket allocation when we opened
a new socket is not "useful" information for an attacker, not in the
way it is to see a hint of _where_ the socket got allocated.
Of course, as you say, '/proc/meminfo' still does give you the trigger
for "oh, now somebody actually allocated a new page". That's totally
independent of slabinfo, though (and knowing the number of active
slabs would neither help nor hurt somebody who uses meminfo - you
might as well allocate new sockets in a loop, and use _only_ meminfo
to see when that allocated a new page).
Linus
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2011-03-04 17:49 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-03 17:50 Dan Rosenberg
2011-03-03 18:17 ` Dave Hansen
2011-03-03 18:29 ` Dan Rosenberg
2011-03-03 20:58 ` Matt Mackall
2011-03-03 21:16 ` Dan Rosenberg
2011-03-03 21:44 ` Matt Mackall
2011-03-03 22:30 ` Dan Rosenberg
2011-03-03 23:08 ` Matt Mackall
2011-03-04 0:32 ` Dave Hansen
2011-03-04 0:50 ` Theodore Tso
2011-03-04 6:52 ` Pekka Enberg
2011-03-04 17:36 ` Dave Hansen
2011-03-04 17:48 ` Linus Torvalds [this message]
2011-03-04 18:14 ` Matt Mackall
2011-03-04 20:02 ` Pekka Enberg
2011-03-04 20:31 ` Matt Mackall
2011-03-04 20:42 ` Dan Rosenberg
2011-03-04 20:56 ` Pekka Enberg
2011-03-04 21:08 ` Dan Rosenberg
2011-03-04 21:30 ` Pekka Enberg
2011-03-04 21:44 ` Dan Rosenberg
2011-03-04 22:10 ` Pekka Enberg
2011-03-04 22:14 ` Pekka Enberg
2011-03-04 23:02 ` Matt Mackall
2011-03-05 16:25 ` Ted Ts'o
2011-03-06 13:19 ` Alan Cox
2011-03-07 14:56 ` Dan Rosenberg
2011-03-07 16:02 ` Matt Mackall
2011-03-04 20:37 ` Dan Rosenberg
2011-03-04 20:58 ` Pekka Enberg
2011-03-04 21:10 ` Dan Rosenberg
2011-03-06 0:42 ` Jesper Juhl
2011-03-06 0:57 ` Dan Rosenberg
2011-03-06 1:09 ` Matt Mackall
2011-03-06 1:15 ` Jesper Juhl
2011-03-07 16:40 ` Christoph Lameter
2011-03-04 21:12 ` Matt Mackall
2011-03-04 11:58 ` Alan Cox
2011-03-07 14:19 [PATCH] Make /proc/slabinfo 040 George Spelvin
2011-03-07 17:49 ` [PATCH] Make /proc/slabinfo 0400 George Spelvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AANLkTim+XcYiiM9u8nT659FHaZO1RPDEtyAgFtiA8VOk@mail.gmail.com \
--to=torvalds@linux-foundation.org \
--cc=akpm@linux-foundation.org \
--cc=cl@linux-foundation.org \
--cc=dave@linux.vnet.ibm.com \
--cc=drosenberg@vsecurity.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mingo@elte.hu \
--cc=mpm@selenic.com \
--cc=penberg@kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox