From: Peter Collingbourne <pcc@google.com>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Kostya Kortchinsky <kostyak@google.com>, linux-mm@kvack.org
Subject: Re: [PATCH] mm: improve mprotect(R|W) efficiency on pages referenced once
Date: Tue, 29 Dec 2020 16:43:38 -0800 [thread overview]
Message-ID: <CAMn1gO5V4qbjc-HinfN0HsxGSFtkjJpe6H8UaUDyAi4XtMvm9w@mail.gmail.com> (raw)
In-Reply-To: <20201229112524.4a7b8525949c4a50e5c4ecb6@linux-foundation.org>
On Tue, Dec 29, 2020 at 11:25 AM Andrew Morton
<akpm@linux-foundation.org> wrote:
>
> On Mon, 28 Dec 2020 18:09:28 -0800 Peter Collingbourne <pcc@google.com> wrote:
>
> > On Wed, Dec 23, 2020 at 2:34 PM Andrew Morton <akpm@linux-foundation.org> wrote:
> > >
> > > On Fri, 11 Dec 2020 21:31:52 -0800 Peter Collingbourne <pcc@google.com> wrote:
> > >
> > > > In the Scudo memory allocator [1] we would like to be able to
> > > > detect use-after-free vulnerabilities involving large allocations
> > > > by issuing mprotect(PROT_NONE) on the memory region used for the
> > > > allocation when it is deallocated. Later on, after the memory
> > > > region has been "quarantined" for a sufficient period of time we
> > > > would like to be able to use it for another allocation by issuing
> > > > mprotect(PROT_READ|PROT_WRITE).
> > > >
> > > > Before this patch, after removing the write protection, any writes
> > > > to the memory region would result in page faults and entering
> > > > the copy-on-write code path, even in the usual case where the
> > > > pages are only referenced by a single PTE, harming performance
> > > > unnecessarily. Make it so that any pages in anonymous mappings that
> > > > are only referenced by a single PTE are immediately made writable
> > > > during the mprotect so that we can avoid the page faults.
> > > >
> > >
> > > I worry that some other application out there does a similar thing, but
> > > only expects to very sparsely write to the area. It will see a big increase
> > > in mprotect() latency.
> > >
> > > Would it be better to implement this as a separate operation, rather
> > > than unconditionally tying it into mprotect()? Say, a new madvise()
> > > operation?
> >
> > So the case that you're concerned about would be highlighted by this
> > program, correct?
> >
> > ...
> >
> > So it seems that even with a single page fault the new approach is faster.
> >
>
> Cool, thanks. Can you please roll this new info into the changelog and
> resend?
Sent a v2 with the new info added to the commit message.
Peter
prev parent reply other threads:[~2020-12-30 0:44 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-12 5:31 Peter Collingbourne
2020-12-23 22:34 ` Andrew Morton
2020-12-29 2:09 ` Peter Collingbourne
2020-12-29 19:25 ` Andrew Morton
2020-12-30 0:43 ` Peter Collingbourne [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMn1gO5V4qbjc-HinfN0HsxGSFtkjJpe6H8UaUDyAi4XtMvm9w@mail.gmail.com \
--to=pcc@google.com \
--cc=akpm@linux-foundation.org \
--cc=kostyak@google.com \
--cc=linux-mm@kvack.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox