From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: David Hildenbrand <david@redhat.com>,
linux-kernel@vger.kernel.org, patches@lists.linux.dev,
tglx@linutronix.de, linux-crypto@vger.kernel.org,
linux-api@vger.kernel.org, x86@kernel.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>,
Carlos O'Donell <carlos@redhat.com>,
Florian Weimer <fweimer@redhat.com>,
Arnd Bergmann <arnd@arndb.de>, Jann Horn <jannh@google.com>,
Christian Brauner <brauner@kernel.org>,
David Hildenbrand <dhildenb@redhat.com>,
linux-mm@kvack.org
Subject: Re: [PATCH v21 1/4] mm: add VM_DROPPABLE for designating always lazily freeable mappings
Date: Mon, 8 Jul 2024 03:59:46 +0200 [thread overview]
Message-ID: <ZotIEhO86_RRNOgy@zx2c4.com> (raw)
In-Reply-To: <CAHk-=wjs-9DVeoc430BDOv+dkpDkdVvkEsSJxNVZ+sO51H1dJA@mail.gmail.com>
Hi Linus,
On Sun, Jul 07, 2024 at 11:19:46AM -0700, Linus Torvalds wrote:
> (c) we could actually use the PROT_xyz bits, which we have a ton of
As I just wrote to David, I'll move this to PROT_xyz.
By the way, in addition to the PROT_SEM historical artifact, there's
also architecture specific ones like PROT_ADI on SPARC, PROT_SAO on
PowerPC, and PROT_BTI and PROT_MTE on arm64. So the MAP_ vs PROT_
distinction seems kind of blurred anyway.
> And we actually have had the "get signal on access" before: that's
> what VM_DONTCOPY is.
>
> And it was the *less* useful model, which is why we added
> VM_WIPEONCOPY, because that's the semantics people actually wanted.
>
> So I think the "signal on thrown out data access" is interesting, but
> not necessarily the *more* interesting case.
FYI, I looked into using VM_DONTCOPY/MADV_DONTFORK for my purposes,
because it could possibly make another problem easier, but I couldn't
figure out how to make it smoothly work.
Specifically, a program has a bunch of threads, and some of them have a
vgetrandom state in use, carved out of the same page. One of the threads
forks. In the VM_WIPEONFORK case, the fork child has to reclaim the
states that were in use by other threads at the time of the fork and
return them to the pool of available slices. In the VM_DONTCOPY case,
that's not necessary, which is kind of nice. But if the program forked
in the signal handler and then returned to an in progress vgetrandom
operation, now there's a signal that needs to be handled internally,
identified as belonging to the internal state areas, and not bubbled up
to other code. This seems difficult and fraught. It's far easier to just
have the memory be zeroed and have the code unconditionally check for
that at the same time it's doing other consistency checks.
So yea it just seems a lot more desirable to have the behavior be
zeroing rather than an asynchronous signal, because code can
straightforwardly deal with that inline.
Jason
next prev parent reply other threads:[~2024-07-08 1:59 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20240707002658.1917440-1-Jason@zx2c4.com>
2024-07-07 0:26 ` Jason A. Donenfeld
2024-07-07 7:42 ` David Hildenbrand
2024-07-07 18:19 ` Linus Torvalds
2024-07-07 18:52 ` David Hildenbrand
2024-07-07 19:22 ` Linus Torvalds
2024-07-07 21:01 ` David Hildenbrand
2024-07-08 0:08 ` Linus Torvalds
2024-07-08 8:11 ` David Hildenbrand
2024-07-08 8:23 ` David Hildenbrand
2024-07-08 13:57 ` Jason A. Donenfeld
2024-07-08 20:05 ` David Hildenbrand
2024-07-08 13:55 ` Jason A. Donenfeld
2024-07-08 14:40 ` Jason A. Donenfeld
2024-07-08 20:21 ` David Hildenbrand
2024-07-08 20:26 ` David Hildenbrand
2024-07-09 2:17 ` Jason A. Donenfeld
2024-07-10 3:05 ` David Hildenbrand
2024-07-10 3:34 ` Jason A. Donenfeld
2024-07-10 3:53 ` David Hildenbrand
2024-07-08 20:06 ` David Hildenbrand
2024-07-08 13:50 ` Jason A. Donenfeld
2024-07-08 1:59 ` Jason A. Donenfeld [this message]
2024-07-08 1:46 ` Jason A. Donenfeld
2024-07-08 20:24 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZotIEhO86_RRNOgy@zx2c4.com \
--to=jason@zx2c4.com \
--cc=adhemerval.zanella@linaro.org \
--cc=arnd@arndb.de \
--cc=brauner@kernel.org \
--cc=carlos@redhat.com \
--cc=david@redhat.com \
--cc=dhildenb@redhat.com \
--cc=fweimer@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=jannh@google.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=patches@lists.linux.dev \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox