From: Jason Baron <jbaron@redhat.com> To: Andrew Morton <akpm@linux-foundation.org> Cc: mcgrathr@google.com, avi@redhat.com, linux-kernel@vger.kernel.org, qemu-devel@nongnu.org Subject: Re: [PATCH 0/2] core dump: re-purpose VM_ALWAYSDUMP to user controlled VM_DONTDUMP Date: Wed, 7 Mar 2012 20:32:17 -0500 [thread overview] Message-ID: <20120308013217.GA2443@redhat.com> (raw) In-Reply-To: <20120307143028.5dc27570.akpm@linux-foundation.org> On Wed, Mar 07, 2012 at 02:30:28PM -0800, Andrew Morton wrote: > On Wed, 7 Mar 2012 12:00:46 -0500 > Jason Baron <jbaron@redhat.com> wrote: > > > Hi, > > > > The motivation for this change was that I was looking at a way for a qemu-kvm > > process, to exclude the guest memory from its core dump, which can be quite > > large. There are already a number of filter flags in > > /proc/<pid>/coredump_filter, however, these allow one to specify 'types' of > > kernel memory, not specific address ranges (which is needed in this case). > > > > Since there are no more vma flags available, the first patch eliminates the > > need for the 'VM_ALWAYSDUMP' flag. The flag is used internally by the kernel to > > mark vdso and vsyscall pages. However, it is simple enough to check if a vma > > covers a vdso or vsyscall page without the need for this flag. > > Gee, we ran out? > > That makes it pretty inevitable that we will grow the vma by four > bytes. Once we have done that, your always_dump_vma() trickery becomes > unneeded and undesirable, yes? If so, we may as well recognise reality > and grow the vma now. > We could. The reason I didn't propose increasing them was because I saw in the archives that there was resistance when this was tried before: http://lkml.indiana.edu/hypermail/linux/kernel/1111.1/02053.html Also, the current use of 'VM_ALWAYSDUMP' is for vdso and gate pages exclusively. That means that VM_ALWAYSDUMP flag is 0 the majority of the time, and thus it probably makes sense to re-purpose it, now that we are tight on flags. > > The second patch then replaces the 'VM_ALWAYSDUMP' flag with a new > > 'VM_DONTDUMP' flag, which can be set by userspace using new madvise flags: > > 'MADV_DONTDUMP', and unset via 'MADV_DUMP'. The core dump filters continue to > > work the same as before unless 'MADV_DONTDUMP' is set on the region. > > > > The qemu code which implements this features is at: > > http://people.redhat.com/~jbaron/qemu-dump/qemu-dump.patch > > > > In my testing the qemu core dump shrunk from 383MB -> 13MB with this patch. > > > > I also believe that the 'MADV_DONTDUMP' flag might be useful for security > > sensitive apps, which might want to select which areas are dumped. > > > > Is there any way for userspace to query the state of the flag? > A place for that might be /proc/<pid>/maps, but I don't think any of the other vm flags are exposed. Thanks, -Jason
WARNING: multiple messages have this Message-ID (diff)
From: Jason Baron <jbaron@redhat.com> To: Andrew Morton <akpm@linux-foundation.org> Cc: qemu-devel@nongnu.org, linux-kernel@vger.kernel.org, mcgrathr@google.com, avi@redhat.com Subject: Re: [Qemu-devel] [PATCH 0/2] core dump: re-purpose VM_ALWAYSDUMP to user controlled VM_DONTDUMP Date: Wed, 7 Mar 2012 20:32:17 -0500 [thread overview] Message-ID: <20120308013217.GA2443@redhat.com> (raw) In-Reply-To: <20120307143028.5dc27570.akpm@linux-foundation.org> On Wed, Mar 07, 2012 at 02:30:28PM -0800, Andrew Morton wrote: > On Wed, 7 Mar 2012 12:00:46 -0500 > Jason Baron <jbaron@redhat.com> wrote: > > > Hi, > > > > The motivation for this change was that I was looking at a way for a qemu-kvm > > process, to exclude the guest memory from its core dump, which can be quite > > large. There are already a number of filter flags in > > /proc/<pid>/coredump_filter, however, these allow one to specify 'types' of > > kernel memory, not specific address ranges (which is needed in this case). > > > > Since there are no more vma flags available, the first patch eliminates the > > need for the 'VM_ALWAYSDUMP' flag. The flag is used internally by the kernel to > > mark vdso and vsyscall pages. However, it is simple enough to check if a vma > > covers a vdso or vsyscall page without the need for this flag. > > Gee, we ran out? > > That makes it pretty inevitable that we will grow the vma by four > bytes. Once we have done that, your always_dump_vma() trickery becomes > unneeded and undesirable, yes? If so, we may as well recognise reality > and grow the vma now. > We could. The reason I didn't propose increasing them was because I saw in the archives that there was resistance when this was tried before: http://lkml.indiana.edu/hypermail/linux/kernel/1111.1/02053.html Also, the current use of 'VM_ALWAYSDUMP' is for vdso and gate pages exclusively. That means that VM_ALWAYSDUMP flag is 0 the majority of the time, and thus it probably makes sense to re-purpose it, now that we are tight on flags. > > The second patch then replaces the 'VM_ALWAYSDUMP' flag with a new > > 'VM_DONTDUMP' flag, which can be set by userspace using new madvise flags: > > 'MADV_DONTDUMP', and unset via 'MADV_DUMP'. The core dump filters continue to > > work the same as before unless 'MADV_DONTDUMP' is set on the region. > > > > The qemu code which implements this features is at: > > http://people.redhat.com/~jbaron/qemu-dump/qemu-dump.patch > > > > In my testing the qemu core dump shrunk from 383MB -> 13MB with this patch. > > > > I also believe that the 'MADV_DONTDUMP' flag might be useful for security > > sensitive apps, which might want to select which areas are dumped. > > > > Is there any way for userspace to query the state of the flag? > A place for that might be /proc/<pid>/maps, but I don't think any of the other vm flags are exposed. Thanks, -Jason
next prev parent reply other threads:[~2012-03-08 1:31 UTC|newest] Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top 2012-03-07 17:00 [PATCH 0/2] core dump: re-purpose VM_ALWAYSDUMP to user controlled VM_DONTDUMP Jason Baron 2012-03-07 17:00 ` [Qemu-devel] " Jason Baron 2012-03-07 17:00 ` [PATCH 1/2] core dump: drop VM_ALWAYSDUMP flag Jason Baron 2012-03-07 17:00 ` [Qemu-devel] " Jason Baron 2012-03-07 17:59 ` Roland McGrath 2012-03-07 17:59 ` [Qemu-devel] " Roland McGrath 2012-03-07 18:50 ` Jason Baron 2012-03-07 18:50 ` [Qemu-devel] " Jason Baron 2012-03-07 19:43 ` Roland McGrath 2012-03-07 19:43 ` [Qemu-devel] " Roland McGrath 2012-03-07 21:19 ` Jason Baron 2012-03-07 21:19 ` [Qemu-devel] " Jason Baron 2012-03-07 21:26 ` Chris Metcalf 2012-03-07 21:26 ` [Qemu-devel] " Chris Metcalf 2012-03-07 21:36 ` Jason Baron 2012-03-07 21:36 ` [Qemu-devel] " Jason Baron 2012-03-07 21:41 ` Roland McGrath 2012-03-07 21:41 ` [Qemu-devel] " Roland McGrath 2012-03-07 17:00 ` [PATCH 2/2] core dump: add a new VM_DONTDUMP flag Jason Baron 2012-03-07 17:00 ` [Qemu-devel] " Jason Baron 2012-03-07 22:30 ` [PATCH 0/2] core dump: re-purpose VM_ALWAYSDUMP to user controlled VM_DONTDUMP Andrew Morton 2012-03-07 22:30 ` [Qemu-devel] " Andrew Morton 2012-03-08 1:32 ` Jason Baron [this message] 2012-03-08 1:32 ` Jason Baron 2012-04-23 22:42 ` Michael Kerrisk 2012-04-23 22:42 ` Michael Kerrisk 2012-04-27 18:43 ` Jason Baron 2012-04-27 18:43 ` Jason Baron 2012-04-28 7:29 ` Michael Kerrisk (man-pages) 2012-04-28 7:29 ` Michael Kerrisk (man-pages)
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20120308013217.GA2443@redhat.com \ --to=jbaron@redhat.com \ --cc=akpm@linux-foundation.org \ --cc=avi@redhat.com \ --cc=linux-kernel@vger.kernel.org \ --cc=mcgrathr@google.com \ --cc=qemu-devel@nongnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.