From: Steven Sistare <steven.sistare@oracle.com>
To: Matthew Wilcox <willy@infradead.org>
Cc: Anthony Yznaga <anthony.yznaga@oracle.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-mm@kvack.org, linux-arch@vger.kernel.org,
mhocko@kernel.org, tglx@linutronix.de, mingo@redhat.com,
bp@alien8.de, x86@kernel.org, hpa@zytor.com,
viro@zeniv.linux.org.uk, akpm@linux-foundation.org,
arnd@arndb.de, ebiederm@xmission.com, keescook@chromium.org,
gerg@linux-m68k.org, ktkhai@virtuozzo.com,
christian.brauner@ubuntu.com, peterz@infradead.org,
esyr@redhat.com, jgg@ziepe.ca, christian@kellner.me,
areber@redhat.com, cyphar@cyphar.com
Subject: Re: [RFC PATCH 0/5] madvise MADV_DOEXEC
Date: Thu, 30 Jul 2020 14:27:21 -0400 [thread overview]
Message-ID: <ab7a25bf-3321-77c8-9bc3-28a223a14032@oracle.com> (raw)
In-Reply-To: <20200730174956.GK23808@casper.infradead.org>
On 7/30/2020 1:49 PM, Matthew Wilcox wrote:
> On Thu, Jul 30, 2020 at 01:35:51PM -0400, Steven Sistare wrote:
>> mshare + VA reservation is another possible solution.
>>
>> Or MADV_DOEXEC alone, which is ready now. I hope we can get back to reviewing that.
>
> We are. This is the part of the review process where we explore other
> solutions to the problem.
>
>>>> Also, we need to support updating legacy processes that already created anon segments.
>>>> We inject code that calls MADV_DOEXEC for such segments.
>>>
>>> Yes, I was assuming you'd inject code that called mshare().
>>
>> OK, mshare works on existing memory and builds a new vma.
>
> Actually, reparents an existing VMA, and reuses the existing page tables.
>
>>> Actually, since you're injecting code, why do you need the kernel to
>>> be involved? You can mmap the new executable and any libraries it depends
>>> upon, set up a new stack and jump to the main() entry point, all without
>>> calling exec(). I appreciate it'd be a fair amount of code, but it'd all
>>> be in userspace and you can probably steal / reuse code from ld.so (I'm
>>> not familiar with the details of how setting up an executable is done).
>>
>> Duplicating all the work that the kernel and loader do to exec a process would
>> be error prone, require ongoing maintenance, and be redundant. Better to define
>> a small kernel extension and leave exec to the kernel.
>
> Either this is a one-off kind of thing, in which case it doesn't need
> ongoing maintenance, or it's something with broad applicability, in
> which case it can live as its own userspace project. It could even
> start off life as part of qemu and then fork into its own project.
exec will be enhanced over time in the kernel. A separate user space implementation
would need to track that.
Reimplementing exec in userland would be a big gross mess. Not a good solution when
we have simple and concise ways of solving the problem.
> The idea of tagging an ELF executable to say "I can cope with having
> chunks of my address space provided to me by my executor" is ... odd.
I don't disagree. But it is useful. We already pass a block of data containing
environment variables and arguments from one process to the next. Preserving
additional segments is not a big leap from there.
- Steve
next prev parent reply other threads:[~2020-07-30 18:28 UTC|newest]
Thread overview: 115+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-27 17:11 [RFC PATCH 0/5] madvise MADV_DOEXEC Anthony Yznaga
2020-07-27 17:07 ` Eric W. Biederman
2020-07-27 17:07 ` Eric W. Biederman
2020-07-27 18:00 ` Steven Sistare
2020-07-28 13:40 ` Christian Brauner
2020-07-27 17:11 ` [RFC PATCH 1/5] elf: reintroduce using MAP_FIXED_NOREPLACE for elf executable mappings Anthony Yznaga
2020-07-27 17:11 ` [RFC PATCH 2/5] mm: do not assume only the stack vma exists in setup_arg_pages() Anthony Yznaga
2020-07-27 17:11 ` [RFC PATCH 3/5] mm: introduce VM_EXEC_KEEP Anthony Yznaga
2020-07-28 13:38 ` Eric W. Biederman
2020-07-28 13:38 ` Eric W. Biederman
2020-07-28 17:44 ` Anthony Yznaga
2020-07-29 13:52 ` Kirill A. Shutemov
2020-07-29 23:20 ` Anthony Yznaga
2020-07-27 17:11 ` [RFC PATCH 4/5] exec, elf: require opt-in for accepting preserved mem Anthony Yznaga
2020-07-27 17:11 ` [RFC PATCH 5/5] mm: introduce MADV_DOEXEC Anthony Yznaga
2020-07-28 13:22 ` Kirill Tkhai
2020-07-28 14:06 ` Steven Sistare
2020-07-28 11:34 ` [RFC PATCH 0/5] madvise MADV_DOEXEC Kirill Tkhai
2020-07-28 17:28 ` Anthony Yznaga
2020-07-28 14:23 ` Andy Lutomirski
2020-07-28 14:30 ` Steven Sistare
2020-07-30 15:22 ` Matthew Wilcox
2020-07-30 15:27 ` Christian Brauner
2020-07-30 15:34 ` Matthew Wilcox
2020-07-30 15:54 ` Christian Brauner
2020-07-31 9:12 ` Stefan Hajnoczi
2020-07-31 9:12 ` Stefan Hajnoczi
2020-07-30 15:59 ` Steven Sistare
2020-07-30 17:12 ` Matthew Wilcox
2020-07-30 17:35 ` Steven Sistare
2020-07-30 17:49 ` Matthew Wilcox
2020-07-30 18:27 ` Steven Sistare [this message]
2020-07-30 21:58 ` Eric W. Biederman
2020-07-30 21:58 ` Eric W. Biederman
2020-07-31 14:57 ` Steven Sistare
2020-07-31 15:27 ` Matthew Wilcox
2020-07-31 16:11 ` Steven Sistare
2020-07-31 16:56 ` Jason Gunthorpe
2020-07-31 17:15 ` Steven Sistare
2020-07-31 17:48 ` Jason Gunthorpe
2020-07-31 17:55 ` Steven Sistare
2020-08-03 8:32 ` David Laight
2020-08-03 8:32 ` David Laight
2020-07-31 17:23 ` Matthew Wilcox
2020-08-03 15:28 ` Eric W. Biederman
2020-08-03 15:28 ` Eric W. Biederman
2020-08-03 15:42 ` James Bottomley
2020-08-03 15:42 ` James Bottomley
2020-08-03 20:03 ` Steven Sistare
2020-08-04 8:44 ` David Laight
2020-08-04 8:44 ` David Laight
2020-08-04 11:13 ` Matthew Wilcox
2020-08-04 11:13 ` Matthew Wilcox
2020-08-03 19:29 ` Steven Sistare
2020-07-31 19:41 ` Steven Sistare
2021-07-08 9:52 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-07-08 9:52 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-07-08 12:48 ` Steven Sistare
2021-07-08 12:48 ` Steven Sistare
2021-07-12 1:05 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-07-12 1:05 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-07-12 1:30 ` Matthew Wilcox
2021-07-12 1:30 ` Matthew Wilcox
2021-07-13 0:57 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-07-13 0:57 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-08-13 19:49 ` Khalid Aziz
2021-08-13 19:49 ` Khalid Aziz
2021-08-14 20:07 ` David Laight
2021-08-14 20:07 ` David Laight
2021-08-16 0:26 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-08-16 0:26 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-08-16 8:07 ` David Laight
2021-08-16 8:07 ` David Laight
2021-08-16 6:54 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-08-16 6:54 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-08-16 8:02 ` David Hildenbrand
2021-08-16 8:02 ` David Hildenbrand
2021-08-16 12:07 ` Matthew Wilcox
2021-08-16 12:07 ` Matthew Wilcox
2021-08-16 12:20 ` David Hildenbrand
2021-08-16 12:20 ` David Hildenbrand
2021-08-16 12:42 ` David Hildenbrand
2021-08-16 12:42 ` David Hildenbrand
2021-08-16 12:46 ` Matthew Wilcox
2021-08-16 12:46 ` Matthew Wilcox
2021-08-16 13:24 ` David Hildenbrand
2021-08-16 13:24 ` David Hildenbrand
2021-08-16 13:32 ` Matthew Wilcox
2021-08-16 13:32 ` Matthew Wilcox
2021-08-16 14:10 ` David Hildenbrand
2021-08-16 14:10 ` David Hildenbrand
2021-08-16 14:27 ` Matthew Wilcox
2021-08-16 14:27 ` Matthew Wilcox
2021-08-16 14:33 ` David Hildenbrand
2021-08-16 14:33 ` David Hildenbrand
2021-08-16 14:40 ` Matthew Wilcox
2021-08-16 14:40 ` Matthew Wilcox
2021-08-16 15:01 ` David Hildenbrand
2021-08-16 15:01 ` David Hildenbrand
2021-08-16 15:59 ` Matthew Wilcox
2021-08-16 15:59 ` Matthew Wilcox
2021-08-16 16:06 ` Khalid Aziz
2021-08-16 16:06 ` Khalid Aziz
2021-08-16 16:15 ` Matthew Wilcox
2021-08-16 16:15 ` Matthew Wilcox
2021-08-16 16:13 ` David Hildenbrand
2021-08-16 16:13 ` David Hildenbrand
2021-08-16 12:27 ` [private] " David Hildenbrand
2021-08-16 12:27 ` David Hildenbrand
2021-08-16 12:30 ` David Hildenbrand
2021-08-16 12:30 ` David Hildenbrand
2021-08-17 0:47 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-08-17 0:47 ` Longpeng (Mike, Cloud Infrastructure Service Product Dept.)
2021-08-17 0:55 ` Matthew Wilcox
2021-08-17 0:55 ` Matthew Wilcox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ab7a25bf-3321-77c8-9bc3-28a223a14032@oracle.com \
--to=steven.sistare@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=anthony.yznaga@oracle.com \
--cc=areber@redhat.com \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=christian.brauner@ubuntu.com \
--cc=christian@kellner.me \
--cc=cyphar@cyphar.com \
--cc=ebiederm@xmission.com \
--cc=esyr@redhat.com \
--cc=gerg@linux-m68k.org \
--cc=hpa@zytor.com \
--cc=jgg@ziepe.ca \
--cc=keescook@chromium.org \
--cc=ktkhai@virtuozzo.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.