From: Andrea Arcangeli <aarcange@redhat.com>
To: Jonathan Corbet <corbet@lwn.net>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Mel Gorman <mel@csn.ul.ie>,
Christoph Lameter <cl@linux-foundation.org>,
Adam Litke <agl@us.ibm.com>, Avi Kivity <avi@redhat.com>,
David Rientjes <rientjes@google.com>,
Minchan Kim <minchan.kim@gmail.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Rik van Riel <riel@redhat.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: [PATCH 07/11] Memory compaction core
Date: Wed, 24 Mar 2010 23:06:24 +0100 [thread overview]
Message-ID: <20100324220624.GN10659@random.random> (raw)
In-Reply-To: <20100324155423.68c3d5b6@bike.lwn.net>
On Wed, Mar 24, 2010 at 03:54:23PM -0600, Jonathan Corbet wrote:
> Ah, but that's the point: these NULL pointer dereferences were not DoS
> vulnerabilities - they were full privilege-escalation affairs. Since
> then, some problems have been fixed and some distributors have started
> shipping smarter configurations. But, on quite a few systems a NULL
> dereference still has the potential to be fully exploitable; if there's
> a possibility of it happening I think we should test for it. A DoS is
> a much better outcome...
You're pointing the finger at lack of VM_BUG_ON but the finger should
be pointed in the code that shall enforce mmap_min_addr. That is the
exploitable bug. I can't imagine any other ways VM_BUG_ON could help
in preventing an exploit. Let's concentrate on mmap_min_addr and leave
the code fast.
If it's a small structure (<4096 bytes) we're talking about, I stand
that VM_BUG_ON() is just pure CPU overhead.
I do agree however for structures that may grow larger than 4096 bytes
VM_BUG_ON isn't bad idea, and furthermore I think it's wrong to keep
the min address at only 4096 bytes, it shall be like 100M or
something. Then all of them can go away. That is way more effective
than having to remember to add VM_BUG_ON(!null) when cpu can do it
zero cost.
WARNING: multiple messages have this Message-ID (diff)
From: Andrea Arcangeli <aarcange@redhat.com>
To: Jonathan Corbet <corbet@lwn.net>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Mel Gorman <mel@csn.ul.ie>,
Christoph Lameter <cl@linux-foundation.org>,
Adam Litke <agl@us.ibm.com>, Avi Kivity <avi@redhat.com>,
David Rientjes <rientjes@google.com>,
Minchan Kim <minchan.kim@gmail.com>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Rik van Riel <riel@redhat.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org
Subject: Re: [PATCH 07/11] Memory compaction core
Date: Wed, 24 Mar 2010 23:06:24 +0100 [thread overview]
Message-ID: <20100324220624.GN10659@random.random> (raw)
In-Reply-To: <20100324155423.68c3d5b6@bike.lwn.net>
On Wed, Mar 24, 2010 at 03:54:23PM -0600, Jonathan Corbet wrote:
> Ah, but that's the point: these NULL pointer dereferences were not DoS
> vulnerabilities - they were full privilege-escalation affairs. Since
> then, some problems have been fixed and some distributors have started
> shipping smarter configurations. But, on quite a few systems a NULL
> dereference still has the potential to be fully exploitable; if there's
> a possibility of it happening I think we should test for it. A DoS is
> a much better outcome...
You're pointing the finger at lack of VM_BUG_ON but the finger should
be pointed in the code that shall enforce mmap_min_addr. That is the
exploitable bug. I can't imagine any other ways VM_BUG_ON could help
in preventing an exploit. Let's concentrate on mmap_min_addr and leave
the code fast.
If it's a small structure (<4096 bytes) we're talking about, I stand
that VM_BUG_ON() is just pure CPU overhead.
I do agree however for structures that may grow larger than 4096 bytes
VM_BUG_ON isn't bad idea, and furthermore I think it's wrong to keep
the min address at only 4096 bytes, it shall be like 100M or
something. Then all of them can go away. That is way more effective
than having to remember to add VM_BUG_ON(!null) when cpu can do it
zero cost.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2010-03-24 22:07 UTC|newest]
Thread overview: 170+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-23 12:25 [PATCH 0/11] Memory Compaction v5 Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 12:25 ` [PATCH 01/11] mm,migration: Take a reference to the anon_vma before migrating Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 12:25 ` [PATCH 02/11] mm,migration: Do not try to migrate unmapped anonymous pages Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 17:22 ` Christoph Lameter
2010-03-23 17:22 ` Christoph Lameter
2010-03-23 18:04 ` Mel Gorman
2010-03-23 18:04 ` Mel Gorman
2010-03-23 12:25 ` [PATCH 03/11] mm: Share the anon_vma ref counts between KSM and page migration Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 17:25 ` Christoph Lameter
2010-03-23 17:25 ` Christoph Lameter
2010-03-23 23:55 ` KAMEZAWA Hiroyuki
2010-03-23 23:55 ` KAMEZAWA Hiroyuki
2010-03-23 12:25 ` [PATCH 04/11] Allow CONFIG_MIGRATION to be set without CONFIG_NUMA or memory hot-remove Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 12:25 ` [PATCH 05/11] Export unusable free space index via /proc/unusable_index Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 17:31 ` Christoph Lameter
2010-03-23 17:31 ` Christoph Lameter
2010-03-23 18:14 ` Mel Gorman
2010-03-23 18:14 ` Mel Gorman
2010-03-24 0:03 ` KAMEZAWA Hiroyuki
2010-03-24 0:03 ` KAMEZAWA Hiroyuki
2010-03-24 0:16 ` Minchan Kim
2010-03-24 0:16 ` Minchan Kim
2010-03-24 0:13 ` KAMEZAWA Hiroyuki
2010-03-24 0:13 ` KAMEZAWA Hiroyuki
2010-03-24 10:25 ` Mel Gorman
2010-03-24 10:25 ` Mel Gorman
2010-03-23 12:25 ` [PATCH 06/11] Export fragmentation index via /proc/extfrag_index Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 17:37 ` Christoph Lameter
2010-03-23 17:37 ` Christoph Lameter
2010-03-23 12:25 ` [PATCH 07/11] Memory compaction core Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 17:56 ` Christoph Lameter
2010-03-23 17:56 ` Christoph Lameter
2010-03-23 18:15 ` Mel Gorman
2010-03-23 18:15 ` Mel Gorman
2010-03-23 18:33 ` Christoph Lameter
2010-03-23 18:33 ` Christoph Lameter
2010-03-23 18:58 ` Mel Gorman
2010-03-23 18:58 ` Mel Gorman
2010-03-23 19:20 ` Christoph Lameter
2010-03-23 19:20 ` Christoph Lameter
2010-03-24 1:03 ` KAMEZAWA Hiroyuki
2010-03-24 1:03 ` KAMEZAWA Hiroyuki
2010-03-24 1:47 ` Minchan Kim
2010-03-24 1:47 ` Minchan Kim
2010-03-24 1:53 ` KAMEZAWA Hiroyuki
2010-03-24 1:53 ` KAMEZAWA Hiroyuki
2010-03-24 2:10 ` Minchan Kim
2010-03-24 2:10 ` Minchan Kim
2010-03-24 10:57 ` Mel Gorman
2010-03-24 10:57 ` Mel Gorman
2010-03-24 20:33 ` Andrew Morton
2010-03-24 20:33 ` Andrew Morton
2010-03-24 20:59 ` Jonathan Corbet
2010-03-24 20:59 ` Jonathan Corbet
2010-03-24 21:14 ` Andrew Morton
2010-03-24 21:14 ` Andrew Morton
2010-03-24 21:19 ` Christoph Lameter
2010-03-24 21:19 ` Christoph Lameter
2010-03-24 21:19 ` Andrea Arcangeli
2010-03-24 21:19 ` Andrea Arcangeli
2010-03-24 21:28 ` Jonathan Corbet
2010-03-24 21:28 ` Jonathan Corbet
2010-03-24 21:47 ` Andrea Arcangeli
2010-03-24 21:47 ` Andrea Arcangeli
2010-03-24 21:54 ` Jonathan Corbet
2010-03-24 21:54 ` Jonathan Corbet
2010-03-24 22:06 ` Andrea Arcangeli [this message]
2010-03-24 22:06 ` Andrea Arcangeli
2010-03-24 21:57 ` Andrea Arcangeli
2010-03-24 21:57 ` Andrea Arcangeli
2010-03-25 9:13 ` Mel Gorman
2010-03-25 9:13 ` Mel Gorman
2010-03-23 12:25 ` [PATCH 08/11] Add /proc trigger for memory compaction Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 18:25 ` Christoph Lameter
2010-03-23 18:25 ` Christoph Lameter
2010-03-23 18:32 ` Mel Gorman
2010-03-23 18:32 ` Mel Gorman
2010-03-24 20:33 ` Andrew Morton
2010-03-24 20:33 ` Andrew Morton
2010-03-26 10:46 ` Mel Gorman
2010-03-26 10:46 ` Mel Gorman
2010-03-23 12:25 ` [PATCH 09/11] Add /sys trigger for per-node " Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 18:27 ` Christoph Lameter
2010-03-23 18:27 ` Christoph Lameter
2010-03-23 22:45 ` Minchan Kim
2010-03-23 22:45 ` Minchan Kim
2010-03-24 0:19 ` KAMEZAWA Hiroyuki
2010-03-24 0:19 ` KAMEZAWA Hiroyuki
2010-03-23 12:25 ` [PATCH 10/11] Direct compact when a high-order allocation fails Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 23:10 ` Minchan Kim
2010-03-23 23:10 ` Minchan Kim
2010-03-24 11:11 ` Mel Gorman
2010-03-24 11:11 ` Mel Gorman
2010-03-24 11:59 ` Minchan Kim
2010-03-24 11:59 ` Minchan Kim
2010-03-24 12:06 ` Minchan Kim
2010-03-24 12:06 ` Minchan Kim
2010-03-24 12:10 ` Mel Gorman
2010-03-24 12:10 ` Mel Gorman
2010-03-24 12:09 ` Mel Gorman
2010-03-24 12:09 ` Mel Gorman
2010-03-24 12:25 ` Minchan Kim
2010-03-24 12:25 ` Minchan Kim
2010-03-24 1:19 ` KAMEZAWA Hiroyuki
2010-03-24 1:19 ` KAMEZAWA Hiroyuki
2010-03-24 11:40 ` Mel Gorman
2010-03-24 11:40 ` Mel Gorman
2010-03-25 0:30 ` KAMEZAWA Hiroyuki
2010-03-25 0:30 ` KAMEZAWA Hiroyuki
2010-03-25 9:48 ` Mel Gorman
2010-03-25 9:48 ` Mel Gorman
2010-03-25 9:50 ` KAMEZAWA Hiroyuki
2010-03-25 9:50 ` KAMEZAWA Hiroyuki
2010-03-25 10:16 ` Mel Gorman
2010-03-25 10:16 ` Mel Gorman
2010-03-26 1:03 ` KAMEZAWA Hiroyuki
2010-03-26 1:03 ` KAMEZAWA Hiroyuki
2010-03-26 9:40 ` Mel Gorman
2010-03-26 9:40 ` Mel Gorman
2010-03-24 20:48 ` Andrew Morton
2010-03-24 20:48 ` Andrew Morton
2010-03-25 0:57 ` KAMEZAWA Hiroyuki
2010-03-25 0:57 ` KAMEZAWA Hiroyuki
2010-03-25 10:21 ` Mel Gorman
2010-03-25 10:21 ` Mel Gorman
2010-03-23 12:25 ` [PATCH 11/11] Do not compact within a preferred zone after a compaction failure Mel Gorman
2010-03-23 12:25 ` Mel Gorman
2010-03-23 18:31 ` Christoph Lameter
2010-03-23 18:31 ` Christoph Lameter
2010-03-23 18:39 ` Mel Gorman
2010-03-23 18:39 ` Mel Gorman
2010-03-23 19:27 ` Christoph Lameter
2010-03-23 19:27 ` Christoph Lameter
2010-03-24 10:37 ` Mel Gorman
2010-03-24 10:37 ` Mel Gorman
2010-03-24 19:54 ` Christoph Lameter
2010-03-24 19:54 ` Christoph Lameter
2010-03-24 20:53 ` Andrew Morton
2010-03-24 20:53 ` Andrew Morton
2010-03-25 9:40 ` Mel Gorman
2010-03-25 9:40 ` Mel Gorman
-- strict thread matches above, loose matches on Subject: below --
2010-03-12 16:41 [PATCH 0/11] Memory Compaction v4 Mel Gorman
2010-03-12 16:41 ` [PATCH 07/11] Memory compaction core Mel Gorman
2010-03-12 16:41 ` Mel Gorman
2010-03-15 13:44 ` Minchan Kim
2010-03-15 13:44 ` Minchan Kim
2010-03-15 14:41 ` Mel Gorman
2010-03-15 14:41 ` Mel Gorman
2010-03-17 10:31 ` KOSAKI Motohiro
2010-03-17 10:31 ` KOSAKI Motohiro
2010-03-17 11:40 ` Mel Gorman
2010-03-17 11:40 ` Mel Gorman
2010-03-18 2:35 ` KOSAKI Motohiro
2010-03-18 2:35 ` KOSAKI Motohiro
2010-03-18 11:43 ` Mel Gorman
2010-03-18 11:43 ` Mel Gorman
2010-03-19 6:21 ` KOSAKI Motohiro
2010-03-19 6:21 ` KOSAKI Motohiro
2010-03-18 17:08 ` Mel Gorman
2010-03-18 17:08 ` Mel Gorman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100324220624.GN10659@random.random \
--to=aarcange@redhat.com \
--cc=agl@us.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=avi@redhat.com \
--cc=cl@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mel@csn.ul.ie \
--cc=minchan.kim@gmail.com \
--cc=riel@redhat.com \
--cc=rientjes@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.