From: Till Smejkal <till.smejkal@googlemail.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Andy Lutomirski <luto@kernel.org>,
Till Smejkal <till.smejkal@googlemail.com>,
Richard Henderson <rth@twiddle.net>,
Ivan Kokshaysky <ink@jurassic.park.msu.ru>,
Matt Turner <mattst88@gmail.com>,
Vineet Gupta <vgupta@synopsys.com>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will.deacon@arm.com>,
Steven Miao <realmz6@gmail.com>,
Richard Kuo <rkuo@codeaurora.org>,
Tony Luck <tony.luck@intel.com>,
Fenghua Yu <fenghua.yu@intel.com>,
James Hogan <james.hogan@imgtec.com>,
Ralf Baechle <ralf@linux-mips.org>,
"James E.J. Bottomley" <jejb@parisc-linux.org>,
Helge Deller <deller@gmx.de>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
Michael Ellerman <mpe@ellerman.id.au>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Rich Felker <dalias@libc.org>,
"David S. Miller" <davem@davemloft.net>,
Chris Metcalf <cmetcalf@mellanox.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
X86 ML <x86@kernel.org>, Chris Zankel <chris@zankel.net>,
Max Filippov <jcmvbkbc@gmail.com>, Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Pawel Osciak <pawel@osciak.com>,
Marek Szyprowski <m.szyprowski@samsung.com>,
Kyungmin Park <kyungmin.park@samsung.com>,
David Woodhouse <dwmw2@infradead.org>,
Brian Norris <computersforpeace@gmail.com>,
Boris Brezillon <boris.brezillon@free-electrons.com>,
Marek Vasut <marek.vasut@gmail.com>,
Richard Weinberger <richard@nod.at>,
Cyrille Pitchen <cyrille.pitchen@atmel.com>,
Felipe Balbi <balbi@kernel.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Benjamin LaHaise <bcrl@kvack.org>,
Nadia Yvette Chambers <nyc@holomorphy.com>,
Jeff Layton <jlayton@poochiereds.net>,
"J. Bruce Fields" <bfields@fieldses.org>,
Peter Zijlstra <peterz@infradead.org>,
Hugh Dickins <hughd@google.com>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-alpha@vger.kernel.org,
arcml <linux-snps-arc@lists.infradead.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
adi-buildroot-devel@lists.sourceforge.net,
linux-hexagon@vger.kernel.org,
"linux-ia64@vger.kernel.org" <linux-ia64@vger.kernel.org>,
linux-metag@vger.kernel.org,
Linux MIPS Mailing List <linux-mips@linux-mips.org>,
linux-parisc@vger.kernel.org,
linuxppc-dev <linuxppc-dev@lists.ozlabs.org>,
"linux-s390@vger.kernel.org" <linux-s390@vger.kernel.org>,
"linux-sh@vger.kernel.org" <linux-sh@vger.kernel.org>,
sparclinux@vger.kernel.org, linux-xtensa@linux-xtensa.org,
Linux Media Mailing List <linux-media@vger.kernel.org>,
linux-mtd@lists.infradead.org,
USB list <linux-usb@vger.kernel.org>,
Linux FS Devel <linux-fsdevel@vger.kernel.org>,
linux-aio@kvack.org, "linux-mm@kvack.org" <linux-mm@kvack.org>,
Linux API <linux-api@vger.kernel.org>,
linux-arch <linux-arch@vger.kernel.org>,
ALSA development <alsa-devel@alsa-project.org>
Subject: Re: [RFC PATCH 00/13] Introduce first class virtual address spaces
Date: Wed, 15 Mar 2017 15:02:34 -0700 [thread overview]
Message-ID: <20170315220234.mooiyrzqdsglo4lp@arch-dev> (raw)
Message-ID: <20170315220234.vH5TczOeeDyfAXHaSlkCdY6BvjBk1wvODJZfpFFGyVU@z> (raw)
In-Reply-To: <CALCETrXfGgxaLivhci0VL=wUaWAnBiUXC47P7TUaEuOYV_-X_g@mail.gmail.com>
On Wed, 15 Mar 2017, Andy Lutomirski wrote:
> On Wed, Mar 15, 2017 at 12:44 PM, Till Smejkal
> <till.smejkal@googlemail.com> wrote:
> > On Wed, 15 Mar 2017, Andy Lutomirski wrote:
> >> > One advantage of VAS segments is that they can be globally queried by user programs
> >> > which means that VAS segments can be shared by applications that not necessarily have
> >> > to be related. If I am not mistaken, MAP_SHARED of pure in memory data will only work
> >> > if the tasks that share the memory region are related (aka. have a common parent that
> >> > initialized the shared mapping). Otherwise, the shared mapping have to be backed by a
> >> > file.
> >>
> >> What's wrong with memfd_create()?
> >>
> >> > VAS segments on the other side allow sharing of pure in memory data by
> >> > arbitrary related tasks without the need of a file. This becomes especially
> >> > interesting if one combines VAS segments with non-volatile memory since one can keep
> >> > data structures in the NVM and still be able to share them between multiple tasks.
> >>
> >> What's wrong with regular mmap?
> >
> > I never wanted to say that there is something wrong with regular mmap. We just
> > figured that with VAS segments you could remove the need to mmap your shared data but
> > instead can keep everything purely in memory.
>
> memfd does that.
Yes, that's right. Thanks for giving me the pointer to this. I should have researched
more carefully before starting to work at VAS segments.
> > VAS segments on the other side would provide a functionality to
> > achieve the same without the need of any mounted filesystem. However, I agree, that
> > this is just a small advantage compared to what can already be achieved with the
> > existing functionality provided by the Linux kernel.
>
> I see this "small advantage" as "resource leak and security problem".
I don't agree here. VAS segments are basically in-memory files that are handled by
the kernel directly without using a file system. Hence, if an application uses a VAS
segment to store data the same rules apply as if it uses a file. Everything that it
saves in the VAS segment might be accessible by other applications. An application
using VAS segments should be aware of this fact. In addition, the resources that are
represented by a VAS segment are not leaked. As I said, VAS segments are much like
files. Hence, if you don't want to use them any more, delete them. But as with files,
the kernel will not delete them for you (although something like this can be added).
> >> This sounds complicated and fragile. What happens if a heuristically
> >> shared region coincides with a region in the "first class address
> >> space" being selected?
> >
> > If such a conflict happens, the task cannot use the first class address space and the
> > corresponding system call will return an error. However, with the current available
> > virtual address space size that programs can use, such conflicts are probably rare.
>
> A bug that hits 1% of the time is often worse than one that hits 100%
> of the time because debugging it is miserable.
I don't agree that this is a bug at all. If there is a conflict in the memory layout
of the ASes the application simply cannot use this first class virtual address space.
Every application that wants to use first class virtual address spaces should check
for error return values and handle them.
This situation is similar to mapping a file at some special address in memory because
the file contains pointer based data structures and the application wants to use
them, but the kernel cannot map the file at this particular position in the
application's AS because there is already a different conflicting mapping. If an
application wants to do such things, it should also handle all the errors that can
occur.
Till
next prev parent reply other threads:[~2017-03-15 22:02 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-13 22:14 [RFC PATCH 00/13] Introduce first class virtual address spaces Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 01/13] mm: Add mm_struct argument to 'mmap_region' Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 02/13] mm: Add mm_struct argument to 'do_mmap' and 'do_mmap_pgoff' Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 03/13] mm: Rename 'unmap_region' and add mm_struct argument Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 04/13] mm: Add mm_struct argument to 'get_unmapped_area' and 'vm_unmapped_area' Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 05/13] mm: Add mm_struct argument to 'mm_populate' and '__mm_populate' Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 06/13] mm/mmap: Export 'vma_link' and 'find_vma_links' to mm subsystem Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 07/13] kernel/fork: Split and export 'mm_alloc' and 'mm_init' Till Smejkal
2017-03-14 10:18 ` David Laight
2017-03-14 10:18 ` David Laight
2017-03-14 16:18 ` Till Smejkal
2017-03-14 16:18 ` Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 08/13] kernel/fork: Define explicitly which mm_struct to duplicate during fork Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 09/13] mm/memory: Add function to one-to-one duplicate page ranges Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 10/13] mm: Introduce first class virtual address spaces Till Smejkal
2017-03-13 23:52 ` Greg Kroah-Hartman
2017-03-14 0:24 ` Till Smejkal
2017-03-14 1:35 ` Vineet Gupta
2017-03-14 1:35 ` Vineet Gupta
2017-03-14 2:34 ` Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 11/13] mm/vas: Introduce VAS segments - shareable address space regions Till Smejkal
2017-03-13 22:27 ` Matthew Wilcox
2017-03-13 22:45 ` Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 12/13] mm/vas: Add lazy-attach support for first class virtual address spaces Till Smejkal
2017-03-13 22:14 ` [RFC PATCH 13/13] fs/proc: Add procfs " Till Smejkal
2017-03-14 0:18 ` [RFC PATCH 00/13] Introduce " Richard Henderson
2017-03-14 0:39 ` Till Smejkal
2017-03-14 1:02 ` Richard Henderson
2017-03-14 1:31 ` Till Smejkal
2017-03-14 0:58 ` Andy Lutomirski
2017-03-14 0:58 ` Andy Lutomirski
2017-03-14 2:07 ` Till Smejkal
2017-03-14 2:07 ` Till Smejkal
2017-03-14 5:37 ` Andy Lutomirski
2017-03-14 5:37 ` Andy Lutomirski
2017-03-14 16:12 ` Till Smejkal
2017-03-14 16:12 ` Till Smejkal
2017-03-14 19:53 ` Chris Metcalf
2017-03-14 19:53 ` Chris Metcalf
2017-03-14 21:14 ` Till Smejkal
2017-03-14 21:14 ` Till Smejkal
2017-03-15 16:51 ` Andy Lutomirski
2017-03-15 16:51 ` Andy Lutomirski
2017-03-15 16:57 ` Matthew Wilcox
2017-03-15 16:57 ` Matthew Wilcox
2017-03-15 19:44 ` Till Smejkal
2017-03-15 19:44 ` Till Smejkal
2017-03-15 19:47 ` Rich Felker
2017-03-15 19:47 ` Rich Felker
2017-03-15 21:30 ` Till Smejkal
2017-03-15 21:30 ` Till Smejkal
2017-03-15 20:06 ` Andy Lutomirski
2017-03-15 20:06 ` Andy Lutomirski
2017-03-15 22:02 ` Till Smejkal [this message]
2017-03-15 22:02 ` Till Smejkal
2017-03-15 22:09 ` Luck, Tony
2017-03-15 22:09 ` Luck, Tony
2017-03-15 23:18 ` Till Smejkal
2017-03-15 23:18 ` Till Smejkal
2017-03-16 8:21 ` Thomas Gleixner
2017-03-16 8:21 ` Thomas Gleixner
2017-03-16 17:29 ` Till Smejkal
2017-03-16 17:29 ` Till Smejkal
2017-03-16 17:42 ` Thomas Gleixner
2017-03-16 17:42 ` Thomas Gleixner
2017-03-16 17:50 ` Till Smejkal
2017-03-16 17:50 ` Till Smejkal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170315220234.mooiyrzqdsglo4lp@arch-dev \
--to=till.smejkal@googlemail.com \
--cc=acme@kernel.org \
--cc=adi-buildroot-devel@lists.sourceforge.net \
--cc=alexander.shishkin@linux.intel.com \
--cc=alsa-devel@alsa-project.org \
--cc=arnd@arndb.de \
--cc=balbi@kernel.org \
--cc=bcrl@kvack.org \
--cc=benh@kernel.crashing.org \
--cc=bfields@fieldses.org \
--cc=boris.brezillon@free-electrons.com \
--cc=catalin.marinas@arm.com \
--cc=chris@zankel.net \
--cc=cmetcalf@mellanox.com \
--cc=computersforpeace@gmail.com \
--cc=cyrille.pitchen@atmel.com \
--cc=dalias@libc.org \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=dwmw2@infradead.org \
--cc=fenghua.yu@intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=heiko.carstens@de.ibm.com \
--cc=hpa@zytor.com \
--cc=hughd@google.com \
--cc=ink@jurassic.park.msu.ru \
--cc=james.hogan@imgtec.com \
--cc=jcmvbkbc@gmail.com \
--cc=jejb@parisc-linux.org \
--cc=jlayton@poochiereds.net \
--cc=kyungmin.park@samsung.com \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-aio@kvack.org \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hexagon@vger.kernel.org \
--cc=linux-ia64@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-metag@vger.kernel.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-mm@kvack.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux-snps-arc@lists.infradead.org \
--cc=linux-usb@vger.kernel.org \
--cc=linux-xtensa@linux-xtensa.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=marek.vasut@gmail.com \
--cc=mattst88@gmail.com \
--cc=mchehab@kernel.org \
--cc=mingo@redhat.com \
--cc=mpe@ellerman.id.au \
--cc=nyc@holomorphy.com \
--cc=paulus@samba.org \
--cc=pawel@osciak.com \
--cc=perex@perex.cz \
--cc=peterz@infradead.org \
--cc=ralf@linux-mips.org \
--cc=realmz6@gmail.com \
--cc=richard@nod.at \
--cc=rkuo@codeaurora.org \
--cc=rth@twiddle.net \
--cc=schwidefsky@de.ibm.com \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=tiwai@suse.com \
--cc=tony.luck@intel.com \
--cc=vgupta@synopsys.com \
--cc=viro@zeniv.linux.org.uk \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).