linux-pm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Colm MacCárthaigh" <colmmacc@amazon.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: "Catangiu, Adrian Costin" <acatan@amazon.com>,
	<linux-mm@kvack.org>, <linux-pm@vger.kernel.org>,
	<virtualization@lists.linux-foundation.org>,
	<linux-api@vger.kernel.org>, <akpm@linux-foundation.org>,
	<rjw@rjwysocki.net>, <len.brown@intel.com>, <pavel@ucw.cz>,
	<fweimer@redhat.com>, <keescook@chromium.org>,
	<luto@amacapital.net>, <wad@chromium.org>, <mingo@kernel.org>,
	<bonzini@gnu.org>, "Graf (AWS), Alexander" <graf@amazon.de>,
	"Singh, Balbir" <sblbir@amazon.com>,
	"Sandu, Andrei" <sandreim@amazon.com>,
	"Brooker, Marc" <mbrooker@amazon.com>,
	"Weiss, Radu" <raduweis@amazon.com>,
	"Manwaring, Derek" <derekmn@amazon.com>
Subject: Re: [RFC]: mm,power: introduce MADV_WIPEONSUSPEND
Date: Fri, 3 Jul 2020 18:45:06 -0700	[thread overview]
Message-ID: <BC9E44B2-D3C2-43C7-8F4B-A31477147368@amazon.com> (raw)
In-Reply-To: <20200703113026.GT18446@dhcp22.suse.cz>



On 3 Jul 2020, at 4:30, Michal Hocko wrote:

> On Fri 03-07-20 10:34:09, Catangiu, Adrian Costin wrote:
>> This patch adds logic to the kernel power code to zero out contents 
>> of
>> all MADV_WIPEONSUSPEND VMAs present in the system during its 
>> transition
>> to any suspend state equal or greater/deeper than Suspend-to-memory,
>> known as S3.
>
> How does the application learn that its memory got wiped? S2disk is an
> async operation and it can happen at any time during the task 
> execution.
> So how does the application work to prevent from corrupted state - 
> e.g.
> when suspended between two memory loads?

The usual trick when using MADV_WIPEONFORK, or BSD’s MAP_INHERIT_ZERO, 
is to store a guard variable in the page and to check the variable any 
time that random data is generated.

Here’s an example of Google’s OpenSSL fork BoringSSL:

https://boringssl.googlesource.com/boringssl/+/ad5582985cc6b89d0e7caf0d9cc7e301de61cf66/crypto/fipsmodule/rand/fork_detect.c

Checking a guard variable for non-zero status will always happen 
atomically and monotonically (it won’t suddenly flip back) … which 
is all that’s needed in this case. If userspace applications need to 
build a larger critical section around they can use regular concurrency 
controls, but it really doesn’t come up in this context. With 
WIPEONSUSPEND support in a kernel, I expect to add another madvise() 
call on the existing page. The manyworldsdetector micro-library is an 
example:


https://github.com/colmmacc/manyworldsdetector/blob/master/src/mwd.c

It’d be a new block in the style of lines 43-48.

-
Colm

  parent reply	other threads:[~2020-07-04  1:45 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-07-03 10:34 [RFC]: mm,power: introduce MADV_WIPEONSUSPEND Catangiu, Adrian Costin
2020-07-03 11:04 ` Jann Horn
2020-07-04  1:33   ` Colm MacCárthaigh
2020-07-06 12:09   ` Alexander Graf
2020-07-03 11:30 ` Michal Hocko
2020-07-03 12:17   ` Rafael J. Wysocki
2020-07-03 22:39     ` Pavel Machek
2020-07-03 13:29   ` Jann Horn
2020-07-03 22:34     ` Pavel Machek
2020-07-03 22:53       ` Jann Horn
2020-07-07  7:38     ` Michal Hocko
2020-07-07  8:07       ` Pavel Machek
2020-07-07  8:58         ` Michal Hocko
2020-07-07 16:37           ` Pavel Machek
     [not found]             ` <E6B41570-E206-4458-921B-465B9EF74949@amazon.com>
2020-07-12  7:22               ` Pavel Machek
2020-07-13  8:02                 ` Michal Hocko
2020-07-04  1:45   ` Colm MacCárthaigh [this message]
2020-07-07  7:40     ` Michal Hocko
2020-07-03 22:44 ` Pavel Machek
2020-07-03 22:56   ` Jann Horn
2020-07-04 11:48     ` Pavel Machek
2020-07-06 12:26       ` Alexander Graf
2020-07-06 12:52         ` Jann Horn
2020-07-06 13:14           ` Alexander Graf
2020-07-07  7:44           ` Michal Hocko
2020-07-07  8:01             ` Alexander Graf
2020-07-07  9:14               ` Michal Hocko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BC9E44B2-D3C2-43C7-8F4B-A31477147368@amazon.com \
    --to=colmmacc@amazon.com \
    --cc=acatan@amazon.com \
    --cc=akpm@linux-foundation.org \
    --cc=bonzini@gnu.org \
    --cc=derekmn@amazon.com \
    --cc=fweimer@redhat.com \
    --cc=graf@amazon.de \
    --cc=keescook@chromium.org \
    --cc=len.brown@intel.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mbrooker@amazon.com \
    --cc=mhocko@kernel.org \
    --cc=mingo@kernel.org \
    --cc=pavel@ucw.cz \
    --cc=raduweis@amazon.com \
    --cc=rjw@rjwysocki.net \
    --cc=sandreim@amazon.com \
    --cc=sblbir@amazon.com \
    --cc=virtualization@lists.linux-foundation.org \
    --cc=wad@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).