From: "Colm MacCárthaigh" <colm@allcosts.net>
To: Michal Hocko <mhocko@kernel.org>
Cc: Florian Weimer <fweimer@redhat.com>,
Kees Cook <keescook@chromium.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Rik van Riel <riel@redhat.com>, Will Drewry <wad@chromium.org>,
akpm@linux-foundation.org, dave.hansen@intel.com,
kirill@shutemov.name, linux-api@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
luto@amacapital.net, mingo@kernel.org
Subject: Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK
Date: Fri, 11 Aug 2017 00:09:57 +0200 [thread overview]
Message-ID: <CAAF6GDdFjS612mx1TXzaVk1J-Afz9wsAywTEijO2TG4idxabiw@mail.gmail.com> (raw)
In-Reply-To: <20170810170144.GA987@dhcp22.suse.cz>
On Thu, Aug 10, 2017 at 7:01 PM, Michal Hocko <mhocko@kernel.org> wrote:
> Does anybody actually do that using the minherit BSD interface?
I can't find any OSS examples. I just thought of it in response to
your question, but now that I have, I do want to use it that way in
privsep code.
As a mere user, fwiw it would make /my/ code less complex (in
Kolmogorov terms) to be an madvise option. Here's what that would look
like in user space:
mmap()
#if MAP_INHERIT_ZERO
minherit() || pthread_atfork(workaround_fptr);
#elif MADVISE_WIPEONFORK
madvise() || pthread_atfork(workaround_fptr);
#else
pthread_atfork(workaround_fptr);
#endif
Vs:
#if MAP_WIPEONFORK
mmap( ... WIPEONFORK) || pthread_atfork(workaround_fptr);
#else
mmap()
#endif
#if MAP_INHERIT_ZERO
madvise() || pthread_atfork(workaround_fptr);
#endif
#if !defined(MAP_WIPEONFORK) && !defined(MAP_INHERIT_ZERO)
pthread_atfork(workaround_fptr);
#endif
The former is neater, and also a lot easier to stay structured if the
code is separated across different functional units. Allocation is
often handled in special functions.
For me, madvise() is the principle of least surprise, following
existing DONTDUMP semantics.
--
Colm
next prev parent reply other threads:[~2017-08-10 22:10 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-06 14:04 [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK riel
2017-08-06 14:04 ` [PATCH 1/2] x86,mpx: make mpx depend on x86-64 to free up VMA flag riel
2017-08-06 14:04 ` [PATCH 2/2] mm,fork: introduce MADV_WIPEONFORK riel
2017-08-10 15:23 ` Michal Hocko
2017-08-11 15:23 ` Rik van Riel
2017-08-11 16:36 ` Mike Kravetz
2017-08-11 16:59 ` Rik van Riel
2017-08-11 17:07 ` Mike Kravetz
2017-08-07 13:22 ` [PATCH v2 0/2] mm,fork,security: " Michal Hocko
2017-08-07 13:46 ` Michal Hocko
2017-08-07 14:19 ` Florian Weimer
2017-08-10 13:06 ` Michal Hocko
2017-08-07 14:59 ` Rik van Riel
2017-08-09 9:59 ` Kirill A. Shutemov
2017-08-09 12:31 ` Rik van Riel
2017-08-09 12:42 ` Florian Weimer
2017-08-10 13:05 ` Michal Hocko
2017-08-10 13:23 ` Colm MacCárthaigh
2017-08-10 15:36 ` Michal Hocko
[not found] ` <CAAF6GDeno6RpHf1KORVSxUL7M-CQfbWFFdyKK8LAWd_6PcJ55Q@mail.gmail.com>
2017-08-10 17:01 ` Michal Hocko
2017-08-10 22:09 ` Colm MacCárthaigh [this message]
2017-08-11 14:06 ` Michal Hocko
2017-08-11 14:11 ` Florian Weimer
2017-08-11 14:24 ` Michal Hocko
2017-08-11 15:24 ` Florian Weimer
2017-08-11 15:31 ` Michal Hocko
[not found] ` <CAAF6GDcNoDUaDSxV6N12A_bOzo8phRUX5b8-OBteuN0AmeCv0g@mail.gmail.com>
2017-08-07 16:02 ` Colm MacCárthaigh
2017-08-10 13:21 ` Michal Hocko
2017-08-10 14:11 ` Michal Hocko
2017-08-07 18:23 ` Mike Kravetz
2017-08-08 9:58 ` Florian Weimer
2017-08-08 13:15 ` Rik van Riel
2017-08-08 15:19 ` Mike Kravetz
2017-08-08 15:22 ` Florian Weimer
2017-08-08 15:46 ` Rik van Riel
2017-08-08 16:48 ` Colm MacCárthaigh
2017-08-08 16:52 ` Matthew Wilcox
2017-08-08 18:45 ` Rik van Riel
2017-08-10 15:31 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAAF6GDdFjS612mx1TXzaVk1J-Afz9wsAywTEijO2TG4idxabiw@mail.gmail.com \
--to=colm@allcosts.net \
--cc=akpm@linux-foundation.org \
--cc=dave.hansen@intel.com \
--cc=fweimer@redhat.com \
--cc=keescook@chromium.org \
--cc=kirill@shutemov.name \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=mhocko@kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=mingo@kernel.org \
--cc=riel@redhat.com \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).