linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Colm MacCárthaigh" <colm@allcosts.net>
To: Michal Hocko <mhocko@kernel.org>
Cc: Florian Weimer <fweimer@redhat.com>,
	Kees Cook <keescook@chromium.org>,
	Mike Kravetz <mike.kravetz@oracle.com>,
	Rik van Riel <riel@redhat.com>, Will Drewry <wad@chromium.org>,
	akpm@linux-foundation.org, dave.hansen@intel.com,
	kirill@shutemov.name, linux-api@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-mm@kvack.org,
	luto@amacapital.net, mingo@kernel.org
Subject: Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK
Date: Fri, 11 Aug 2017 00:09:57 +0200	[thread overview]
Message-ID: <CAAF6GDdFjS612mx1TXzaVk1J-Afz9wsAywTEijO2TG4idxabiw@mail.gmail.com> (raw)
In-Reply-To: <20170810170144.GA987@dhcp22.suse.cz>

On Thu, Aug 10, 2017 at 7:01 PM, Michal Hocko <mhocko@kernel.org> wrote:
> Does anybody actually do that using the minherit BSD interface?

I can't find any OSS examples. I just thought of it in response to
your question, but now that I have, I do want to use it that way in
privsep code.

As a mere user, fwiw it would make /my/ code less complex (in
Kolmogorov terms) to be an madvise option. Here's what that would look
like in user space:

mmap()

#if MAP_INHERIT_ZERO
    minherit() || pthread_atfork(workaround_fptr);
#elif MADVISE_WIPEONFORK
    madvise() || pthread_atfork(workaround_fptr);
#else
    pthread_atfork(workaround_fptr);
#endif

Vs:

#if MAP_WIPEONFORK
    mmap( ... WIPEONFORK) || pthread_atfork(workaround_fptr);
#else
    mmap()
#endif

#if MAP_INHERIT_ZERO
    madvise() || pthread_atfork(workaround_fptr);
#endif

#if !defined(MAP_WIPEONFORK) && !defined(MAP_INHERIT_ZERO)
    pthread_atfork(workaround_fptr);
#endif

The former is neater, and also a lot easier to stay structured if the
code is separated across different functional units. Allocation is
often handled in special functions.

For me, madvise() is the principle of least surprise, following
existing DONTDUMP semantics.

-- 
Colm

  reply	other threads:[~2017-08-10 22:10 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-06 14:04 [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK riel
2017-08-06 14:04 ` [PATCH 1/2] x86,mpx: make mpx depend on x86-64 to free up VMA flag riel
2017-08-06 14:04 ` [PATCH 2/2] mm,fork: introduce MADV_WIPEONFORK riel
2017-08-10 15:23   ` Michal Hocko
2017-08-11 15:23     ` Rik van Riel
2017-08-11 16:36       ` Mike Kravetz
2017-08-11 16:59         ` Rik van Riel
2017-08-11 17:07           ` Mike Kravetz
2017-08-07 13:22 ` [PATCH v2 0/2] mm,fork,security: " Michal Hocko
2017-08-07 13:46   ` Michal Hocko
2017-08-07 14:19     ` Florian Weimer
2017-08-10 13:06       ` Michal Hocko
2017-08-07 14:59     ` Rik van Riel
2017-08-09  9:59       ` Kirill A. Shutemov
2017-08-09 12:31         ` Rik van Riel
2017-08-09 12:42         ` Florian Weimer
2017-08-10 13:05       ` Michal Hocko
2017-08-10 13:23         ` Colm MacCárthaigh
2017-08-10 15:36           ` Michal Hocko
     [not found]             ` <CAAF6GDeno6RpHf1KORVSxUL7M-CQfbWFFdyKK8LAWd_6PcJ55Q@mail.gmail.com>
2017-08-10 17:01               ` Michal Hocko
2017-08-10 22:09                 ` Colm MacCárthaigh [this message]
2017-08-11 14:06                   ` Michal Hocko
2017-08-11 14:11                     ` Florian Weimer
2017-08-11 14:24                       ` Michal Hocko
2017-08-11 15:24                         ` Florian Weimer
2017-08-11 15:31                           ` Michal Hocko
     [not found]     ` <CAAF6GDcNoDUaDSxV6N12A_bOzo8phRUX5b8-OBteuN0AmeCv0g@mail.gmail.com>
2017-08-07 16:02       ` Colm MacCárthaigh
2017-08-10 13:21       ` Michal Hocko
2017-08-10 14:11         ` Michal Hocko
2017-08-07 18:23 ` Mike Kravetz
2017-08-08  9:58   ` Florian Weimer
2017-08-08 13:15     ` Rik van Riel
2017-08-08 15:19       ` Mike Kravetz
2017-08-08 15:22         ` Florian Weimer
2017-08-08 15:46         ` Rik van Riel
2017-08-08 16:48           ` Colm MacCárthaigh
2017-08-08 16:52           ` Matthew Wilcox
2017-08-08 18:45             ` Rik van Riel
2017-08-10 15:31               ` Michal Hocko

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAAF6GDdFjS612mx1TXzaVk1J-Afz9wsAywTEijO2TG4idxabiw@mail.gmail.com \
    --to=colm@allcosts.net \
    --cc=akpm@linux-foundation.org \
    --cc=dave.hansen@intel.com \
    --cc=fweimer@redhat.com \
    --cc=keescook@chromium.org \
    --cc=kirill@shutemov.name \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=luto@amacapital.net \
    --cc=mhocko@kernel.org \
    --cc=mike.kravetz@oracle.com \
    --cc=mingo@kernel.org \
    --cc=riel@redhat.com \
    --cc=wad@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).