From: Rik van Riel <riel@redhat.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: linux-kernel@vger.kernel.org, mike.kravetz@oracle.com,
linux-mm@kvack.org, fweimer@redhat.com, colm@allcosts.net,
akpm@linux-foundation.org, keescook@chromium.org,
luto@amacapital.net, wad@chromium.org, mingo@kernel.org,
kirill@shutemov.name, dave.hansen@intel.com,
linux-api@vger.kernel.org
Subject: Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK
Date: Mon, 07 Aug 2017 10:59:51 -0400 [thread overview]
Message-ID: <1502117991.6577.13.camel@redhat.com> (raw)
In-Reply-To: <20170807134648.GI32434@dhcp22.suse.cz>
On Mon, 2017-08-07 at 15:46 +0200, Michal Hocko wrote:
> On Mon 07-08-17 15:22:57, Michal Hocko wrote:
> > This is an user visible API so make sure you CC linux-api (added)
> >
> > On Sun 06-08-17 10:04:23, Rik van Riel wrote:
> > >
> > > A further complication is the proliferation of clone flags,
> > > programs bypassing glibc's functions to call clone directly,
> > > and programs calling unshare, causing the glibc pthread_atfork
> > > hook to not get called.
> > >
> > > It would be better to have the kernel take care of this
> > > automatically.
> > >
> > > This is similar to the OpenBSD minherit syscall with
> > > MAP_INHERIT_ZERO:
> > >
> > > https://man.openbsd.org/minherit.2
>
> I would argue that a MAP_$FOO flag would be more appropriate. Or do
> you
> see any cases where such a special mapping would need to change the
> semantic and inherit the content over the fork again?
>
> I do not like the madvise because it is an advise and as such it can
> be
> ignored/not implemented and that shouldn't have any correctness
> effects
> on the child process.
Too late for that. VM_DONTFORK is already implemented
through MADV_DONTFORK & MADV_DOFORK, in a way that is
very similar to the MADV_WIPEONFORK from these patches.
I wonder if that was done because MAP_* flags are a
bitmap, with a very limited number of values as a result,
while MADV_* constants have an essentially unlimited
numerical namespace available.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Rik van Riel <riel@redhat.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: linux-kernel@vger.kernel.org, mike.kravetz@oracle.com,
linux-mm@kvack.org, fweimer@redhat.com, colm@allcosts.net,
akpm@linux-foundation.org, keescook@chromium.org,
luto@amacapital.net, wad@chromium.org, mingo@kernel.org,
kirill@shutemov.name, dave.hansen@intel.com,
linux-api@vger.kernel.org
Subject: Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK
Date: Mon, 07 Aug 2017 10:59:51 -0400 [thread overview]
Message-ID: <1502117991.6577.13.camel@redhat.com> (raw)
In-Reply-To: <20170807134648.GI32434@dhcp22.suse.cz>
On Mon, 2017-08-07 at 15:46 +0200, Michal Hocko wrote:
> On Mon 07-08-17 15:22:57, Michal Hocko wrote:
> > This is an user visible API so make sure you CC linux-api (added)
> >
> > On Sun 06-08-17 10:04:23, Rik van Riel wrote:
> > >
> > > A further complication is the proliferation of clone flags,
> > > programs bypassing glibc's functions to call clone directly,
> > > and programs calling unshare, causing the glibc pthread_atfork
> > > hook to not get called.
> > >
> > > It would be better to have the kernel take care of this
> > > automatically.
> > >
> > > This is similar to the OpenBSD minherit syscall with
> > > MAP_INHERIT_ZERO:
> > >
> > > A A A A https://man.openbsd.org/minherit.2
>
> I would argue that a MAP_$FOO flag would be more appropriate. Or do
> you
> see any cases where such a special mapping would need to change the
> semantic and inherit the content over the fork again?
>
> I do not like the madvise because it is an advise and as such it can
> be
> ignored/not implemented and that shouldn't have any correctness
> effects
> on the child process.
Too late for that. VM_DONTFORK is already implemented
through MADV_DONTFORK & MADV_DOFORK, in a way that is
very similar to the MADV_WIPEONFORK from these patches.
I wonder if that was done because MAP_* flags are a
bitmap, with a very limited number of values as a result,
while MADV_* constants have an essentially unlimited
numerical namespace available.
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
WARNING: multiple messages have this Message-ID (diff)
From: Rik van Riel <riel@redhat.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: linux-kernel@vger.kernel.org, mike.kravetz@oracle.com,
linux-mm@kvack.org, fweimer@redhat.com, colm@allcosts.net,
akpm@linux-foundation.org, keescook@chromium.org,
luto@amacapital.net, wad@chromium.org, mingo@kernel.org,
kirill@shutemov.name, dave.hansen@intel.com,
linux-api@vger.kernel.org
Subject: Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK
Date: Mon, 07 Aug 2017 10:59:51 -0400 [thread overview]
Message-ID: <1502117991.6577.13.camel@redhat.com> (raw)
In-Reply-To: <20170807134648.GI32434@dhcp22.suse.cz>
On Mon, 2017-08-07 at 15:46 +0200, Michal Hocko wrote:
> On Mon 07-08-17 15:22:57, Michal Hocko wrote:
> > This is an user visible API so make sure you CC linux-api (added)
> >
> > On Sun 06-08-17 10:04:23, Rik van Riel wrote:
> > >
> > > A further complication is the proliferation of clone flags,
> > > programs bypassing glibc's functions to call clone directly,
> > > and programs calling unshare, causing the glibc pthread_atfork
> > > hook to not get called.
> > >
> > > It would be better to have the kernel take care of this
> > > automatically.
> > >
> > > This is similar to the OpenBSD minherit syscall with
> > > MAP_INHERIT_ZERO:
> > >
> > > https://man.openbsd.org/minherit.2
>
> I would argue that a MAP_$FOO flag would be more appropriate. Or do
> you
> see any cases where such a special mapping would need to change the
> semantic and inherit the content over the fork again?
>
> I do not like the madvise because it is an advise and as such it can
> be
> ignored/not implemented and that shouldn't have any correctness
> effects
> on the child process.
Too late for that. VM_DONTFORK is already implemented
through MADV_DONTFORK & MADV_DOFORK, in a way that is
very similar to the MADV_WIPEONFORK from these patches.
I wonder if that was done because MAP_* flags are a
bitmap, with a very limited number of values as a result,
while MADV_* constants have an essentially unlimited
numerical namespace available.
next prev parent reply other threads:[~2017-08-07 14:59 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-06 14:04 [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK riel
2017-08-06 14:04 ` riel
2017-08-06 14:04 ` [PATCH 1/2] x86,mpx: make mpx depend on x86-64 to free up VMA flag riel
2017-08-06 14:04 ` riel
2017-08-06 14:04 ` [PATCH 2/2] mm,fork: introduce MADV_WIPEONFORK riel
2017-08-06 14:04 ` riel
2017-08-10 15:23 ` Michal Hocko
2017-08-10 15:23 ` Michal Hocko
2017-08-11 15:23 ` Rik van Riel
2017-08-11 15:23 ` Rik van Riel
2017-08-11 16:36 ` Mike Kravetz
2017-08-11 16:36 ` Mike Kravetz
2017-08-11 16:59 ` Rik van Riel
2017-08-11 16:59 ` Rik van Riel
2017-08-11 17:07 ` Mike Kravetz
2017-08-11 17:07 ` Mike Kravetz
2017-08-07 13:22 ` [PATCH v2 0/2] mm,fork,security: " Michal Hocko
2017-08-07 13:22 ` Michal Hocko
[not found] ` <20170807132257.GH32434-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2017-08-07 13:46 ` Michal Hocko
2017-08-07 13:46 ` Michal Hocko
2017-08-07 13:46 ` Michal Hocko
2017-08-07 14:19 ` Florian Weimer
2017-08-07 14:19 ` Florian Weimer
2017-08-10 13:06 ` Michal Hocko
2017-08-10 13:06 ` Michal Hocko
2017-08-07 14:59 ` Rik van Riel [this message]
2017-08-07 14:59 ` Rik van Riel
2017-08-07 14:59 ` Rik van Riel
[not found] ` <1502117991.6577.13.camel-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-08-09 9:59 ` Kirill A. Shutemov
2017-08-09 9:59 ` Kirill A. Shutemov
2017-08-09 9:59 ` Kirill A. Shutemov
2017-08-09 12:31 ` Rik van Riel
2017-08-09 12:31 ` Rik van Riel
2017-08-09 12:31 ` Rik van Riel
2017-08-09 12:42 ` Florian Weimer
2017-08-09 12:42 ` Florian Weimer
2017-08-10 13:05 ` Michal Hocko
2017-08-10 13:05 ` Michal Hocko
[not found] ` <20170810130531.GS23863-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2017-08-10 13:23 ` Colm MacCárthaigh
2017-08-10 13:23 ` Colm MacCárthaigh
2017-08-10 13:23 ` Colm MacCárthaigh
[not found] ` <CAAF6GDc2hsj-XJj=Rx2ZF6Sh3Ke6nKewABXfqQxQjfDd5QN7Ug-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-08-10 15:36 ` Michal Hocko
2017-08-10 15:36 ` Michal Hocko
2017-08-10 15:36 ` Michal Hocko
2017-08-10 16:17 ` Colm MacCárthaigh
[not found] ` <CAAF6GDeno6RpHf1KORVSxUL7M-CQfbWFFdyKK8LAWd_6PcJ55Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-08-10 17:01 ` Michal Hocko
2017-08-10 17:01 ` Michal Hocko
2017-08-10 17:01 ` Michal Hocko
[not found] ` <20170810170144.GA987-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2017-08-10 22:09 ` Colm MacCárthaigh
2017-08-10 22:09 ` Colm MacCárthaigh
2017-08-10 22:09 ` Colm MacCárthaigh
[not found] ` <CAAF6GDdFjS612mx1TXzaVk1J-Afz9wsAywTEijO2TG4idxabiw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-08-11 14:06 ` Michal Hocko
2017-08-11 14:06 ` Michal Hocko
2017-08-11 14:06 ` Michal Hocko
[not found] ` <20170811140653.GO30811-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2017-08-11 14:11 ` Florian Weimer
2017-08-11 14:11 ` Florian Weimer
2017-08-11 14:11 ` Florian Weimer
[not found] ` <c8cda773-b28d-f35f-7f18-6735584cb173-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-08-11 14:24 ` Michal Hocko
2017-08-11 14:24 ` Michal Hocko
2017-08-11 14:24 ` Michal Hocko
[not found] ` <20170811142457.GP30811-2MMpYkNvuYDjFM9bn6wA6Q@public.gmane.org>
2017-08-11 15:24 ` Florian Weimer
2017-08-11 15:24 ` Florian Weimer
2017-08-11 15:24 ` Florian Weimer
2017-08-11 15:31 ` Michal Hocko
2017-08-11 15:31 ` Michal Hocko
2017-08-07 15:55 ` Colm MacCárthaigh
2017-08-07 16:02 ` Colm MacCárthaigh
2017-08-10 13:21 ` Michal Hocko
2017-08-10 13:21 ` Michal Hocko
2017-08-10 13:21 ` Michal Hocko
2017-08-10 14:11 ` Michal Hocko
2017-08-10 14:11 ` Michal Hocko
2017-08-07 18:23 ` Mike Kravetz
2017-08-07 18:23 ` Mike Kravetz
2017-08-08 9:58 ` Florian Weimer
2017-08-08 9:58 ` Florian Weimer
2017-08-08 13:15 ` Rik van Riel
2017-08-08 13:15 ` Rik van Riel
2017-08-08 15:19 ` Mike Kravetz
2017-08-08 15:19 ` Mike Kravetz
2017-08-08 15:22 ` Florian Weimer
2017-08-08 15:22 ` Florian Weimer
2017-08-08 15:46 ` Rik van Riel
2017-08-08 15:46 ` Rik van Riel
2017-08-08 16:48 ` Colm MacCárthaigh
2017-08-08 16:48 ` Colm MacCárthaigh
2017-08-08 16:52 ` Matthew Wilcox
2017-08-08 16:52 ` Matthew Wilcox
2017-08-08 18:45 ` Rik van Riel
2017-08-08 18:45 ` Rik van Riel
2017-08-10 15:31 ` Michal Hocko
2017-08-10 15:31 ` Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1502117991.6577.13.camel@redhat.com \
--to=riel@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=colm@allcosts.net \
--cc=dave.hansen@intel.com \
--cc=fweimer@redhat.com \
--cc=keescook@chromium.org \
--cc=kirill@shutemov.name \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=mhocko@kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=mingo@kernel.org \
--cc=wad@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.