From: Tony Battersby <tonyb@cybernetics.com>
To: Hugh Dickins <hughd@google.com>
Cc: David Herrmann <dh.herrmann@gmail.com>,
Andy Lutomirski <luto@amacapital.net>,
Al Viro <viro@zeniv.linux.org.uk>, Jan Kara <jack@suse.cz>,
Michael Kerrisk <mtk.manpages@gmail.com>,
Ryan Lortie <desrt@desrt.ca>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org,
Johannes Weiner <hannes@cmpxchg.org>, Tejun Heo <tj@kernel.org>,
Greg Kroah-Hartman <greg@kroah.com>,
John Stultz <john.stultz@linaro.org>,
Kristian Hogsberg <krh@bitplanet.net>,
Lennart Poettering <lennart@poettering.net>,
Daniel Mack <zonque@gmail.com>, Kay Sievers <kay@vrfy.org>
Subject: Re: [PATCH v2 0/3] File Sealing & memfd_create()
Date: Wed, 14 May 2014 12:15:30 -0400 [thread overview]
Message-ID: <537396A2.9090609@cybernetics.com> (raw)
In-Reply-To: <alpine.LSU.2.11.1405132118330.4401@eggly.anvils>
Hugh Dickins wrote:
> Checking page counts in a GB file prior to sealing does not appeal at
> all: we'd be lucky ever to find them all accounted for.
Here is a refinement of that idea: during a seal operation, iterate over
all the pages in the file and check their refcounts. On any page that
has an unexpected extra reference, allocate a new page, copy the data
over to the new page, and then replace the page having the extra
reference with the newly-allocated page in the file. That way you still
get zero-copy on pages that don't have extra references, and you don't
have to fail the seal operation if some of the pages are still being
referenced by something else.
The downside of course is the extra memory usage and memcpy overhead if
something is holding extra references to the pages. So whether this is
a good approach depends on:
*) Whether extra page references would happen frequently or infrequently
under various kernel configurations and usage scenarios. I don't know
enough about the mm system to answer this myself.
*) Whether or not the extra memory usage and memcpy overhead could be
considered a DoS attack vector by someone who has found a way to add
extra references to the pages intentionally.
Tony Battersby
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2014-05-14 16:15 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-15 18:38 [PATCH v2 0/3] File Sealing & memfd_create() David Herrmann
2014-04-15 18:38 ` [PATCH v2 1/3] shm: add sealing API David Herrmann
2014-05-20 2:16 ` Hugh Dickins
2014-05-23 16:37 ` David Herrmann
2014-06-02 10:30 ` Hugh Dickins
2014-04-15 18:38 ` [PATCH v2 2/3] shm: add memfd_create() syscall David Herrmann
2014-05-20 2:20 ` Hugh Dickins
2014-05-23 16:57 ` David Herrmann
2014-06-02 10:59 ` Hugh Dickins
2014-06-02 17:50 ` Andy Lutomirski
2014-06-13 10:42 ` David Herrmann
2014-05-21 10:50 ` Konstantin Khlebnikov
2014-04-15 18:38 ` [PATCH v2 3/3] selftests: add memfd_create() + sealing tests David Herrmann
2014-05-20 2:22 ` Hugh Dickins
2014-05-23 17:06 ` David Herrmann
2014-05-14 5:09 ` [PATCH v2 0/3] File Sealing & memfd_create() Hugh Dickins
2014-05-14 16:15 ` Tony Battersby [this message]
2014-05-14 22:35 ` Hugh Dickins
2014-05-19 11:44 ` David Herrmann
2014-05-19 16:09 ` Jan Kara
2014-05-19 22:11 ` Hugh Dickins
2014-05-26 11:44 ` David Herrmann
2014-05-31 4:44 ` Hugh Dickins
2014-06-02 4:42 ` Minchan Kim
2014-06-02 9:14 ` Jan Kara
2014-06-02 16:04 ` David Herrmann
2014-06-03 8:31 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=537396A2.9090609@cybernetics.com \
--to=tonyb@cybernetics.com \
--cc=akpm@linux-foundation.org \
--cc=desrt@desrt.ca \
--cc=dh.herrmann@gmail.com \
--cc=greg@kroah.com \
--cc=hannes@cmpxchg.org \
--cc=hughd@google.com \
--cc=jack@suse.cz \
--cc=john.stultz@linaro.org \
--cc=kay@vrfy.org \
--cc=krh@bitplanet.net \
--cc=lennart@poettering.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@amacapital.net \
--cc=mtk.manpages@gmail.com \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zonque@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).