linux-mm.kvack.org archive mirror
 help / color / mirror / Atom feed
From: Jeff Xu <jeffxu@google.com>
To: Pedro Falcato <pedro.falcato@gmail.com>
Cc: "Linus Torvalds" <torvalds@linux-foundation.org>,
	"kernel test robot" <oliver.sang@intel.com>,
	"Jeff Xu" <jeffxu@chromium.org>,
	oe-lkp@lists.linux.dev, lkp@intel.com,
	linux-kernel@vger.kernel.org,
	"Andrew Morton" <akpm@linux-foundation.org>,
	"Kees Cook" <keescook@chromium.org>,
	"Liam R. Howlett" <Liam.Howlett@oracle.com>,
	"Dave Hansen" <dave.hansen@intel.com>,
	"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
	"Guenter Roeck" <groeck@chromium.org>,
	"Jann Horn" <jannh@google.com>,
	"Jonathan Corbet" <corbet@lwn.net>,
	"Jorge Lucangeli Obes" <jorgelo@chromium.org>,
	"Matthew Wilcox" <willy@infradead.org>,
	"Muhammad Usama Anjum" <usama.anjum@collabora.com>,
	"Stephen Röttger" <sroettger@google.com>,
	"Suren Baghdasaryan" <surenb@google.com>,
	"Amer Al Shanawany" <amer.shanawany@gmail.com>,
	"Javier Carrasco" <javier.carrasco.cruz@gmail.com>,
	"Shuah Khan" <shuah@kernel.org>,
	linux-api@vger.kernel.org, linux-mm@kvack.org,
	ying.huang@intel.com, feng.tang@intel.com, fengwei.yin@intel.com
Subject: Re: [linus:master] [mseal] 8be7258aad: stress-ng.pagemove.page_remaps_per_sec -4.4% regression
Date: Mon, 5 Aug 2024 11:10:52 -0700	[thread overview]
Message-ID: <CALmYWFuXVCvAfrcDOCAR72z2_rmnm09QeVVqdhzqjF-fZ9ndUA@mail.gmail.com> (raw)
In-Reply-To: <CAKbZUD3B03Zjex4STW8J_1VJhpsYb=1mnZL2-vSaW-CaZdzLiA@mail.gmail.com>

On Mon, Aug 5, 2024 at 6:33 AM Pedro Falcato <pedro.falcato@gmail.com> wrote:
>
> On Sun, Aug 4, 2024 at 9:33 PM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > On Sun, 4 Aug 2024 at 01:59, kernel test robot <oliver.sang@intel.com> wrote:
> > >
> > > kernel test robot noticed a -4.4% regression of stress-ng.pagemove.page_remaps_per_sec on
> > > commit 8be7258aad44 ("mseal: add mseal syscall")
> >
> > Ok, it's basically just the vma walk in can_modify_mm():
> >
> > >       1.06            +0.1        1.18        perf-profile.self.cycles-pp.mas_next_slot
> > >       1.50            +0.5        1.97        perf-profile.self.cycles-pp.mas_find
> > >       0.00            +1.4        1.35        perf-profile.self.cycles-pp.can_modify_mm
> > >       3.13            +2.0        5.13        perf-profile.self.cycles-pp.mas_walk
> >
> > and looks like it's two different pathways. We have __do_sys_mremap ->
> > mremap_to -> do_munmap -> do_vmi_munmap -> can_modify_mm for the
> > destination mapping, but we also have mremap_to() calling
> > can_modify_mm() directly for the source mapping.
> >
> > And then do_vmi_munmap() will do it's *own* vma_find() after having
> > done arch_unmap().
> >
> > And do_munmap() will obviously do its own vma lookup as part of
> > calling vma_to_resize().
> >
> > So it looks like a large portion of this regression is because the
> > mseal addition just ends up walking the vma list way too much.
>
> Can we rollback the upfront checks "funny business" and just call
> can_modify_vma directly in relevant places? I still don't believe in
> the partial mprotect/munmap "security risks" that were stated in the
> mseal thread (and these operations can already fail for many other
> reasons than mseal) :)
>
In-place check and extra loop, implemented properly, will both prevent
changing to the sealed memory.

However, extra loop will make attacker difficult to call munmap(0,
random large-size), because  if one of vma in the range is sealed, the
whole operation will be no-op.

> I don't mind taking a look myself, just want to make sure I'm not
> stepping on anyone's toes here.
>
One thing that you can't walk around is that can_modify_mm must be
called prior to arch_unmap, that means in-place check for the munmap
is not possible.
( There are recent patch / refactor by Liam R. Howlett in this area,
but I am not sure if this restriction is removed)

> --
> Pedro


  reply	other threads:[~2024-08-05 18:11 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-08-04  8:59 [linus:master] [mseal] 8be7258aad: stress-ng.pagemove.page_remaps_per_sec -4.4% regression kernel test robot
2024-08-04 20:32 ` Linus Torvalds
2024-08-05 13:33   ` Pedro Falcato
2024-08-05 18:10     ` Jeff Xu [this message]
2024-08-05 18:55       ` Linus Torvalds
2024-08-05 19:33         ` Linus Torvalds
2024-08-06  2:14           ` Michael Ellerman
2024-08-06  2:17             ` Linus Torvalds
2024-08-06 12:03               ` Michael Ellerman
2024-08-06 14:43                 ` Linus Torvalds
2024-08-06  6:04           ` Oliver Sang
2024-08-06 14:38             ` Linus Torvalds
2024-08-05 19:37         ` Jeff Xu
2024-08-05 19:48           ` Linus Torvalds
2024-08-05 19:50             ` Linus Torvalds
2024-08-05 23:24             ` Nicholas Piggin
2024-08-06  0:13               ` Linus Torvalds
2024-08-06  1:22                 ` Jeff Xu
2024-08-06  2:01                 ` Michael Ellerman
2024-08-06  2:15                   ` Linus Torvalds
2024-09-13  5:47                   ` Christophe Leroy
2024-08-05 17:54   ` Jeff Xu
2024-08-05 13:56 ` Jeff Xu
2024-08-05 16:58 ` Jeff Xu
2024-08-06  1:44   ` Oliver Sang
2024-08-06 14:54     ` Jeff Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALmYWFuXVCvAfrcDOCAR72z2_rmnm09QeVVqdhzqjF-fZ9ndUA@mail.gmail.com \
    --to=jeffxu@google.com \
    --cc=Liam.Howlett@oracle.com \
    --cc=akpm@linux-foundation.org \
    --cc=amer.shanawany@gmail.com \
    --cc=corbet@lwn.net \
    --cc=dave.hansen@intel.com \
    --cc=feng.tang@intel.com \
    --cc=fengwei.yin@intel.com \
    --cc=gregkh@linuxfoundation.org \
    --cc=groeck@chromium.org \
    --cc=jannh@google.com \
    --cc=javier.carrasco.cruz@gmail.com \
    --cc=jeffxu@chromium.org \
    --cc=jorgelo@chromium.org \
    --cc=keescook@chromium.org \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=lkp@intel.com \
    --cc=oe-lkp@lists.linux.dev \
    --cc=oliver.sang@intel.com \
    --cc=pedro.falcato@gmail.com \
    --cc=shuah@kernel.org \
    --cc=sroettger@google.com \
    --cc=surenb@google.com \
    --cc=torvalds@linux-foundation.org \
    --cc=usama.anjum@collabora.com \
    --cc=willy@infradead.org \
    --cc=ying.huang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).