From: Elladan <elladan@eskimo.com>
To: Andi Kleen <ak@suse.de>
Cc: Elladan <elladan@eskimo.com>, Andi Kleen <ak@muc.de>,
Andrea Arcangeli <andrea@suse.de>, Jeff Dike <jdike@karaya.com>,
john stultz <johnstul@us.ibm.com>,
lkml <linux-kernel@vger.kernel.org>,
george anzinger <george@mvista.com>,
Stephen Hemminger <shemminger@osdl.org>,
discuss@x86-64.org, aj@suse.de
Subject: Re: [discuss] Re: [PATCH] linux-2.5.43_vsyscall_A0
Date: Sun, 20 Oct 2002 03:58:41 -0700 [thread overview]
Message-ID: <20021020105841.GA1024@eskimo.com> (raw)
In-Reply-To: <20021020112730.A29357@wotan.suse.de>
On Sun, Oct 20, 2002 at 11:27:30AM +0200, Andi Kleen wrote:
> On Sat, Oct 19, 2002 at 11:44:33PM -0700, Elladan wrote:
> > The problem with modifying the executable code/pages in the vsyscall
> > area is that it's going to be very tricky to implement, if I understand
> > this discussion properly.
>
> Modifying the pages or variables in the pages from the kernel is no
> problem. It just would affect all processes on the system
>
> What's tricky is to give it per process state (which would
> be needed to make a vsyscall/novsyscall flag process local)
Not really any more tricky than turning it off globally with a flag.
It's just more expensive, because you have to propagate the flag into
vsyscall space on the context switch. In the per-process case,
self-modifying code would be a less non-viable approach than it is
globally.
> > There may be any number of user processes idling in these pages on the
> > runqueue (or off it if say one received a SIGSTOP), and if you just go
> > change the instruction code on them, unless you're incredibly careful
> > and come up with some subtly safe machine code sequence, they're going
> > crash when you call this sysctl().
>
> Nobody proposed to use self modifying code, it would just be a global
> variable located in the vsyscall area that is tested by the vsyscall
> code.
Well, self modifying code certainly looked like what Andrea was talking
about, to avoid the branch overhead on the userspace gettimeofday()
call.
I suspect that outside of a few database apps, it's pretty unlikely that
there will be any vsyscalls in your average time slice, so putting the
overhead into the vsyscall itself seems like a better idea than paying
the price during every context switch.
Of course, if you're really strictly worried about being able to fully
virtualize the vsyscalls, a global flag isn't really enough. A user app
running under the virtual machine will still be able to manually access
the data on the vsyscall pages, and if it wants, jump into the middle of
a function or something like that. So eg. a UML instance being used as
a sandbox would still expose the host time and such to its hostile
userspace, which could then execute subsets of vsyscall code at will.
It seems that to fix this with proper data-hiding, it would really need
to be possible to set the vsyscall pages as invalid for the UML process
(so it could manually emulate the vsyscall), which would then either
require expensive contex-switching costs to make it a per-process flag,
or we're back to global self-modifying-code fixups.
Better to just ignore that particular issue.
-J
next prev parent reply other threads:[~2002-10-20 10:52 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-18 22:57 [PATCH] linux-2.5.43_vsyscall_A0 john stultz
2002-10-18 22:58 ` [EXAMPLE CODE] linux-2.5.43_vsyscall_A0 john stultz
2002-10-19 3:52 ` [PATCH] linux-2.5.43_vsyscall_A0 Jeff Dike
2002-10-19 3:10 ` Andi Kleen
2002-10-19 4:49 ` Jeff Dike
2002-10-19 4:02 ` Andi Kleen
2002-10-19 4:16 ` Andrea Arcangeli
2002-10-20 2:59 ` Andi Kleen
2002-10-20 6:44 ` Elladan
2002-10-20 9:27 ` [discuss] " Andi Kleen
2002-10-20 10:58 ` Elladan [this message]
2002-10-20 11:20 ` Andi Kleen
2002-10-20 14:51 ` Andrea Arcangeli
2002-10-21 16:49 ` george anzinger
2002-10-20 13:19 ` Andreas Jaeger
2002-10-20 14:59 ` Andrea Arcangeli
2002-10-19 4:10 ` Andrea Arcangeli
2002-10-19 4:45 ` Andi Kleen
2002-10-19 5:01 ` Andrea Arcangeli
2002-10-19 23:43 ` Jeff Dike
2002-10-20 0:15 ` Andrea Arcangeli
2002-10-20 2:03 ` Jeff Dike
2002-10-20 2:33 ` Andrea Arcangeli
2002-10-22 5:07 ` Jeff Dike
2002-10-22 4:15 ` Andi Kleen
2002-10-22 4:29 ` Andrew Morton
2002-10-22 9:39 ` Alan Cox
2002-10-22 16:12 ` Andrew Morton
2002-10-22 5:08 ` Andrea Arcangeli
2002-10-22 5:27 ` Andrea Arcangeli
2002-10-22 7:24 ` Elladan
2002-10-22 7:40 ` Andrea Arcangeli
2002-10-23 5:12 ` Elladan
2002-10-23 5:43 ` Elladan
2002-10-23 17:51 ` Gerrit Huizenga
2002-10-21 15:43 ` Stephen Hemminger
2002-10-21 16:26 ` Andi Kleen
2002-10-21 17:10 ` john stultz
2002-10-19 19:14 ` Bill Davidsen
2002-10-20 1:50 ` Rik van Riel
2002-10-20 2:56 ` Andi Kleen
2002-10-24 11:24 ` Pavel Machek
2002-10-24 11:24 ` Pavel Machek
2002-10-19 22:36 ` Ton Hospel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021020105841.GA1024@eskimo.com \
--to=elladan@eskimo.com \
--cc=aj@suse.de \
--cc=ak@muc.de \
--cc=ak@suse.de \
--cc=andrea@suse.de \
--cc=discuss@x86-64.org \
--cc=george@mvista.com \
--cc=jdike@karaya.com \
--cc=johnstul@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=shemminger@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).