|
Message-ID: <72cc9d16-305e-1856-0bbb-59010b067589@huawei.com> Date: Tue, 9 May 2017 12:38:58 +0300 From: Igor Stoppa <igor.stoppa@...wei.com> To: Laura Abbott <labbott@...hat.com>, Michal Hocko <mhocko@...nel.org> CC: <linux-mm@...ck.org>, <linux-kernel@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: RFC v2: post-init-read-only protection for data allocated dynamically On 08/05/17 18:25, Laura Abbott wrote: > On 05/05/2017 03:42 AM, Igor Stoppa wrote: >> On 04/05/17 19:49, Laura Abbott wrote: [...] > PAGE_SIZE is still 4K/16K/64K but the underlying page table mappings > may use larger mappings (2MB, 32M, 512M, etc.). The ARM architecture > has a break-before-make requirement which requires old mappings be > fully torn down and invalidated to avoid TLB conflicts. This is nearly > impossible to do correctly on live page tables so the current policy > is to not break down larger mappings. ok, but if a system integrator chooses to have the mapping set to 512M (let's consider a case that is definitely unoptimized), this granularity will apply to anything that needs to be marked as R/O and is allocated through linear mapping. If the issue inherently sits with linear allocation, then maybe the correct approach is to confirm if linear allocation is really needed, in the first place. Maybe not, at least for the type of data I have in mind. However, that would require changes in the users of the interface, rather than the interface itself. I don't see this change as a problem, in general, but OTOH I do not know yet if there are legitimate reasons to use kmalloc for any post-init-read-only data. Of course, if you have any proposal that would solve this problem with large pages, I'd be interested to know. Also, for me to better understand the magnitude of the problem, do you know if there is any specific scenario where larger mappings would be used/recommended? The major reason for using larger mapping that I can think of, is to improve the efficiency of the TLB when under pressure, however I wouldn't be able to judge how much this can affect the overall performance a big iron or in a small device. Do you know if there is any similar case that has to deal with locking down large pages? Doesn't the kernel text have potentially a similar risks of leaving large amount of memory unused? Is rodata only virtual? > I'd rather see this designed as being mandatory from the start and then > provide a mechanism to turn it off if necessary. The uptake and > coverage from opt-in features tends to be very low based on past experience. I have nothing against such wish, actually I'd love it, but I'm not sure I have the answer for it. Yet, a partial solution is better than nothing, if there is no truly flexible one. -- igor
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.