Re: [PATCH 4/4] add ksm kernel shared memory driver.

From: Izik Eidus
Date: Thu Apr 02 2009 - 07:28:15 EST

Next message: Ingo Molnar: "Re: [PATCH 1/6] perf_counter: move the event overflow output bitsto record_type"
Previous message: Joerg Roedel: "Re: [PATCH] dma-debug: fix printk formats (i386)"
In reply to: Andrea Arcangeli: "Re: [PATCH 4/4] add ksm kernel shared memory driver."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anthony Liguori wrote:

Chris Wright wrote:
* Anthony Liguori (anthony@xxxxxxxxxxxxx) wrote:

The ioctl() interface is quite bad for what you're doing. You're telling the kernel extra information about a VA range in userspace. That's what madvise is for. You're tweaking simple read/write values of kernel infrastructure. That's what sysfs is for.

I agree re: sysfs (brought it up myself before). As far as madvise vs.
ioctl, the one thing that comes from the ioctl is fops->release to
automagically unregister memory on exit.

This is precisely why ioctl() is a bad interface. fops->release isn't tied to the process but rather tied to the open file. The file can stay open long after the process exits either by a fork()'d child inheriting the file descriptor or through something more sinister like SCM_RIGHTS.

In fact, a common mistake is to leak file descriptors by not closing them when exec()'ing a process. Instead of just delaying a close, if you rely on this behavior to unregister memory regions, you could potentially have badness happen in the kernel if ksm attempted to access an invalid memory region.

How could such badness ever happen in the kernel?
Ksm work by virtual addresses!, it fetch the pages by using get_user_pages(), and the mm struct is protected by get_task_mm(), in addion we take the down_read(mmap_sem)

So how could ksm ever acces to invalid memory region unless the host page table or get_task_mm() would stop working!

When someone register memory for scan, we do get_task_mm() when the file is closed or when he say that he dont want this to be registered anymore he call the unregister ioctl

You can aurgoment about API, but this is mathamathical thing to say Ksm is insecure, please show me senario!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [PATCH 1/6] perf_counter: move the event overflow output bitsto record_type"
Previous message: Joerg Roedel: "Re: [PATCH] dma-debug: fix printk formats (i386)"
In reply to: Andrea Arcangeli: "Re: [PATCH 4/4] add ksm kernel shared memory driver."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]