Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752902AbdHIMbN (ORCPT ); Wed, 9 Aug 2017 08:31:13 -0400 Received: from mx1.redhat.com ([209.132.183.28]:38552 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752033AbdHIMbK (ORCPT ); Wed, 9 Aug 2017 08:31:10 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 4CA672BC7D5 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=riel@redhat.com Message-ID: <1502281867.6577.35.camel@redhat.com> Subject: Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK From: Rik van Riel To: "Kirill A. Shutemov" Cc: Michal Hocko , linux-kernel@vger.kernel.org, mike.kravetz@oracle.com, linux-mm@kvack.org, fweimer@redhat.com, colm@allcosts.net, akpm@linux-foundation.org, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, mingo@kernel.org, dave.hansen@intel.com, linux-api@vger.kernel.org Date: Wed, 09 Aug 2017 08:31:07 -0400 In-Reply-To: <20170809095957.kv47or2w4obaipkn@node.shutemov.name> References: <20170806140425.20937-1-riel@redhat.com> <20170807132257.GH32434@dhcp22.suse.cz> <20170807134648.GI32434@dhcp22.suse.cz> <1502117991.6577.13.camel@redhat.com> <20170809095957.kv47or2w4obaipkn@node.shutemov.name> Organization: Red Hat, Inc Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Wed, 09 Aug 2017 12:31:10 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2001 Lines: 51 On Wed, 2017-08-09 at 12:59 +0300, Kirill A. Shutemov wrote: > On Mon, Aug 07, 2017 at 10:59:51AM -0400, Rik van Riel wrote: > > On Mon, 2017-08-07 at 15:46 +0200, Michal Hocko wrote: > > > On Mon 07-08-17 15:22:57, Michal Hocko wrote: > > > > This is an user visible API so make sure you CC linux-api > > > > (added) > > > > > > > > On Sun 06-08-17 10:04:23, Rik van Riel wrote: > > > > > > > > > > A further complication is the proliferation of clone flags, > > > > > programs bypassing glibc's functions to call clone directly, > > > > > and programs calling unshare, causing the glibc > > > > > pthread_atfork > > > > > hook to not get called. > > > > > > > > > > It would be better to have the kernel take care of this > > > > > automatically. > > > > > > > > > > This is similar to the OpenBSD minherit syscall with > > > > > MAP_INHERIT_ZERO: > > > > > > > > > >     https://man.openbsd.org/minherit.2 > > > > > > I would argue that a MAP_$FOO flag would be more appropriate. Or > > > do > > > you > > > see any cases where such a special mapping would need to change > > > the > > > semantic and inherit the content over the fork again? > > > > > > I do not like the madvise because it is an advise and as such it > > > can > > > be > > > ignored/not implemented and that shouldn't have any correctness > > > effects > > > on the child process. > > > > Too late for that. VM_DONTFORK is already implemented > > through MADV_DONTFORK & MADV_DOFORK, in a way that is > > very similar to the MADV_WIPEONFORK from these patches. > > It's not obvious to me what would break if kernel would ignore > MADV_DONTFORK or MADV_DONTDUMP. > You might end up with multiple processes having a device open which can only handle one process at a time. Another thing that could go wrong is that if overcommit_memory=2, a very large process with MADV_DONTFORK on a large memory area suddenly fails to fork (due to there not being enough available memory), and is unable to start a helper process.