----- Original Message ----- > From: "Steven Rostedt" <[email protected]> > To: "Peter Zijlstra" <[email protected]> > Cc: "Mathieu Desnoyers" <[email protected]>, > [email protected], "KOSAKI Motohiro" > <[email protected]>, "Paul E. McKenney" > <[email protected]>, "Nicholas Miell" > <[email protected]>, "Linus Torvalds" <[email protected]>, "Ingo > Molnar" <[email protected]>, "Alan Cox" > <[email protected]>, "Lai Jiangshan" <[email protected]>, > "Stephen Hemminger" > <[email protected]>, "Andrew Morton" <[email protected]>, > "Josh Triplett" <[email protected]>, > "Thomas Gleixner" <[email protected]>, "David Howells" > <[email protected]>, "Nick Piggin" <[email protected]> > Sent: Monday, March 16, 2015 10:24:30 AM > Subject: Re: [RFC PATCH] sys_membarrier(): system/process-wide memory barrier > (x86) (v12) > > On Mon, 16 Mar 2015 15:19:39 +0100 > Peter Zijlstra <[email protected]> wrote: > > > > > I suppose this is an unprivileged syscall; so what do we do about: > > > > for (;;) > > sys_membar(EXPEDITED); > > > > Which would spray the entire system with IPIs at break neck speed. > > Perhaps it should be rate limited. Have parameters (controlled via > sysctl) that will only allow so many of these per ms. If it exceeds it, > then the call will end up being a schedule_timeout() till it is allowed > to continue. Thus, the above will spit out a few hundred IPIs, then > sleep for a millisecond, and then spit out another hundred IPIs and > sleep again. > > That would prevent any DoS attacks.
As I pointed out in my other email, EXPEDITED | ~PRIVATE currently returns -EINVAL. The only way to do a system-wide barrier with this membarrier implementation is to use synchronize_sched() (~EXPEDITED), which I strongly doubt would perform a DoS. If we eventually care about a EXPEDITED | ~PRIVATE implementation, then I agree that rate limiting might be a good way to do it. I would be a bit uncomfortable sending IPIs to _all_ CPUs though, even with rate limiting. But perhaps it's a non-issue ? Thanks, Mathieu -- Mathieu Desnoyers EfficiOS Inc. http://www.efficios.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
