On Wed, 4 Jul 2007, Andy Isaacson wrote:
> On Mon, Jul 02, 2007 at 06:55:40PM -0400, Rik van Riel wrote:
> > You could easily replace the cookie with a pointer to a free
> > page pool.
>
> It just occurred to me that something like this is *required* to get the
> performance benefit from MAP_NOZE
On Mon, Jul 02, 2007 at 06:55:40PM -0400, Rik van Riel wrote:
> You could easily replace the cookie with a pointer to a free
> page pool.
It just occurred to me that something like this is *required* to get the
performance benefit from MAP_NOZERO on a busy system. With Davide's
current proposal,
On Mon, 2 Jul 2007, Rik van Riel wrote:
> Davide Libenzi wrote:
> > On Mon, 2 Jul 2007, Ulrich Drepper wrote:
> >
> > > On 7/2/07, Rik van Riel <[EMAIL PROTECTED]> wrote:
> > > > That should not happen. The default SELinux configuration
> > > > in Fedora (and Debian?) runs a few daemons in their
Davide Libenzi wrote:
On Mon, 2 Jul 2007, Ulrich Drepper wrote:
On 7/2/07, Rik van Riel <[EMAIL PROTECTED]> wrote:
That should not happen. The default SELinux configuration
in Fedora (and Debian?) runs a few daemons in their own
restricted modes and has most of the system running in
unconfine
On Mon, 2 Jul 2007, Ulrich Drepper wrote:
> On 7/2/07, Rik van Riel <[EMAIL PROTECTED]> wrote:
> > That should not happen. The default SELinux configuration
> > in Fedora (and Debian?) runs a few daemons in their own
> > restricted modes and has most of the system running in
> > unconfined_t, inc
On Mon, 2 Jul 2007, Andy Isaacson wrote:
> On Sat, Jun 30, 2007 at 12:03:07PM -0700, Davide Libenzi wrote:
> > I think the focus should be to find a case where under the currently
> > implemented policy for MAP_NOZERO, MAP_NOZERO represent a loss of security
> > WRT no MAP_NOZERO. I have not b
On 7/2/07, Rik van Riel <[EMAIL PROTECTED]> wrote:
That should not happen. The default SELinux configuration
in Fedora (and Debian?) runs a few daemons in their own
restricted modes and has most of the system running in
unconfined_t, including the majority of user programs.
This is the state a
Andy Isaacson wrote:
On Sat, Jun 30, 2007 at 08:21:52PM -0400, Kyle Moffett wrote:
That's why you'd need to call an LSM hook to get a unique identifier,
as the LSM would actually need to allocate identifiers for
equivalence classes. Secondly, processes may change labels as they
run, so you
On Sat, Jun 30, 2007 at 08:21:52PM -0400, Kyle Moffett wrote:
> That's why you'd need to call an LSM hook to get a unique identifier,
> as the LSM would actually need to allocate identifiers for
> equivalence classes. Secondly, processes may change labels as they
> run, so you couldn't just
On Sat, Jun 30, 2007 at 12:03:07PM -0700, Davide Libenzi wrote:
> I think the focus should be to find a case where under the currently
> implemented policy for MAP_NOZERO, MAP_NOZERO represent a loss of security
> WRT no MAP_NOZERO. I have not been able to find one yet, although Andy
> found a
On Sat, 30 Jun 2007, Kyle Moffett wrote:
> On Jun 30, 2007, at 19:57:18, Davide Libenzi wrote:
> > On Sat, 30 Jun 2007, Kyle Moffett wrote:
> > > Very simple case: SELinux is turned on, an s9 (IE: TOP_SECRET) process
> > > calls free(), and an s3 (IE: UNCLASSIFIED) process calls malloc(), getting
On Jun 30, 2007, at 19:57:18, Davide Libenzi wrote:
On Sat, 30 Jun 2007, Kyle Moffett wrote:
Very simple case: SELinux is turned on, an s9 (IE: TOP_SECRET)
process calls free(), and an s3 (IE: UNCLASSIFIED) process calls
malloc(), getting the data from the TOP_SECRET process.
Note that you
On Sat, 30 Jun 2007, Kyle Moffett wrote:
> On Jun 30, 2007, at 15:03:07, Davide Libenzi wrote:
> > Hmm, why would you need MAP_REUSABLE? If a page is visible at any time for a
> > given UID, and you have a login under such UID, you can fetch the content of
> > the page at any time (ie, ptrace_atta
On Jun 30, 2007, at 15:03:07, Davide Libenzi wrote:
Hmm, why would you need MAP_REUSABLE? If a page is visible at any
time for a given UID, and you have a login under such UID, you can
fetch the content of the page at any time (ie, ptrace_attach,
gdb, ...).
Not under SELinux or other LSMs.
On Fri, 29 Jun 2007, Kyle Moffett wrote:
> Well I would be very interested in actually being able to use this feature
> under SELinux, I think that just the underlying "can-I-use-this-page" logic
> needs modification. Maybe "MAP_REUSABLE"? That would both imply that we can
> accept reused (IE: n
On Jun 29, 2007, at 16:12:58, Davide Libenzi wrote:
On Fri, 29 Jun 2007, Andy Isaacson wrote:
I still think that using uid in mm_struct is wrong, and some kind
of abstraction is required. I called this "free pool" in
<[EMAIL PROTECTED]>, but I think that name is
misleading -- I am not prop
On Fri, 29 Jun 2007, Andy Isaacson wrote:
> On Thu, Jun 28, 2007 at 10:57:00PM -0400, Kyle Moffett wrote:
> > On Jun 28, 2007, at 14:49:24, Davide Libenzi wrote:
> > >So I implemented a rather quick hack that introduces a new mmap()
> > >flag MAP_NOZERO (only valid for anonymous mappings) and th
On Thu, Jun 28, 2007 at 10:57:00PM -0400, Kyle Moffett wrote:
> On Jun 28, 2007, at 14:49:24, Davide Libenzi wrote:
> >So I implemented a rather quick hack that introduces a new mmap()
> >flag MAP_NOZERO (only valid for anonymous mappings) and the vma
> >counter-part VM_NOZERO. Also, a new sy
On Thu, 28 Jun 2007, Kyle Moffett wrote:
> On Jun 28, 2007, at 14:49:24, Davide Libenzi wrote:
> > I was using oprofile to sample some userspace code I am working on, and I
> > was continuosly noticing clear_page in the top three entries of the
> > oprofile logs.
> >
> > Also, a simple kernel b
On 6/28/07, Rik van Riel <[EMAIL PROTECTED]> wrote:
That wants MAP_PRIVATE so that the kernel can also decide to not
swap these pages out to an unencrypted swap area.
That's not what MAP_PRIVATE means. MAP_PRIVATE is the opposite of
MAP_SHARED. It's meaningless for anonymous memory (which is
Kyle Moffett wrote:
On Jun 28, 2007, at 14:49:24, Davide Libenzi wrote:
I was using oprofile to sample some userspace code I am working on,
and I was continuosly noticing clear_page in the top three entries
of the oprofile logs.
Also, a simple kernel build, in my Dual Opteron with 8GB of RA
On Jun 28, 2007, at 14:49:24, Davide Libenzi wrote:
I was using oprofile to sample some userspace code I am working on,
and I was continuosly noticing clear_page in the top three
entries of the oprofile logs.
Also, a simple kernel build, in my Dual Opteron with 8GB of RAM,
shows clear_p
I was using oprofile to sample some userspace code I am working on,
and I was continuosly noticing clear_page in the top three entries
of the oprofile logs.
Also, a simple kernel build, in my Dual Opteron with 8GB of RAM,
shows clear_page as the first kernel entry, second only to the
userspace
23 matches
Mail list logo
