Re: [PATCH] mm: Enable MAP_UNINITIALIZED for archs with mmu

From: Arun Sharma
Date: Fri Feb 24 2012 - 14:27:42 EST

Next message: Randy Dunlap: "[PATCH] security: fix ima kconfig warning"
Previous message: Stephen Warren: "RE: [PATCH 1/3] pinctrl: Introduce PINCTRL_STATE_DEFAULT define,and use it"
In reply to: Arun Sharma: "Re: [PATCH] mm: Enable MAP_UNINITIALIZED for archs with mmu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/23/12 6:47 PM, KAMEZAWA Hiroyuki wrote:

In a distributed computing environment, a user submits a job to the
cluster job scheduler. The job might involve multiple related
executables and might involve multiple address spaces. But they're
performing one logical task, have a single resource limit enforced by a
cgroup.

They don't have access to each other's VMAs, but if "accidentally" one
of them comes across an uninitialized page with data from another task,
it's not a violation of the security model.

How do you handle shared resouce, file-cache ?

From a security perspective or a resource limit perspective?

Security: all processes in the cgroup run with the same uid and have the same access to the filesystem. Multiple address spaces in a cgroup can be thought of as an implementation detail.

Resource limit: We don't have strict enforcement right now. There is a desire to include everything (file cache, slab memory) in the job's memory resource limit.

-Arun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Randy Dunlap: "[PATCH] security: fix ima kconfig warning"
Previous message: Stephen Warren: "RE: [PATCH 1/3] pinctrl: Introduce PINCTRL_STATE_DEFAULT define,and use it"
In reply to: Arun Sharma: "Re: [PATCH] mm: Enable MAP_UNINITIALIZED for archs with mmu"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]