On Tue 07-07-20 10:07:26, Pavel Machek wrote:
> Hi!
>
> > > > > This patch adds logic to the kernel power code to zero out contents of
> > > > > all MADV_WIPEONSUSPEND VMAs present in the system during its transition
> > > > > to any suspend state equal or greater/deeper than Suspend-to-memory,
> > > > > known as S3.
> > > >
> > > > How does the application learn that its memory got wiped? S2disk is an
> > > > async operation and it can happen at any time during the task execution.
> > > > So how does the application work to prevent from corrupted state - e.g.
> > > > when suspended between two memory loads?
> > >
> > > You can do it seqlock-style, kind of - you reserve the first byte of
> > > the page or so as a "is this page initialized" marker, and after every
> > > read from the page, you do a compiler barrier and check whether that
> > > byte has been cleared.
> >
> > This is certainly possible yet wery awkwar interface to use IMHO.
> > MADV_EXTERNALY_VOLATILE would express the actual semantic much better.
> > I might not still understand the expected usecase but if the target
> > application has to be changed anyway then why not simply use a
> > transparent and proper signaling mechanism like poll on a fd. That
>
> The goal is to have cryprographically-safe get_random_number() with 0
> syscalls.
>
> You'd need to do:
>
> if (!poll(did_i_migrate)) {
> use_prng_seed();
> if (poll(did_i_migrate)) {
> /* oops_they_migrated_me_in_middle_of_computation,
> lets_redo_it() */
> goto retry:
> }
> }
>
> Which means two syscalls..
Is this a real problem though? Do we have any actual numbers? E.g. how
often does the migration happen so that 2 syscalls would be visible in
actual workloads?
--
Michal Hocko
SUSE Labs
