From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58571C6FD1F for ; Tue, 14 Mar 2023 20:46:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6A4B86B0072; Tue, 14 Mar 2023 16:46:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 654928E0002; Tue, 14 Mar 2023 16:46:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 542FF8E0001; Tue, 14 Mar 2023 16:46:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 468E66B0072 for ; Tue, 14 Mar 2023 16:46:15 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id EA8AC80146 for ; Tue, 14 Mar 2023 20:46:14 +0000 (UTC) X-FDA: 80568686268.10.33A7777 Received: from 66-220-144-178.mail-mxout.facebook.com (66-220-144-178.mail-mxout.facebook.com [66.220.144.178]) by imf27.hostedemail.com (Postfix) with ESMTP id 6D8A640019 for ; Tue, 14 Mar 2023 20:46:13 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=none; spf=neutral (imf27.hostedemail.com: 66.220.144.178 is neither permitted nor denied by domain of shr@devkernel.io) smtp.mailfrom=shr@devkernel.io; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1678826773; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references; bh=6t89QJhxENopYXRLHv0O7ijAjFpUeRtBp5eM4Vp1C2I=; b=b5DB9ye+at20VHkwFlkfBZtW/Uhr2uNzgZLeECa3V2NJ70vDjCcz5NLy5+RD1CrCpCFO06 S8LTpLEqJRylvVhCwkDGXDauIEbJREm6xRyuGY3kf2/4XUr0tCku8wQl5Cy1E4tylt1Vl+ QEq1RVuLrhhtFremgmo+XUhdFVzKYTQ= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=none; spf=neutral (imf27.hostedemail.com: 66.220.144.178 is neither permitted nor denied by domain of shr@devkernel.io) smtp.mailfrom=shr@devkernel.io; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678826773; a=rsa-sha256; cv=none; b=PLN6XXLgvFCgA87IWQMfEpth6Licdk2kkwCeWntQm2f6R2klAvp4dgXLJWde2tGj1pnU5b tRDUu7Zt0OaultDNBDNg+hHN2UmwsAL54/yRjyxkmh8pWUVg6SfpfvuS0qKlUd99LJcum/ W0rx8LwP7DhMM/PRlJ5DUhaUt3NQ7f0= Received: by dev0134.prn3.facebook.com (Postfix, from userid 425415) id 8D4DA91E420D; Tue, 14 Mar 2023 13:45:58 -0700 (PDT) From: Stefan Roesch To: kernel-team@fb.com Cc: shr@devkernel.io, linux-mm@kvack.org, riel@surriel.com, mhocko@suse.com, david@redhat.com, linux-doc@vger.kernel.org, akpm@linux-foundation.org, hannes@cmpxchg.org Subject: [PATCH v1] docs/mm: extend ksm doc Date: Tue, 14 Mar 2023 13:45:57 -0700 Message-Id: <20230314204557.3863923-1-shr@devkernel.io> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Stat-Signature: 9s8z6ptg3gwyzdrs4fqpba58xnmdxzwy X-Rspam-User: X-Rspamd-Queue-Id: 6D8A640019 X-Rspamd-Server: rspam06 X-HE-Tag: 1678826773-835861 X-HE-Meta: U2FsdGVkX1+lDreP0Lqk+QCsXG89wDFZlDjXI8uqgVqLTcX3MynEBdUYTbr/OxnVsF+edrzvZnGl6ZgyqcT3iXNq0zZbAtCyRcGWX3mplRRxFhgAIzCKrzfoWWQMxqbQsOxxb0qOEjGcWTDGyIRvMTB5p3VKGPD+REue+G/RqhyKCZ2xFUbBBaREROzF+Lit8Njyg1upFlSyu6O6REeSslWWmBvkY+bnUKA3Gs/x1C25GAImLIU6jzyiHvLW7pp77RRFO2s3TyUovnXGG+Nr62lRmJHzz9tmOfR4ky45UVSakqS3/JHTx8PtU7tFFvKmEs1nL0yjV0yWZyibDokjmg6qJ890m6spu8VVfzt3LVIDyNe4Yl6/MLcmVi1kO38/JcoBYUPCEzJUt3KO9YAVPzAOsDXnoJQ00T3o2TAyKXEwAWculZABsK+SQ0AAgySa93dRQG3mQWHmFLpWlBlkmBIDBUOhQ7i21ENUiR07dZsE9RMET0jvAqQDIKnRbR32QMiwCPm05iPcujK+QN02lQWuIkvZF9GrkVTQoC+Zma3bhKnLdW3Q51CC89gzC2e0NscKBsRUhlxYwnLihBpN4dVnLsKTcocmPByS/qhXeencf+COD7soySDeuihMmGOxgn1cTXDA8zy0d0g421i2A8Tt4Un+DT54suImIxFbIIbwdPCTKEtUzsd1sNLuBM4OV//VdcHPR8iGYjN8Ro2+nAPL/REsIfP2N24ESo0iUSG+xQtytNJtJcwXN91XAQWvfaCKmEpz+QZRtp4165M+9FfXsJq/A+QHwFn3q/pelPvFcU2DWnYP2WT5i4YhmZ+QHg5uW2cPKW0WUs2/lMKvuv1PeGRR5Kf0IA8Kb4ryvwlBycIgBX2SMuYximXcBatGXkUtozuta0JW3GCVgwK+YlEGjt52bohvR3UyAT+zgsKH+sSI7OOpO9BMxjIavZf/Z43ldKahxitDeYq4PBZ OMW1xX+8 9S/gdppMlBSdJx3Sjb6ndV9Sze4s0QIyLCBzsl3PcaywR3sg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This adds a description of the new prctl interface for KSM and also adds a general section on security concerns. Signed-off-by: Stefan Roesch --- Documentation/admin-guide/mm/ksm.rst | 41 +++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/mm/ksm.rst b/Documentation/admin-g= uide/mm/ksm.rst index d2929964cd0f..ba75d628f6d7 100644 --- a/Documentation/admin-guide/mm/ksm.rst +++ b/Documentation/admin-guide/mm/ksm.rst @@ -20,13 +20,15 @@ content which can be replaced by a single write-prote= cted page (which is automatically copied if a process later wants to update its content). The amount of pages that KSM daemon scans in a single pass and the time between the passes are configured using :ref:`sysfs -intraface ` +interface ` =20 KSM only merges anonymous (private) pages, never pagecache (file) pages. KSM's merged pages were originally locked into kernel memory, but can no= w be swapped out just like other user pages (but sharing is broken when th= ey are swapped back in: ksmd must rediscover their identity and merge again= ). =20 +.. _ksm_madvise: + Controlling KSM with madvise =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D =20 @@ -68,6 +70,43 @@ Applications should be considerate in their use of MAD= V_MERGEABLE, restricting its use to areas likely to benefit. KSM's scans may use a l= ot of processing power: some installations will disable KSM for that reason= . =20 +Controlling KSM with prctl +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D + +KSM can be enabled for a process or a cgroup, by using the prctl(2) syst= em +call:: + + int prctl(PR_SET_MEMORY_MERGE, 1) + +The app may call + +:: + + int prctl(PR_SET_MEMORY_MERGE, 0) + +to cancel that advice and restore unshared pages: whereupon KSM +unmerges whatever is merged for that process. Note: this unmerging call +may suddenly require more memory than is available - possibly failing +with EAGAIN, but more probably arousing the Out-Of-Memory killer. + +The restrictions mentioned in :ref:`Controlling KSM with madvise `' +also apply here. Also consider the security implications of using KSM. + +KSM security concerns +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + +KSM has the possibility of memory side channel attacks. When individual +VMA's have KSM enabled, the security aspect needs to be considered. + +An individual workload doesn't know what else is running on +the machine, so it needs to be highly conservative about what it can +give up for system-wide merging. + +However, if the system is dedicated to running multiple jobs within the +same security domain, there is a usecase where multiple instances of the +same job are running inside a safe shared security domain and using the +same sensitive data. + .. _ksm_sysfs: =20 KSM daemon sysfs interface base-commit: 5faf25f023d8816a49e168930218ffdb75d5d853 --=20 2.34.1