From: Kees Cook <keescook@chromium.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Vladimir Davydov <vdavydov@parallels.com>,
Andres Lagar-Cavilla <andreslc@google.com>,
Minchan Kim <minchan@kernel.org>,
Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>,
Johannes Weiner <hannes@cmpxchg.org>,
Michal Hocko <mhocko@suse.cz>, Greg Thelen <gthelen@google.com>,
Michel Lespinasse <walken@google.com>,
David Rientjes <rientjes@google.com>,
Pavel Emelyanov <xemul@parallels.com>,
Cyrill Gorcunov <gorcunov@openvz.org>,
Jonathan Corbet <corbet@lwn.net>,
Linux API <linux-api@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
Linux-MM <linux-mm@kvack.org>, Cgroups <cgroups@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH -mm v9 0/8] idle memory tracking
Date: Mon, 27 Jul 2015 12:18:57 -0700 [thread overview]
Message-ID: <CAGXu5jLPT-2c_H3kjCzbVgRKQO0xMskVd7JcAMmWZSmFgzZ4ng@mail.gmail.com> (raw)
In-Reply-To: <20150721163402.43ad2527d9b8caa476a1c9e1@linux-foundation.org>
On Tue, Jul 21, 2015 at 4:34 PM, Andrew Morton
<akpm@linux-foundation.org> wrote:
> On Sun, 19 Jul 2015 15:31:09 +0300 Vladimir Davydov <vdavydov@parallels.com> wrote:
>> To mark a page idle one should set the bit corresponding to the
>> page by writing to the file. A value written to the file is OR-ed with the
>> current bitmap value. Only user memory pages can be marked idle, for other
>> page types input is silently ignored. Writing to this file beyond max PFN
>> results in the ENXIO error. Only available when CONFIG_IDLE_PAGE_TRACKING is
>> set.
>>
>> This file can be used to estimate the amount of pages that are not
>> used by a particular workload as follows:
>>
>> 1. mark all pages of interest idle by setting corresponding bits in the
>> /proc/kpageidle bitmap
>> 2. wait until the workload accesses its working set
>> 3. read /proc/kpageidle and count the number of bits set
>
> Security implications. This interface could be used to learn about a
> sensitive application by poking data at it and then observing its
> memory access patterns. Perhaps this is why the proc files are
> root-only (whcih I assume is sufficient). Some words here about the
> security side of things and the reasoning behind the chosen permissions
> would be good to have.
As long as this stays true-root-only, I think it should be safe enough.
>> * /proc/kpagecgroup. This file contains a 64-bit inode number of the
>> memory cgroup each page is charged to, indexed by PFN.
>
> Actually "closest online ancestor". This also should be in the
> interface documentation.
>
>> Only available when CONFIG_MEMCG is set.
>
> CONFIG_MEMCG and CONFIG_IDLE_PAGE_TRACKING I assume?
>
>>
>> This file can be used to find all pages (including unmapped file
>> pages) accounted to a particular cgroup. Using /proc/kpageidle, one
>> can then estimate the cgroup working set size.
>>
>> For an example of using these files for estimating the amount of unused
>> memory pages per each memory cgroup, please see the script attached
>> below.
>
> Why were these put in /proc anyway? Rather than under /sys/fs/cgroup
> somewhere? Presumably because /proc/kpageidle is useful in non-memcg
> setups.
Do we need a /proc/vm/ for holding these kinds of things? We're
collecting a lot there. Or invent some way for this to be sensible in
/sys?
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2015-07-27 19:18 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-19 12:31 Vladimir Davydov
2015-07-19 12:31 ` [PATCH -mm v9 1/8] memcg: add page_cgroup_ino helper Vladimir Davydov
2015-07-21 23:34 ` Andrew Morton
2015-07-22 9:21 ` Vladimir Davydov
2015-07-19 12:31 ` [PATCH -mm v9 2/8] hwpoison: use page_cgroup_ino for filtering by memcg Vladimir Davydov
2015-07-21 23:34 ` Andrew Morton
2015-07-22 9:45 ` Vladimir Davydov
2015-07-19 12:31 ` [PATCH -mm v9 3/8] memcg: zap try_get_mem_cgroup_from_page Vladimir Davydov
2015-07-19 12:31 ` [PATCH -mm v9 4/8] proc: add kpagecgroup file Vladimir Davydov
2015-07-21 23:34 ` Andrew Morton
2015-07-22 10:33 ` Vladimir Davydov
2015-07-19 12:31 ` [PATCH -mm v9 5/8] mmu-notifier: add clear_young callback Vladimir Davydov
2015-07-20 18:34 ` Andres Lagar-Cavilla
2015-07-21 8:51 ` Vladimir Davydov
2015-07-22 16:33 ` Vladimir Davydov
2015-07-19 12:31 ` [PATCH -mm v9 6/8] proc: add kpageidle file Vladimir Davydov
2015-07-21 23:34 ` Andrew Morton
2015-07-22 15:20 ` Vladimir Davydov
2015-07-24 14:08 ` Paul Gortmaker
2015-07-24 14:17 ` Vladimir Davydov
2015-07-19 12:31 ` [PATCH -mm v9 7/8] proc: export idle flag via kpageflags Vladimir Davydov
2015-07-21 23:35 ` Andrew Morton
2015-07-22 16:25 ` Vladimir Davydov
2015-07-22 19:44 ` Andrew Morton
2015-07-22 20:46 ` Andres Lagar-Cavilla
2015-07-23 7:57 ` Vladimir Davydov
2015-07-19 12:31 ` [PATCH -mm v9 8/8] proc: add cond_resched to /proc/kpage* read/write loop Vladimir Davydov
2015-07-19 12:37 ` [PATCH -mm v9 0/8] idle memory tracking Vladimir Davydov
2015-07-21 21:39 ` Andres Lagar-Cavilla
2015-07-21 23:34 ` Andrew Morton
2015-07-22 16:23 ` Vladimir Davydov
2015-07-25 16:24 ` Vladimir Davydov
2015-07-27 19:18 ` Kees Cook [this message]
2015-07-27 19:25 ` Andrew Morton
2015-07-29 12:36 ` Michal Hocko
2015-07-29 13:59 ` Vladimir Davydov
2015-07-29 14:12 ` Michel Lespinasse
2015-07-29 14:13 ` Michel Lespinasse
2015-07-29 14:45 ` Vladimir Davydov
2015-07-29 15:08 ` Michel Lespinasse
2015-07-29 15:31 ` Vladimir Davydov
2015-07-29 15:34 ` Michel Lespinasse
2015-07-29 15:08 ` Michal Hocko
2015-07-29 15:36 ` Vladimir Davydov
2015-07-29 15:58 ` Michal Hocko
2015-07-29 14:26 ` Michal Hocko
2015-07-29 15:28 ` Vladimir Davydov
2015-07-29 15:47 ` Michal Hocko
2015-07-29 16:29 ` Vladimir Davydov
2015-07-29 21:30 ` Andrew Morton
2015-07-30 9:12 ` Vladimir Davydov
2015-07-30 13:01 ` Vladimir Davydov
2015-07-31 9:34 ` Vladimir Davydov
2015-07-30 9:07 ` Michal Hocko
2015-07-30 9:31 ` Vladimir Davydov
2015-07-29 15:55 ` Andres Lagar-Cavilla
2015-07-29 16:37 ` Vladimir Davydov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5jLPT-2c_H3kjCzbVgRKQO0xMskVd7JcAMmWZSmFgzZ4ng@mail.gmail.com \
--to=keescook@chromium.org \
--cc=akpm@linux-foundation.org \
--cc=andreslc@google.com \
--cc=cgroups@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=gorcunov@openvz.org \
--cc=gthelen@google.com \
--cc=hannes@cmpxchg.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.cz \
--cc=minchan@kernel.org \
--cc=raghavendra.kt@linux.vnet.ibm.com \
--cc=rientjes@google.com \
--cc=vdavydov@parallels.com \
--cc=walken@google.com \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox