From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 92FC4C25B06
	for <linux-mm@archiver.kernel.org>; Thu,  4 Aug 2022 17:46:32 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id EFBA66B0072; Thu,  4 Aug 2022 13:46:31 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id EAB156B0073; Thu,  4 Aug 2022 13:46:31 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id D4AF78E0001; Thu,  4 Aug 2022 13:46:31 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id C2C0C6B0072
	for <linux-mm@kvack.org>; Thu,  4 Aug 2022 13:46:31 -0400 (EDT)
Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 9BCA9160E63
	for <linux-mm@kvack.org>; Thu,  4 Aug 2022 17:46:31 +0000 (UTC)
X-FDA: 79762639782.28.132E5B4
Received: from mail-pg1-f175.google.com (mail-pg1-f175.google.com [209.85.215.175])
	by imf29.hostedemail.com (Postfix) with ESMTP id 2C1FC120122
	for <linux-mm@kvack.org>; Thu,  4 Aug 2022 17:46:19 +0000 (UTC)
Received: by mail-pg1-f175.google.com with SMTP id 12so536561pga.1
        for <linux-mm@kvack.org>; Thu, 04 Aug 2022 10:46:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=5PGSzs/RHLl4IHT0dS6eKTXoAtufKMWNCxKjyskNDOc=;
        b=OPwaMWyyNWcKS4pX4rm7X/nACsfm6WSTCGj0Nql2nxvhJjSAENVYUJSVSx/ZWKcWDC
         fPzlypiDbpIfbx2aOR0Kpkk91qu7Zs0gie84iH7ewzB4wbYOFhq4uvxD8p3Xi+pL4J9/
         3HHMOTdNMEW9oK/nCFvD3RYuldtMyO/2BLrMuy4dcSMLOu3bCN9zupX0n9yFrJpwdh0f
         6SeX1ncImbKJdqC6DXEcAGqLIdRoxxoIRbfaP6dtBCzy2z7VDFs5JMzymnC2Y/30WWZW
         87saak1BeKIT5T17tlgCae/cJy6HD2RCEgYY6lrd3k9OSJGMVeL8p56lqYA+6DmqoLlu
         R/uA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=5PGSzs/RHLl4IHT0dS6eKTXoAtufKMWNCxKjyskNDOc=;
        b=w/2kOnZsf4n3fQQ3VhmOGtp2vnjeQB4XVhUadaCzAT8XIQrxRQBlffpvKLBbBzGSJY
         nv53MPSJsxwS2qc+vBYeywOJRePCbm7oc9PDw37VCCzJpHHBv95frBtKH2LI4Sy9NNWE
         yEYJC1H4O5C+y0nnibA4ERvoXA1OEXzHuagWkXz2XD6FNaMkqgAroaZfmYs3osky22vO
         Wqgk0Cw9iAfMng63XeGH5s5kKxZe/at8DAAZ1ajSCp9haOVfMjvWJld2YVmPpns7b8Vy
         bdx7fFirzMBgDrU2CzbOZISJPnkGBSIKDyeMjiMlfK448mh9phKLWPvSmFQB7rx0XMa2
         4JgQ==
X-Gm-Message-State: ACgBeo14Ox9by9ebkn04xXRrKd6GNqhViyjiCjdNjKbDgna+teLZYBhB
	xMDqQC62FremX7AUh9f+eLPe7yHGC6gJmxaXlXQ=
X-Google-Smtp-Source: AA6agR4Un5RgIDZjtzNT/XPhuLLmf6rW51HWiK0MwSPytih+XN8Xi+k9yuWmBVramGhSHwIeOdMik6oHG6uuGsx2qdI=
X-Received: by 2002:a65:5503:0:b0:41b:bbdc:9a5d with SMTP id
 f3-20020a655503000000b0041bbbdc9a5dmr2418981pgr.587.1659635179149; Thu, 04
 Aug 2022 10:46:19 -0700 (PDT)
MIME-Version: 1.0
References: <20220801210946.3069083-1-zokeefe@google.com> <YujpzGKImMQsn8SM@dhcp22.suse.cz>
 <CAAa6QmS=VbsdvHgvFQCceV+pYHwSSj1pjhX3_voz12T4rJ-EBQ@mail.gmail.com>
 <YukSvpPRuus2bHOu@dhcp22.suse.cz> <CAAa6QmS2aAtJyWPFi1to99o=vHWFmiQRW72+3HdZ-4qGk2FT5Q@mail.gmail.com>
In-Reply-To: <CAAa6QmS2aAtJyWPFi1to99o=vHWFmiQRW72+3HdZ-4qGk2FT5Q@mail.gmail.com>
From: Yang Shi <shy828301@gmail.com>
Date: Thu, 4 Aug 2022 10:46:06 -0700
Message-ID: <CAHbLzkqiWsmwO4Q6nKQ3yoLSWvuoFiTmDCqFMHzN1bqD1xs-aQ@mail.gmail.com>
Subject: Re: [PATCH mm-unstable] mm/madvise: remove CAP_SYS_ADMIN requirement
 for process_madvise(MADV_COLLAPSE)
To: "Zach O'Keefe" <zokeefe@google.com>
Cc: Michal Hocko <mhocko@suse.com>, linux-mm@kvack.org, 
	Andrew Morton <akpm@linux-foundation.org>, linux-api@vger.kernel.org, 
	linux-kernel@vger.kernel.org, Axel Rasmussen <axelrasmussen@google.com>, 
	James Houghton <jthoughton@google.com>, Hugh Dickins <hughd@google.com>, 
	Miaohe Lin <linmiaohe@huawei.com>, David Hildenbrand <david@redhat.com>, 
	David Rientjes <rientjes@google.com>, Matthew Wilcox <willy@infradead.org>, 
	Pasha Tatashin <pasha.tatashin@soleen.com>, Peter Xu <peterx@redhat.com>, 
	Rongwei Wang <rongwei.wang@linux.alibaba.com>, SeongJae Park <sj@kernel.org>, 
	Song Liu <songliubraving@fb.com>, Vlastimil Babka <vbabka@suse.cz>, Zi Yan <ziy@nvidia.com>, 
	Andrea Arcangeli <aarcange@redhat.com>, Arnd Bergmann <arnd@arndb.de>, 
	Chris Kennelly <ckennelly@google.com>, Chris Zankel <chris@zankel.net>, Helge Deller <deller@gmx.de>, 
	Ivan Kokshaysky <ink@jurassic.park.msu.ru>, 
	"James E.J. Bottomley" <James.Bottomley@hansenpartnership.com>, Jens Axboe <axboe@kernel.dk>, 
	"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>, Matt Turner <mattst88@gmail.com>, 
	Max Filippov <jcmvbkbc@gmail.com>, Minchan Kim <minchan@kernel.org>, 
	Patrick Xia <patrickx@google.com>, Pavel Begunkov <asml.silence@gmail.com>, 
	Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Content-Type: text/plain; charset="UTF-8"
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1659635187; a=rsa-sha256;
	cv=none;
	b=5VcWlmpxP0IIxrzJ90oZIfkkFgX0+cCueaQqj6h3HWIYR8b/ur/lMkD9kCbpN8IPotDUzK
	Cy1r4pjknCa8XggPHZCdSTa0vS6vg60CkABmg9UW7NJ/FrnRVFawOnGdYb1OF8tXMcZrQD
	0aDJ9fbzrCNkgGqoym980nAMIT66K7U=
ARC-Authentication-Results: i=1;
	imf29.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=OPwaMWyy;
	spf=pass (imf29.hostedemail.com: domain of shy828301@gmail.com designates 209.85.215.175 as permitted sender) smtp.mailfrom=shy828301@gmail.com;
	dmarc=temperror reason="query timed out" header.from=gmail.com (policy=temperror)
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1659635187;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=5PGSzs/RHLl4IHT0dS6eKTXoAtufKMWNCxKjyskNDOc=;
	b=LVuyCUJ71S+LftP/cs6diMj83xADszTM1ixvRGkj2EpB0DbidgjR3bnq5hFzSdrDrwkyD9
	f/l3R15NMrjTuVgDUEJZbA6eKmUnbnj+SHaGyHxVM5J3VnBNPqjXcsupXDWqe0ojJNyqkQ
	mtDfOF6AMCfsYSN+9/KruB7ZbVBWYIs=
X-Stat-Signature: zhohmqpzsq8n53f53qtu1ucabghjtptz
X-Rspamd-Queue-Id: 2C1FC120122
Authentication-Results: imf29.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=OPwaMWyy;
	spf=pass (imf29.hostedemail.com: domain of shy828301@gmail.com designates 209.85.215.175 as permitted sender) smtp.mailfrom=shy828301@gmail.com;
	dmarc=temperror reason="query timed out" header.from=gmail.com (policy=temperror)
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-HE-Tag: 1659635179-998636
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000341, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Tue, Aug 2, 2022 at 12:43 PM Zach O'Keefe <zokeefe@google.com> wrote:
>
> On Tue, Aug 2, 2022 at 5:04 AM Michal Hocko <mhocko@suse.com> wrote:
> >
> > On Tue 02-08-22 02:48:33, Zach O'Keefe wrote:
> > [...]
> > > "mm/madvise: add MADV_COLLAPSE to process_madvise()" in the v7 series
> > > ended with me mentioning a couple options, but ultimately I didn't
> > > present a solution, and no consensus was reached[1]. After taking a
> > > closer look, this is my proposal for what I believe to be the best
> > > path forward. It should be squashed into the original patch. What do you think?
> >
> > If it is agreed that the CAP_SYS_ADMIN is too strict of a requirement
> > then yes, this should be squashed into the original patch. There is no
> > real reason to create a potential bisection headache by changing the
> > permission model in a later patch.
>
> Sorry about the confusion here. Assumed (incorrectly) that Andrew
> would kindly squash this in mm-unstable since I added the Fixes: tag.
> Next time I'll add some explicit verbiage saying it should be
> squashed.
>
> > From my POV, I would agree that CAP_SYS_ADMIN is just too strict of a
> > requirement.
> >
> > I didn't really have time to follow recent discussions but I would argue
> > that the operation is not really destructive or seriously harmful. All
> > applications can already have their memory (almost) equally THP
> > collapsed by khupaged with the proposed process_madvise semantic.
> >
> > NOHUGEMEM and prctl opt out from THP are both honored AFAIU and the only
> > difference is the global THP killswitch behavior which I do not think
> > warrants the strongest CAP_SYS_ADMIN capability (especially because it
> > doesn't really control all kinds of THPs).
>
> Ya. In fact, I don't think the ignoring the THP sysfs controls
> warrants any additional capability (set alone CAPS_SYS_ADMIN), since a
> malicious program can't really inflict any more damage than they would
> with CAP_SYS_NICE and PTRACE_MODE_READ.
>
> > If there is a userspace agent collapsing memory and causing problems
> > then it can be easily fixed in the userspace. And I find that easier
> > to do than putting the bar so high that userspace agents would be
> > unfeasible because of CAP_SYS_ADMIN (which is nono in many cases as it
> > would allow essentially full control of other stuff). So from practical
> > POV, risking an extended RSS is really a negligible risk to lose a
> > potentially useful feature for all others.
> >
>
> Agreed.

+1

>
> Thanks for taking the time, Michal!
> Zach
>
>
> > Just my 2c
> >
> > > Thanks again,
> > > Zach
> > >
> > > [1] https://lore.kernel.org/linux-mm/Ys4aTRqWIbjNs1mI@google.com/
> >
> > --
> > Michal Hocko
> > SUSE Labs