From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1EF5FC00140 for ; Tue, 2 Aug 2022 12:04:18 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9CEB58E0001; Tue, 2 Aug 2022 08:04:17 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9574E6B0072; Tue, 2 Aug 2022 08:04:17 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 7D1A08E0001; Tue, 2 Aug 2022 08:04:17 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 6C6766B0071 for ; Tue, 2 Aug 2022 08:04:17 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 3EB64A12B8 for ; Tue, 2 Aug 2022 12:04:17 +0000 (UTC) X-FDA: 79754519754.24.ACB809A Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by imf06.hostedemail.com (Postfix) with ESMTP id A7ACD180100 for ; Tue, 2 Aug 2022 12:04:16 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 279431F936; Tue, 2 Aug 2022 12:04:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=susede1; t=1659441855; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=yNCOVJvTvXYjkbinC2wpPiVJJz4uAY9LW/GyhexozMg=; b=Y/f4ThdH9BA3tZ6Mfyjhq2ZRwzYGOqQn6/SVYc6F8K9jwumW860ltxLGH9ZEdggr4RJgG8 qz88X9PpFtY85Nurju+9YH5zwoG6AKodu7DB1m8/wPvzc14p5eSmoX1H0n3UipW33jaIgb Rk2hmRcA9zN84E8AM/lNtlb70xzFAWI= Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id F2D7E13A8E; Tue, 2 Aug 2022 12:04:14 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id +04/O74S6WKhNQAAMHmgww (envelope-from ); Tue, 02 Aug 2022 12:04:14 +0000 Date: Tue, 2 Aug 2022 14:04:14 +0200 From: Michal Hocko To: Zach O'Keefe Cc: linux-mm@kvack.org, Andrew Morton , linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, Axel Rasmussen , James Houghton , Hugh Dickins , Yang Shi , Miaohe Lin , David Hildenbrand , David Rientjes , Matthew Wilcox , Pasha Tatashin , Peter Xu , Rongwei Wang , SeongJae Park , Song Liu , Vlastimil Babka , Zi Yan , Andrea Arcangeli , Arnd Bergmann , Chris Kennelly , Chris Zankel , Helge Deller , Ivan Kokshaysky , "James E.J. Bottomley" , Jens Axboe , "Kirill A. Shutemov" , Matt Turner , Max Filippov , Minchan Kim , Patrick Xia , Pavel Begunkov , Thomas Bogendoerfer Subject: Re: [PATCH mm-unstable] mm/madvise: remove CAP_SYS_ADMIN requirement for process_madvise(MADV_COLLAPSE) Message-ID: References: <20220801210946.3069083-1-zokeefe@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1659441856; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=yNCOVJvTvXYjkbinC2wpPiVJJz4uAY9LW/GyhexozMg=; b=cxswoO54/mEivdGpKrh0FXEmASmzgoJ8eWUMQvThxqxYFQVFofGwjArIroPRRjESpLpYDY o9Me28qk6pQuk33CKrsyHArascCYycDwgYHmCtLD2FfgzorGrh/H/LBQKsqozHCjHD49cK hm9frlNXJP+/8KZToGnL6B9ZHak3ark= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=suse.com header.s=susede1 header.b="Y/f4ThdH"; spf=pass (imf06.hostedemail.com: domain of mhocko@suse.com designates 195.135.220.29 as permitted sender) smtp.mailfrom=mhocko@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1659441856; a=rsa-sha256; cv=none; b=NgYLcYdkPvGwOMr/x3xYgw6g+s6lw9zQACFyS4JE+2WdR38bmAPSeINYUs2ijLFAgEGrrX AYcwGreGcf1t1AE18z7rm5wIGZBbDLgaRcaOUSKRgfBGfGQ9j0Dn2T2rP6po7Pn7HtbBea qicAodYSSzl+tF6bU3kCv9HYUkAmE+s= Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=suse.com header.s=susede1 header.b="Y/f4ThdH"; spf=pass (imf06.hostedemail.com: domain of mhocko@suse.com designates 195.135.220.29 as permitted sender) smtp.mailfrom=mhocko@suse.com; dmarc=pass (policy=quarantine) header.from=suse.com X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: A7ACD180100 X-Stat-Signature: thb5mue7i9okw5u5uxmhzqk9wz14ityn X-HE-Tag: 1659441856-363277 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Tue 02-08-22 02:48:33, Zach O'Keefe wrote: [...] > "mm/madvise: add MADV_COLLAPSE to process_madvise()" in the v7 series > ended with me mentioning a couple options, but ultimately I didn't > present a solution, and no consensus was reached[1]. After taking a > closer look, this is my proposal for what I believe to be the best > path forward. It should be squashed into the original patch. What do you think? If it is agreed that the CAP_SYS_ADMIN is too strict of a requirement then yes, this should be squashed into the original patch. There is no real reason to create a potential bisection headache by changing the permission model in a later patch. >From my POV, I would agree that CAP_SYS_ADMIN is just too strict of a requirement. I didn't really have time to follow recent discussions but I would argue that the operation is not really destructive or seriously harmful. All applications can already have their memory (almost) equally THP collapsed by khupaged with the proposed process_madvise semantic. NOHUGEMEM and prctl opt out from THP are both honored AFAIU and the only difference is the global THP killswitch behavior which I do not think warrants the strongest CAP_SYS_ADMIN capability (especially because it doesn't really control all kinds of THPs). If there is a userspace agent collapsing memory and causing problems then it can be easily fixed in the userspace. And I find that easier to do than putting the bar so high that userspace agents would be unfeasible because of CAP_SYS_ADMIN (which is nono in many cases as it would allow essentially full control of other stuff). So from practical POV, risking an extended RSS is really a negligible risk to lose a potentially useful feature for all others. Just my 2c > Thanks again, > Zach > > [1] https://lore.kernel.org/linux-mm/Ys4aTRqWIbjNs1mI@google.com/ -- Michal Hocko SUSE Labs