From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6749CC25B4E for ; Tue, 24 Jan 2023 18:01:57 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id C33296B0074; Tue, 24 Jan 2023 13:01:56 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id BBC426B0075; Tue, 24 Jan 2023 13:01:56 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A36336B0078; Tue, 24 Jan 2023 13:01:56 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 911916B0074 for ; Tue, 24 Jan 2023 13:01:56 -0500 (EST) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 5EDE41A0C32 for ; Tue, 24 Jan 2023 18:01:56 +0000 (UTC) X-FDA: 80390461032.10.F5D705A Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf01.hostedemail.com (Postfix) with ESMTP id CC3DA40027 for ; Tue, 24 Jan 2023 18:01:53 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=aaeGC+34; spf=pass (imf01.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674583314; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=m4GsIE1GSxlV0HQh0Yz88+Hk9WYYpPDJ0PT4qaQWpMU=; b=4NN34/or3ofaUSijSRWo+vUte3jqAZz+QvvS2z1L/w1sefWqwOZGjCsCY8cshsQo1YQSq+ a1k+cd+CUgGuqy5fiBJA4w/BaClf4BKedD9vHiOAiGUAXo8kHSkidzH77ouPjDTi2zYTEK VrKnt1esjNIeW9lrcCU6HiGzqr+JU+o= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=aaeGC+34; spf=pass (imf01.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674583314; a=rsa-sha256; cv=none; b=Dc89pIl1CBMTWhyRI4tKoK6GSlK0fguEFDbpqwth+IC59bWvmx4TGMmyGx28JM26MPDbt4 te2b8FWQOMepUsgj5+LqUrcVUvSCs4OxGRrct2AhALBbySDybzfUC2qGyu0Y4lK7zDjsGI 0c/JeqzdEkzWbLJCrCu7mV7a7QVgxX8= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1674583313; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=m4GsIE1GSxlV0HQh0Yz88+Hk9WYYpPDJ0PT4qaQWpMU=; b=aaeGC+34WKZWxyf2VlNhw77HUUwtOtCLH5p0H+WkUfN303ra9nLF5yEE0eIolG4j7AcRk0 IrWnbJMOzwYlLSgRIcmKWsUARTLL2QoV2cvsa2aKOHPnvD4U90MIVyzNif3yf6zS5PM56a WrKnbGEFsL3pkIdwDnOmg+z5BVU/6wM= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_128_GCM_SHA256) id us-mta-271-fbOog-EXOyK5SRabRgl10w-1; Tue, 24 Jan 2023 13:01:52 -0500 X-MC-Unique: fbOog-EXOyK5SRabRgl10w-1 Received: by mail-wm1-f70.google.com with SMTP id k34-20020a05600c1ca200b003db30c3ed63so7723101wms.2 for ; Tue, 24 Jan 2023 10:01:51 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:subject:organization:from :references:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=m4GsIE1GSxlV0HQh0Yz88+Hk9WYYpPDJ0PT4qaQWpMU=; b=16qOlZpaNnCzG1lyjx2gac1kewqim0y+ZcjBCZQhufW9aGhEaHR/BvVxHba+KQqB13 MvXk3mDj4QwBviLYPwjm5vyw2gy+6WMb5bVb4Gcnz5y+Q+jvCqxNiIX6tHxjLjd7+Q9H ou56RBlyaSyJWautlgsrwm5rYPYqG1aG4Mo+e2eg4T9Oh3mQ13b7aN5E3ABM3nuWQ2rw b+KU2LXynOqnxZBLomwYALl/g05SmSlPOmnYhgkqqHD6jb+3GZqYtPDnmjXpyUA5r/0P 3D1OnC5OQnrkl5uRS0al7UBxqNC2tEqj5ki17PX1d1SfHgXAe/QOXmBE0NSxQSCh/YN3 BPBw== X-Gm-Message-State: AO0yUKUCwCkpFYxxH9zb6zF9JxmxKmHfumy1F9O3IEMnasbelfHB+SHW UI3Jclgrd3SSRngnPC/7KUa2Pr+m7ximNTWRkPkb9P9/hgA6kjT5Nu5T037VQNEsU6iFT93AfAF GaolSP23rubk= X-Received: by 2002:a5d:4685:0:b0:2bf:ae16:98f4 with SMTP id u5-20020a5d4685000000b002bfae1698f4mr3118745wrq.30.1674583310915; Tue, 24 Jan 2023 10:01:50 -0800 (PST) X-Google-Smtp-Source: AK7set+f/wEQyb7wiJGifDkW4tcgmJixb8037hpkHxzpE8CVSRS/wpQrWTf9+ZFjZ9BMojqBqe5nlA== X-Received: by 2002:a5d:4685:0:b0:2bf:ae16:98f4 with SMTP id u5-20020a5d4685000000b002bfae1698f4mr3118719wrq.30.1674583310617; Tue, 24 Jan 2023 10:01:50 -0800 (PST) Received: from [192.168.3.108] (p5b0c62c4.dip0.t-ipconnect.de. [91.12.98.196]) by smtp.gmail.com with ESMTPSA id q6-20020adff946000000b002bdd155ca4dsm2410577wrr.48.2023.01.24.10.01.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 24 Jan 2023 10:01:49 -0800 (PST) Message-ID: Date: Tue, 24 Jan 2023 19:01:49 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 To: Stefan Roesch Cc: linux-mm@kvack.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, CGEL , Michal Hocko , Jann Horn References: <20230123173748.1734238-1-shr@devkernel.io> <5844ee9f-1992-a62a-2141-3b694a1e1915@redhat.com> From: David Hildenbrand Organization: Red Hat Subject: Re: [RESEND RFC PATCH v1 00/20] mm: process/cgroup ksm support In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: CC3DA40027 X-Stat-Signature: rito8pueoyhejreb9wcwwz41mstgidxm X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1674583313-349219 X-HE-Meta: U2FsdGVkX1/UtNHaea4s9YA9hNmQznWMM+mUbShQ5vTv2kLTaovM9jKuIlJ3Il7LrU6JjFgsI/MlWbMmNk/mqFyyyGYsP4snuE7npBXixPLX5l6FKAcsrMj0PGWJiLsPZnCMnIxTJCGAu2CO/xuyBttxAbE3F4Mfu/J4oBWmOSQg+gvaBO9Kl0CLzi4usyEc1+u8z+JNAbbMnovNjaZc5SnPDecGmUHe6AyWM5uD6wQ4D7X38KY/opozfVtnThkDADx6ZPOWV2EWkzQsEZ5vx/dHgWXrH4fJDwyTzWT2p276wVDMVHUMGMZNaGdCf4Hxa9IwJpNnh7CapQyEsj1/83PICccnGOFtzLcfr9PQWC4rbM+JMQZlm4+QBBrRyPTDR+KMxPt0O/4HazBB/Qv8SkIs9C3mmy31TD5v34BaQtzFojPU+TgsppuOpBZFZ91cNWSQl+QGTPhYZUgh/yDipraQYvy7lCbj38BFqvOagsGSH7Bq3iWYt/18m9StT6zhzIJG4o9y0SDwNOIRrPEM+gyR49Ln+wY1KbepxXq5zz+B2mSa150y//gt37M6boKtE07eMt1pndix2EXgVIsDCUS2iCtAy1B5eavZvpYqDX7EfZ8qLWCFXljds2R0MaG/5LawIzhPtfQEh8dKIUGXOQ1vGiCxeVDkZL+n9Zl067dSuyEPI56Fbwh74uutUGRuW19Krl5NV5QWVu1pNQFcMbJNIvSNr6XwcDL8/F4HTPnmMmK7O1oRRBSZSxj89lOJ6bzthE9YkVzsiT2wOBEH+XlV+wAOCNCvQ9vrbSgSAJ4HllnsKaxW9ckDNaaRZgMDnRh+uy64cdO/y/NSOKgfdOdZL7PWFJYTzcA5fsytaTOG2dyeJaOMQTnZninUxH66wPEvgHzOriRmC4zdfo4w6267BBiRIOuDI7lITS9CVh7f5BN4+fLKsF5rNVbGiotIdNSG5WIX3ejA4rcl9Jr uYmv6BXX S3+j8T8VbR7yyB3fcR1cKqoBU4w/94uLwIXLAkn5vqSGD8Z26OGTlXZDiFLfPU84RO0/qSePYcWqs4qBY0zUde0ByOuKvr7jcIio3j5Pn/H4m2WQAEMEtkPHHwe477HAHtfgXjksGoCV1KVUUtbdSmernXcilxcntpSBfBf7XdGQHPb1blgrlTjF+s/KB2R60jl1awXlLeiRxuqybwMpCqcgD1J0a8ImLQQQMd1JswM7ZWWtigwg4ak2ZqVqbO45QxpEZlWB+cUVYKwez9uzx/Fw/ttPpB/7IZ699s1jVT1HC6dkVsyk9J15FtazRorm2dflkNT1q71HyTVQXx3ruhGFw6Qmw7Vv7N2zgXjcSGvKE7B6uQEuPGPc2lweVHaMGu0VsU3HgMYAbVLMZEx+Rjk2WJedyJlotQh7lwmZ6u3mX5k8UF4Z+RyEz57MU5mjYcXpP2R3DiulVfxHt9Li2OUnyV9tToAE0phwSKxn7uxr6GTgEIPnN29xT37QX17euhHZ2VqCLhBd6sJQUDsgPXrFeJAxc4dHU8f+TK+bxFk0JTDRCki1qKcIwDYZD97BAqAt47w1l/UaTo7k7gEh4UoaaThfPbTBjLlKh X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: [...] >> I'm going to point out the security aspect, and that e.g., Windows used to >> enable it system-wide before getting taught by security experts otherwise. >> Details on KSM and security aspects can be found in that thread. >> > If I'm not mistaken the security aspect exists today. When KSM is > enabled with madvise this is the same. Yes, and we mostly only use it for virtual machines -- and to be precise, guest memory only -- where it has to be enabled explicitly on a well documented basis ... Impossible for an admin to force it on other parts of the hypervisor process that might be more security sensitive. Or on other arbitrary applications, for now. > >> Long story short: one has to be very careful with that and only enable it for >> very carefully selected worklads. Letting a workload opt-in on a VMA level is >> most probably safer than an admin blindly turning this on for random processes >> ... >> [...] >> >> [1] https://lore.kernel.org/all/20220517092701.1662641-1-xu.xin16@zte.com.cn/ >> [2] https://lore.kernel.org/all/20220609055658.703472-1-xu.xin16@zte.com.cn/ >> > My understanding is that there were problems with the patch and how it > exposed KSM. The other objection was the enable-all configuration > option. I don't remember all the discussions, but one concern was how to handle processes that deliberately want to disable it on some parts of memory. Anyhow, I cc'ed the relevant parties already. -- Thanks, David / dhildenb