From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91737C678D5 for ; Wed, 8 Mar 2023 17:01:39 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 06B7D6B007B; Wed, 8 Mar 2023 12:01:39 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id F37216B007D; Wed, 8 Mar 2023 12:01:38 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DB0CD6B007E; Wed, 8 Mar 2023 12:01:38 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id C60E96B007B for ; Wed, 8 Mar 2023 12:01:38 -0500 (EST) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 504CEAB69D for ; Wed, 8 Mar 2023 17:01:38 +0000 (UTC) X-FDA: 80546347476.04.49CC60B Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by imf06.hostedemail.com (Postfix) with ESMTP id 4E8D718004B for ; Wed, 8 Mar 2023 17:01:29 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=AkoXZe8r; spf=pass (imf06.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1678294895; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=isJ7kUg6w2yotKIMM4vEPM6+nhroD6rmF07E2tGh5Po=; b=lGFFBRkPnUOf10+YVRHXAwAKls5yzZ2nBid4ApKGw5xgnRsN5Hwe3rcpPKV8WFG0KNpvc8 9j3K97OP0sYwzDfLlHyNXwDJnF36Ihk6ND2/eCwJ37XyLD+sDgDpbPVMfAdyKdP+nkqWR0 7YpHaAinUKCjEPWte+DyKmIqV+pM2vo= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=AkoXZe8r; spf=pass (imf06.hostedemail.com: domain of david@redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=david@redhat.com; dmarc=pass (policy=none) header.from=redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678294895; a=rsa-sha256; cv=none; b=bNUTnap+CfCdScBraMIvMMYZUMjoLHpU+whwlGqKqsDt3PxmF/z2WNjbVnQwhjl72H2R1B 0Kd50sucT5qtjTmpIGj1FC3vx1oVInif3XLjsyGjY5YD9ERI59txjd2PKJbu/zt8ak+KgF njLpzpzXOIawaMQV+oP3e9yQ7vHRhms= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1678294889; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=isJ7kUg6w2yotKIMM4vEPM6+nhroD6rmF07E2tGh5Po=; b=AkoXZe8rtKniMI9f4iXM87fQi65EuLes+ObzosDFFMPzS+YHuNLtlPixliY7iq8cipTfsV xmG47O9GlyGYVgKJTrQhj/jTuD3XAg2Vh4u1+Pzbz6luxM9zz2scrGJyX/odjTmOYbvyuH Jewcc/ncA10qFZSToOp/Qar7deT+VEQ= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-441-HanwI7B2OYmFpvSHk8ju7Q-1; Wed, 08 Mar 2023 12:01:19 -0500 X-MC-Unique: HanwI7B2OYmFpvSHk8ju7Q-1 Received: by mail-wm1-f72.google.com with SMTP id e22-20020a05600c219600b003e000facbb1so1172902wme.9 for ; Wed, 08 Mar 2023 09:01:18 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678294877; h=content-transfer-encoding:in-reply-to:subject:organization:from :references:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=isJ7kUg6w2yotKIMM4vEPM6+nhroD6rmF07E2tGh5Po=; b=d6Jqt6Vho7j2Q4Y4Zu/utQijH38xmZYJBdTVDEzBlZkueBzuxe0L5MYcVT8ARX5zgq 2nty5LZQA6iljEdAoGSUVxwk/5q/BzX+kCcpSmyRkbWd+InAK8Zs8BC/Bv2DI91hZxVN /IFcGq9LRGXmtXETdIkZ66f3Lggax9Svt4J07Y36AvARTDWoKzATIWz1NlLwmhHACPX3 HSpyNq4R0s9vT41Tx1clS6Z7Op+pjcqqP5Guj48slljG3KcQeZEZX/S9Urkk2jihQ9XQ BOKOuaeu7Qi+79HDIm9V72u+cF/PlfsaJsIJqT4DLpqHNzWCD3I80b3F4GmRrPpLC5UH YN3w== X-Gm-Message-State: AO0yUKWBZ8CMtE5xKhnfqxdE2aGgmM8QPpBNErp8Vn/SkFSJi7bmhUlP amCJrePVCOrQJlLUvOmJVwKltDLn3Spcq7mMjkTmtMNeRR1/Ltnp2z406AyLDqft4nRaJIOsBLK VenWThaoHf+o= X-Received: by 2002:a05:600c:35c8:b0:3eb:3692:6450 with SMTP id r8-20020a05600c35c800b003eb36926450mr18162698wmq.18.1678294877300; Wed, 08 Mar 2023 09:01:17 -0800 (PST) X-Google-Smtp-Source: AK7set8/yxEmiy9IGiBlKJbCq89vZIGh2thlx0KZIAaYSbrcDYcQtulnML6PDyUCnLtd4DvoqVzIbA== X-Received: by 2002:a05:600c:35c8:b0:3eb:3692:6450 with SMTP id r8-20020a05600c35c800b003eb36926450mr18162656wmq.18.1678294876944; Wed, 08 Mar 2023 09:01:16 -0800 (PST) Received: from ?IPV6:2003:cb:c71b:cb00:d372:1da8:9e9e:422d? (p200300cbc71bcb00d3721da89e9e422d.dip0.t-ipconnect.de. [2003:cb:c71b:cb00:d372:1da8:9e9e:422d]) by smtp.gmail.com with ESMTPSA id j39-20020a05600c48a700b003e21638c0edsm15915707wmp.45.2023.03.08.09.01.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 08 Mar 2023 09:01:16 -0800 (PST) Message-ID: Date: Wed, 8 Mar 2023 18:01:14 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 To: Stefan Roesch , kernel-team@fb.com Cc: linux-mm@kvack.org, riel@surriel.com, mhocko@suse.com, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org, akpm@linux-foundation.org, hannes@cmpxchg.org References: <20230224044000.3084046-1-shr@devkernel.io> From: David Hildenbrand Organization: Red Hat Subject: Re: [PATCH v3 0/3] mm: process/cgroup ksm support In-Reply-To: <20230224044000.3084046-1-shr@devkernel.io> X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4E8D718004B X-Stat-Signature: wtiafnxf9mc157yhi1yjdtoq8hmcejsp X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1678294889-355561 X-HE-Meta: U2FsdGVkX18/l6m6nJVs3HWZxAPSj4lgOAC44HzBBbmC30vtn2rb3maskOvHeCE8aEdfcY1BxUnz6cHh2VD2l0Ic9/4bIWXRbMlt/4j/fUzmrzwMTCmsPZl++PrjbXJqJHBSv+/e68Y7fibNgg/apv8jlWs2IH7wb9tkaJcAqpnRB7uxpBMd09XSGmqQq2qSbYlXtG2/4EauKquLnaEzKLTgferXbs5139Sdeb5D1rmRZElUQoICoru/g+a7tBElJReV97253oj0/UusdJUVCFbVZyrEBw697x7n5Ci6ipYTU3B7pKGVT4ynb+1zEHTLLk8uCQhlvaS1RcWgCbK0MHN7BKEWeDxc2rWUltQJ98sd/3YMONElTM1Ar+Rxhud/Np9lrYHrHN4s1hWLr4WKvzvNAqDsvheied/fUlETh5mgbHT3fyHk1L1iIQV55+ob3O12Hao1Knrk/c2PPbZQ4nhx0BKPT6MQt2bgk/gtMBXviO11BbxpkxtB+SCL5SZdnfXcRP12KWdKYIPRwhVqzKDCLb+z5Z3ZMcv7b15QtZNI64hRkoJLi9Os2iOf9lGx2eLQsKW61vAyeLN4GruN4b/yMwOrTH23x8GFmym4/VnHoV7mgcUUFfy1QXExJISY4cg5nWsHFBG1PtbbIrjEz5R4QgvKQD8yULJq2uxrw2e40NmkgtJHCY4jUJ5y+N3vYId3pBqRshdgYGiCbS/N300yM/KmugCpYfAbLO8PoS4yUKRiNFWw+4n/aatC+aqKQctKndGlm+49CAhQyhB6kuAt6CBVRV4VYsBKIP5X8eHpouP8XgoU69HAfNBTktwaWigWHa484fcP1p9Lznj+IuGXZ1qVZSgb36/9i9yyWf1OSOgFqQ64KkGBT9espnYjrGgC30pfQ2VRArZ0/Fgu9GEjyzGjSxYArsTywf021Ck8JGlbNvj4FQZCBHdK1YqM4y1phAKTbynZPqTQDME Q955ITbf wGXbnM+W6UOymk811A/bgKft5IRkGJwLJl4Mk1ypw6G0DSKaUf3eZnVq5fk//69TBkQOEvxr/x6WecGAwKZ980nZcN613bZgQcSbpccaKDCMzvj3G7Aefy22SmVNpTYnkuPxTKuH6haw68TJ5WN77fseBfJqMdzX0KDQvCtAmGFVy782DuvTDhjmdxZtakgklyFTiByIapDpYmdD1i+0nU+c5pGLH3/Z50D9hkaqsXowTRRRw+hFjoRQULgRoGJqjzb3aOzmY6/PzvZMEyJ6xENQIDUlU4EkVnkOyodc8lXeBC02ieJq+L0THgwnHVGg+stnDRizAHUFNnPtkkk0f/yTwl9XyrqP7vU72wnsvqqujT5iNUUIOOH52WN3f2fWZXSn/FwZl5h+emTiuCTVctiL8Kg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: For some reason gmail thought it would be a good ideas to move this into the SPAM folder, so I only saw the recent replies just now. I'm going to have a look at this soonish. One point that popped up in the past and that I raised on the last RFC: we should think about letting processes *opt out/disable* KSM on their own. Either completely, or for selected VMAs. Reasoning is, that if you have an application that really doesn't want some memory regions to be applicable to KSM (memory de-duplication attacks? Knowing that KSM on some regions will be counter-productive) For example, remembering if MADV_UNMERGEABLE was called and not only clearing the VMA flag. So even if KSM would be force-enabled by some tooling after the process started, such regions would not get considered for KSM. It would a bit like how we handle THP. On 24.02.23 05:39, Stefan Roesch wrote: > So far KSM can only be enabled by calling madvise for memory regions. To > be able to use KSM for more workloads, KSM needs to have the ability to be > enabled / disabled at the process / cgroup level. > > Use case 1: > The madvise call is not available in the programming language. An example for > this are programs with forked workloads using a garbage collected language without > pointers. In such a language madvise cannot be made available. > > In addition the addresses of objects get moved around as they are garbage > collected. KSM sharing needs to be enabled "from the outside" for these type of > workloads. > > Use case 2: > The same interpreter can also be used for workloads where KSM brings no > benefit or even has overhead. We'd like to be able to enable KSM on a workload > by workload basis. > > Use case 3: > With the madvise call sharing opportunities are only enabled for the current > process: it is a workload-local decision. A considerable number of sharing > opportuniites may exist across multiple workloads or jobs. Only a higler level > entity like a job scheduler or container can know for certain if its running > one or more instances of a job. That job scheduler however doesn't have > the necessary internal worklaod knowledge to make targeted madvise calls. > > Security concerns: > In previous discussions security concerns have been brought up. The problem is > that an individual workload does not have the knowledge about what else is > running on a machine. Therefore it has to be very conservative in what memory > areas can be shared or not. However, if the system is dedicated to running > multiple jobs within the same security domain, its the job scheduler that has > the knowledge that sharing can be safely enabled and is even desirable. Note that there are some papers about why limiting memory deduplciation attacks to single security domains is not sufficient. Especially, the remote deduplication attacks fall into that category IIRC. -- Thanks, David / dhildenb