From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 80431C25B4E for ; Tue, 24 Jan 2023 17:49:28 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0AE746B0072; Tue, 24 Jan 2023 12:49:28 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 05E7C6B0073; Tue, 24 Jan 2023 12:49:28 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E68486B0074; Tue, 24 Jan 2023 12:49:27 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id D6DC86B0072 for ; Tue, 24 Jan 2023 12:49:27 -0500 (EST) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id 8D5DB140A1E for ; Tue, 24 Jan 2023 17:49:27 +0000 (UTC) X-FDA: 80390429574.20.A210536 Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) by imf10.hostedemail.com (Postfix) with ESMTP id 1A64BC000B for ; Tue, 24 Jan 2023 17:49:23 +0000 (UTC) Authentication-Results: imf10.hostedemail.com; dkim=pass header.d=devkernel.io header.s=fm1 header.b=qZLbKJY5; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=PbjZfprj; spf=pass (imf10.hostedemail.com: domain of shr@devkernel.io designates 64.147.123.25 as permitted sender) smtp.mailfrom=shr@devkernel.io; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1674582564; a=rsa-sha256; cv=none; b=cizwPSqVbUaWVdrEfXcaDpDMD0ctpMyh4uzZ5UxE2Vw691O7nUi+7kXYYouEZG2xiWopqe VdppZIUEA8GYjGhyEcT3LxJ8KaEydTfwTz5PCGb2RpGqS1AQGBu7Khuzn/UHiSXBY/jk4z zTWCwXrbQnxPJbyWQcSXI4nQoNLQKlk= ARC-Authentication-Results: i=1; imf10.hostedemail.com; dkim=pass header.d=devkernel.io header.s=fm1 header.b=qZLbKJY5; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=PbjZfprj; spf=pass (imf10.hostedemail.com: domain of shr@devkernel.io designates 64.147.123.25 as permitted sender) smtp.mailfrom=shr@devkernel.io; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1674582564; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=TiAYhPCl6qNczcRfD1WrZ3PWj1k4oktdgxFxtN95dnU=; b=IExwI3X4HiaDdKWD3QbMPhO8E+VYVtdkHSWI8O1r19enyKJrH1e1k93HT5d6XC+nvgCQNZ euVTTO1hWauEDa3ofn9y11crjpU2jF+zrKcQobHKP+uPV+mMvDJoj1/PU/uEv3WvwT+qrC sZi/utYotfLh7ZtneMdTOavjGZB69+I= Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 606D7320099F; Tue, 24 Jan 2023 12:49:21 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 24 Jan 2023 12:49:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=devkernel.io; h= cc:cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1674582560; x=1674668960; bh=TiAYhPCl6q NczcRfD1WrZ3PWj1k4oktdgxFxtN95dnU=; b=qZLbKJY5rDjyOtK1FNm8R4Fj57 V3fKol44bNw8vQU4lWZq8gHjeyA97xkCLFNivRLk9oUAffvedCNLJJzwRsbijZsJ oO920iWMTlA6g2Kjek1K2vBEqKYoR/xlTXCTVf2+q29h/Em1GeDeRy5qd5ErmInG SPa3wYa35HecBTnaP9CjTYA6ThgqIV7HerGIwfRuAayk5MCA9M8XXHHJ5zI70NEF HTi4pn2XSlDIT9iATdGwNkGdD2pkrfN8JDy0uq0np0NyY6dRAUirBlgl8hmE8Ejw +nKx385ive0/obXdxOby+8jyKwTj8Im+udbbc+B1GrNHzfuhWGkyHuOZ6sAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1674582560; x=1674668960; bh=TiAYhPCl6qNczcRfD1WrZ3PWj1k4 oktdgxFxtN95dnU=; b=PbjZfprjNETCkGCacq3BVexyZqsNXtT6+90L1ZGvzxyG 4bQqaJnYmCZViLnix24fmr+raoMK6NX8/8Chqvx0b/K1qBNHYJNAS69n4E2Zm7zh Uy8sl0YLYP4/Xy9dqFI+g8OfOl53Y5dWR2IfVl5zG5yIvzYO4UV2NSTiLumbjzPU NikTLWXKviuctxEXSF5fnko9XgmOio9zhR+LAGFEiYm6knUc72WZht8V8/Yf7WJw xAUTvzBYXa6fznBDgzoTGy6Ve0ZMFTcXWbXubwkuNTSaybAX2ij3HV/Wzc0FrniG bBAjjsJy/NP1ovT+u4H3W0+xz04+2g+iPvsfWB4lTg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedruddvtddguddtudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpehffgfhvfevufffjgfkgggtsehttdertddtredtnecuhfhrohhmpefuthgv fhgrnhcutfhovghstghhuceoshhhrhesuggvvhhkvghrnhgvlhdrihhoqeenucggtffrrg htthgvrhhnpefhgfejveduudehvdduvefguddvffefgffhieeuudefudfhhfeijeefjeff heelvdenucffohhmrghinhepkhgvrhhnvghlrdhorhhgnecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomhepshhhrhesuggvvhhkvghrnhgvlhdrihho X-ME-Proxy: Feedback-ID: i84614614:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 24 Jan 2023 12:49:19 -0500 (EST) References: <20230123173748.1734238-1-shr@devkernel.io> <5844ee9f-1992-a62a-2141-3b694a1e1915@redhat.com> User-agent: mu4e 1.6.11; emacs 28.2.50 From: Stefan Roesch To: David Hildenbrand Cc: linux-mm@kvack.org, linux-doc@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-trace-kernel@vger.kernel.org, CGEL , Michal Hocko , Jann Horn Subject: Re: [RESEND RFC PATCH v1 00/20] mm: process/cgroup ksm support Date: Tue, 24 Jan 2023 09:37:33 -0800 In-reply-to: <5844ee9f-1992-a62a-2141-3b694a1e1915@redhat.com> Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-Rspam-User: X-Rspamd-Queue-Id: 1A64BC000B X-Rspamd-Server: rspam01 X-Stat-Signature: dytrmp55ubjbjp4arn3anty8qx6jag9p X-HE-Tag: 1674582563-712694 X-HE-Meta: U2FsdGVkX1/FZCFUTCN+eXtQ2TwCxVzLOD0UkGnBVWL4cQcT234GqbX5sByoX/svvLKxDOOUBvh5hJy8h6+Qt8n4dlwAJRlEFUKKINFt+TZXGLni12tnrJeSG0Cop5DWHR6wpOJ143ZysK9mu7RjFzUd8LgKX7sgIg6RomqU2F/vMuSoxLjxmX/ohlOosCvXj/ubcFYoCI3lCIckInpVcuNFu7UZbWIiAs5qwVvfYn+Ra/PugwJFcliE3LxH9ZH8c3eB8QD4W+KlF1MHh17s/Ip0gr06wzsEoT9zogMamh1cTO2ku2omf2kSjv0iED266Kp8qALF0HLnA85Joy6oqpw8euWLnuK9pbtHP94N0HvgKBbNbXMbYQCuU1o2BBI9vEZGw4Ta2544ar3yeLaqJQvcjO94eWqYBkI66Y18wIPJsvaiSr+vHaMKhi5lmlG4gaurte/u547MED4VgnZXobvscor8VeyqIMiwNhvcmOtoJ/kfZrkiKQu9de/u3XKtnCwkWCbupbhlLmN+W4FtQAfSwnRKEyTGC4cWeojrBNMtoOFSvofUtj6p7YUa7HE2Hd3EMIBrCgBW5eBL0GAkKhQTHczP6tqqkg2Vf7b9Mthl1+GT+uOMUSczC0c7nVsBZqMH1tkr+oGhcqs8e+Osvhb8wdal0gEcWNTB1CYYHjfqzioMOvjgYmeppprFFanSZZT1hRRH6UyYKXZb8nVFbBIMVm/g2g1kgJZYlzjw7vRCKZpgMdaRxJeOlfcDltx8nQnmmkLY0IcgD+AwqpWK2m50I0//ssaKvuRPj6NsKXLwJGBPdHGa+LU/9CbpYkUZG3e/TEtNm527jyzPHCtXb+7RCQBCxYqzbpCuN14F7YS1YiNqxp//8jhtlmy9xQZgFTWoZB02nbTFQSkFMwpBXabsRdTiC8FV2vww67WjssUCUqL/HOBUFYg3dTJenwThTZ2ZQj5ZvuoWfLgGVKj 4G0yZTwD XDhJVDqImEGYsACoqh23Rq+1jmci6cpb9P4dzE77SMAV/58npBPcoCI8aPTlFmS7xBY/JcXjbzIjVQ2bDsEgdLXN+SZx7rKFJenNfN1Qodj7yVTUjc4PC88nPQR6kHz4CAvDtKiSfHD5zbu0HrUdRdsX4nuVW2uzYkZm8nwNJkD325QTmrwhjiCOakRID+No/Vt7hj2PFdPJUX+IwvF8EPVN8re/uoxiFNNYjIeYF39paNpmgSDEGWJsEeJAZ5erwu7uquTaSgS23QejqINtxaDtsP4fCA9PXIvuWBz2+T3YSZOdKF0ti/xwuyaoeqTbwW9PzsZQDQqZ7DieuLndPcoq2fYeXqTP20bW9 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: David Hildenbrand writes: > On 23.01.23 18:37, Stefan Roesch wrote: >> So far KSM can only be enabled by calling madvise for memory regions. What is >> required to enable KSM for more workloads is to enable / disable it at the >> process / cgroup level. > > Did you stumble over the proposals from last year to enable this per-process [1] > and system-wide [2]? I remember there was also regarding enabling it > system-wide. > I saw the earlier proposals. Enabling it at the system level doesn't seem to be the right choice. You generally want to enable it at a more fine-grained level. Therefore this enables it at the process level with prctl. > I'm going to point out the security aspect, and that e.g., Windows used to > enable it system-wide before getting taught by security experts otherwise. > Details on KSM and security aspects can be found in that thread. > If I'm not mistaken the security aspect exists today. When KSM is enabled with madvise this is the same. > Long story short: one has to be very careful with that and only enable it for > very carefully selected worklads. Letting a workload opt-in on a VMA level is > most probably safer than an admin blindly turning this on for random processes > ... > Thats why this is enabled with prctl. Its a deliberate choice to enable it for a process. > Last attempts got nacked ... > > [1] https://lore.kernel.org/all/20220517092701.1662641-1-xu.xin16@zte.com.cn/ > [2] https://lore.kernel.org/all/20220609055658.703472-1-xu.xin16@zte.com.cn/ > My understanding is that there were problems with the patch and how it exposed KSM. The other objection was the enable-all configuration option. >> 1. New options for prctl system command >> This patch series adds two new options to the prctl system call. The first >> one allows to enable KSM at the process level and the second one to query the >> setting. >> The setting will be inherited by child processes. >> With the above setting, KSM can be enabled for the seed process of a cgroup >> and all processes in the cgroup will inherit the setting. >> 2. Changes to KSM processing >> When KSM is enabled at the process level, the KSM code will iterate over all >> the VMA's and enable KSM for the eligible VMA's. >> When forking a process that has KSM enabled, the setting will be inherited by >> the new child process. >> In addition when KSM is disabled for a process, KSM will be disabled for the >> VMA's where KSM has been enabled. >> 3. Add tracepoints to KSM >> Currently KSM has no tracepoints. This adds tracepoints to the key KSM functions >> to make it easier to debug KSM. >> 4. Add general_profit metric >> The general_profit metric of KSM is specified in the documentation, but not >> calculated. This adds the general profit metric to /sys/kernel/debug/mm/ksm. >> 5. Add more metrics to ksm_stat >> This adds the process profit and ksm type metric to /proc//ksm_stat. >> 6. Add more tests to ksm_tests >> This adds an option to specify the merge type to the ksm_tests. This allows to >> test madvise and prctl KSM. It also adds a new option to query if prctl KSM has >> been enabled. It adds a fork test to verify that the KSM process setting is >> inherited by client processes. >> Stefan Roesch (20): >> mm: add new flag to enable ksm per process >> mm: add flag to __ksm_enter >> mm: add flag to __ksm_exit call >> mm: invoke madvise for all vmas in scan_get_next_rmap_item >> mm: support disabling of ksm for a process >> mm: add new prctl option to get and set ksm for a process >> mm: add tracepoints to ksm >> mm: split off pages_volatile function >> mm: expose general_profit metric >> docs: document general_profit sysfs knob >> mm: calculate ksm process profit metric >> mm: add ksm_merge_type() function >> mm: expose ksm process profit metric in ksm_stat >> mm: expose ksm merge type in ksm_stat >> docs: document new procfs ksm knobs >> tools: add new prctl flags to prctl in tools dir >> selftests/vm: add KSM prctl merge test >> selftests/vm: add KSM get merge type test >> selftests/vm: add KSM fork test >> selftests/vm: add two functions for debugging merge outcome >> Documentation/ABI/testing/sysfs-kernel-mm-ksm | 8 + >> Documentation/admin-guide/mm/ksm.rst | 8 +- >> MAINTAINERS | 1 + >> fs/proc/base.c | 5 + >> include/linux/ksm.h | 19 +- >> include/linux/sched/coredump.h | 1 + >> include/trace/events/ksm.h | 257 ++++++++++++++++++ >> include/uapi/linux/prctl.h | 2 + >> kernel/sys.c | 29 ++ >> mm/ksm.c | 134 ++++++++- >> tools/include/uapi/linux/prctl.h | 2 + >> tools/testing/selftests/vm/Makefile | 3 +- >> tools/testing/selftests/vm/ksm_tests.c | 254 ++++++++++++++--- >> 13 files changed, 665 insertions(+), 58 deletions(-) >> create mode 100644 include/trace/events/ksm.h >> base-commit: c1649ec55708ae42091a2f1bca1ab49ecd722d55