From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A7DBC3064D for ; Tue, 2 Jul 2024 07:43:04 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id D486C6B008C; Tue, 2 Jul 2024 03:43:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id CF8C16B0092; Tue, 2 Jul 2024 03:43:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B99146B0095; Tue, 2 Jul 2024 03:43:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 9AB6E6B008C for ; Tue, 2 Jul 2024 03:43:03 -0400 (EDT) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 4B8CE1C36EB for ; Tue, 2 Jul 2024 07:43:03 +0000 (UTC) X-FDA: 82294021446.23.13609D8 Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by imf21.hostedemail.com (Postfix) with ESMTP id 044EA1C000C for ; Tue, 2 Jul 2024 07:42:59 +0000 (UTC) Authentication-Results: imf21.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=OshYRO+R; spf=pass (imf21.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1719906151; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=kPtnEus7seBxZWkPdRv48mAr1i9i7IOPqyDPC4f72b0=; b=nFlz3VfoCPC+YqYutFhuE5em/g4i2fxIGzy2WId1ZxPK4FOhXitLIRDAPyFP3XV/gFVgnX r9lrUphxAXfx/v9eTs0XnGA494jDrSkSVpUtpdCzVJ4UjoMJ0kN49b4iq2G7E3ag7+mHfx RCGc06jUPtF4LbAvcjQMiDuvFQRhYms= ARC-Authentication-Results: i=1; imf21.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=korg header.b=OshYRO+R; spf=pass (imf21.hostedemail.com: domain of akpm@linux-foundation.org designates 145.40.73.55 as permitted sender) smtp.mailfrom=akpm@linux-foundation.org; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1719906151; a=rsa-sha256; cv=none; b=WW6TLRyDyGYQsdhlnm7UOr0uGHgDoUsjBu5h6KXmCr9jc9K9+4bsHXZvgQCiFWcqSZIQk9 pT0OuNgSHkYIZHzmXPstcib+wlCVlKaO1zFWTNl8/2PKLFYCkhpKnSZtNP/AY4viM64Rz6 iKB/ymZykBFrh3HNo9otfUF0KjlGVTE= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 37754CE1B52; Tue, 2 Jul 2024 07:42:56 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E9194C116B1; Tue, 2 Jul 2024 07:42:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org; s=korg; t=1719906175; bh=b9oO32qfFgklf7sETD8/dcIhc/Mu840qILzRUiMTpP4=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=OshYRO+RqtW//uVs0njfZO7RS9kJp7HLUpkuV1+ecHPNjZ4TMDFd+ugEBS0Pi7c1j 4NzTC/LyznWWg2EQLbG1xW5vZ28wBuRKvTHc7rpWhFih0+wqUumCbAP7TXxdJ0vmlT +XaG2OR5kNm6vFn4gpH1YXOJO7gEKW7cQ4RcGDmU= Date: Tue, 2 Jul 2024 00:42:54 -0700 From: Andrew Morton To: "Jason A. Donenfeld" Cc: linux-kernel@vger.kernel.org, patches@lists.linux.dev, tglx@linutronix.de, linux-crypto@vger.kernel.org, linux-api@vger.kernel.org, x86@kernel.org, Greg Kroah-Hartman , Adhemerval Zanella Netto , Carlos O'Donell , Florian Weimer , Arnd Bergmann , Jann Horn , Christian Brauner , David Hildenbrand , linux-mm@kvack.org Subject: Re: [PATCH v19 1/5] mm: add VM_DROPPABLE for designating always lazily freeable mappings Message-Id: <20240702004254.3ab2db4a98cb7fdd245407cb@linux-foundation.org> In-Reply-To: <20240701135801.3698-2-Jason@zx2c4.com> References: <20240701135801.3698-1-Jason@zx2c4.com> <20240701135801.3698-2-Jason@zx2c4.com> X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: 044EA1C000C X-Stat-Signature: f9cfchdz9dqj4zkr4zrfuz55onochqnd X-Rspam-User: X-HE-Tag: 1719906179-632495 X-HE-Meta: U2FsdGVkX1+N1UlXTlYOomtS74Pujye/Hf50kzfEalWQcLxCQlnhrUO0j+I1+Ryqu9N1OpK7GAPxqCwNgOPAH4HvI5TO/4Hp4cppmoJKMct0BcwGLx1SuSx4lIPYxKUjrMpl11p8X68+f1I8sLrXrLC5pOY1BfJP+I8BFQiJSBkKA5lZwwluAOeQuI905PM72UKIsSDHuTSSKxa01O5olRQvy1eBKarJNRdzEUPj7Qc7aZ0phSaTsJidMuTV6q1aVTmMYZBpI4+Qkl+xT/H5wDwhmqVRDDzJNYTZB4aclZbMeW6Bd4M3iW9BURV+dqVO2QCmPbmmn9YDc/OZ806OZvFc+rxjO9rrc5kKzhg6/soR6XjZXOYsEHhQ8ldcobhCf29mnm3dOYf55TW5uRdwVyx7EXLT/+0NpZSCn/tE9eMBzEB123axcd/a/zsxwOanMHaO3/cv7sBhKohtlAZkJnFHb6nONQGyQWHYTDc5Az2AHk9sqk3Pgxu0nhsRqIt6S0dMqKZtuL3yEZY3rfg6dR6AuPBJZW0OlIY6ecB5GihKCSbmXl+0rWwTH9CwFBxYGKz3kcBUvYj9FZex6ZGfyYe6pPoZ8WnExiHfaCG7s+uwPG+98XFkFbfEUe/OXO04lpFafyMEoiQaaS98MDBilYOeTLLULZ29SIMVpcyR/q4lJlaF1e2nLJP6QKHLKQbVPU0HPlYRvA444EsOFPjZ2IWwhyoU0/yo6omIvYHUdEPlB71N3MybO+WViaw0oTsndP2jE/nVEhZJR03S+V4yMxVh9gYkmx0IXMwnMFpG6ifInSqp89CyGJ7rSGk67wdxNO31ccDuyZjKu0pC3MXCGAXrlI6uL+4gvlWlgfdJt4vO0oHoNNNVPCeFGLkzdKmIEpv8vrQA1IoYYd82ynx+ZdVQmcohAGaIHAYPn7avrJb55cYow0G5SgGVYXtbVG7iqbM0pXmUsSoReCVWYuw HcvTwakF n/KkWlL7dzfztx7Hjus3kIPK1ieg1J0J7xS8tFaB/zp3eZWnQAKWN98gt93hBqicG1a6Po733A8SMu6HfF26LoMv9COu7INhcvoKrDjKg0YLzg8UU917931bgF5WkmYvLBATJuuKYbJbssvgyQOB0FuKxmrhG8yIHx2fL8Vim2ETUU/8qZvsTj7q04AvCMLIs7+To94RkWrTe+/KhS9dv8BIGqg9fl0FbqSp71MP+Rrn94MmwMcWuEpDAOQh5gtFy4M7VX4MeU8xsLICfQne2G5NuHWkXfOmkbNfxJgJZVoNAjtevmtvl76My3DNNONCfwmZ2hQFTMt8kZn8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Mon, 1 Jul 2024 15:57:55 +0200 "Jason A. Donenfeld" wrote: > The vDSO getrandom() implementation works with a buffer allocated with a > new system call that has certain requirements: > > - It shouldn't be written to core dumps. > * Easy: VM_DONTDUMP. > - It should be zeroed on fork. > * Easy: VM_WIPEONFORK. > > - It shouldn't be written to swap. > * Uh-oh: mlock is rlimited. > * Uh-oh: mlock isn't inherited by forks. > > It turns out that the vDSO getrandom() function has three really nice > characteristics that we can exploit to solve this problem: > > 1) Due to being wiped during fork(), the vDSO code is already robust to > having the contents of the pages it reads zeroed out midway through > the function's execution. > > 2) In the absolute worst case of whatever contingency we're coding for, > we have the option to fallback to the getrandom() syscall, and > everything is fine. > > 3) The buffers the function uses are only ever useful for a maximum of > 60 seconds -- a sort of cache, rather than a long term allocation. > > These characteristics mean that we can introduce VM_DROPPABLE, which > has the following semantics: > > a) It never is written out to swap. > b) Under memory pressure, mm can just drop the pages (so that they're > zero when read back again). > c) It is inherited by fork. > d) It doesn't count against the mlock budget, since nothing is locked. > > This is fairly simple to implement, with the one snag that we have to > use 64-bit VM_* flags, but this shouldn't be a problem, since the only > consumers will probably be 64-bit anyway. > > This way, allocations used by vDSO getrandom() can use: > > VM_DROPPABLE | VM_DONTDUMP | VM_WIPEONFORK | VM_NORESERVE > > And there will be no problem with using memory when not in use, not > wiping on fork(), coredumps, or writing out to swap. The patch is impressively comment-free. It is a little harsh to make readers go poking around in the git history to figure out what VM_DROPPABLE is, and why it exists. Seems hard to test that this mode is working correctly. Can you think of a way for userspace to check this? And if so, add it to selftests?