From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 40C60C433EF
	for <linux-mm@archiver.kernel.org>; Fri,  1 Jul 2022 12:39:30 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id B51D86B0073; Fri,  1 Jul 2022 08:39:29 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id B01266B0074; Fri,  1 Jul 2022 08:39:29 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 9C9A86B0075; Fri,  1 Jul 2022 08:39:29 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12])
	by kanga.kvack.org (Postfix) with ESMTP id 8A0046B0073
	for <linux-mm@kvack.org>; Fri,  1 Jul 2022 08:39:29 -0400 (EDT)
Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 595EF20A9B
	for <linux-mm@kvack.org>; Fri,  1 Jul 2022 12:39:29 +0000 (UTC)
X-FDA: 79638486858.04.39C3892
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by imf22.hostedemail.com (Postfix) with ESMTP id E317BC0040
	for <linux-mm@kvack.org>; Fri,  1 Jul 2022 12:39:28 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1656679168;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=s8EPJUGLXSe6M8And1ttNiEeLb4XllnEQkbnHjdKlZY=;
	b=BCwqjHs3EfSjEd5vaVCbprwrET+RRuisS+QLd01U6fv/OpSRVPnPaGauCv1Az8MOYhKEw9
	k/rJyL0AmG/0J/f/dQh6WInb8nNhS9IZjKdgsmKIyB2GaRyiQUJLzFycbzuhVFN5XxMBYS
	1G17bSNwbvTW8rdx//MRXW8aOAeQUIg=
Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com
 [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-532-5JRRDPiZObaqcSzOZcxFyg-1; Fri, 01 Jul 2022 08:39:27 -0400
X-MC-Unique: 5JRRDPiZObaqcSzOZcxFyg-1
Received: by mail-wm1-f69.google.com with SMTP id p22-20020a05600c359600b0039c7b23a1c7so3001921wmq.2
        for <linux-mm@kvack.org>; Fri, 01 Jul 2022 05:39:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
         :content-language:to:cc:references:from:organization:in-reply-to
         :content-transfer-encoding;
        bh=s8EPJUGLXSe6M8And1ttNiEeLb4XllnEQkbnHjdKlZY=;
        b=VJsQaXtd9k17PxUGg5x0VoQ1g1ZqxLGR6sR2GyyrcBsjElEXLvGhQRV1sBlmVrs8+C
         tbOliheO1rTRCvuyvh0PTzD3FxQUSIduUgigDOkdFSbCQhFZbYNrXUXpvjh6JBNtVpt5
         PW04uqf6WXeFPbMFcI7Pzrz/r3Z/W1+vSu6ZTpa5eGfLD97HsNIlM+N2DvSz9M6DnDRo
         KQQJ/w3t9Av3mGGHUpf1AJA7iCO6lTaVFzwU3pDWxk890wNU9yLpu6BonUEgAcq0zgsI
         v2mys1KZEUqbdWS7OcsI+CGtr8moNZ4MpnAendtxENGymS2tj6tZ58V0zqFCfbE+57xe
         FPKA==
X-Gm-Message-State: AJIora894NFYGBd6PSj0Gk0lAyQhQ8sf/Km6UJZsSUg1XMB72UhdH8o/
	j4q8qHysQOB0tdATmaJaYjgjLlRJOnCuRG0AOMuX5PbEzjyLXivxaDoisLbtGt0jK+/InuDKlKm
	Pjrh8A9QuHa8=
X-Received: by 2002:a5d:47cd:0:b0:21d:30ea:a0d5 with SMTP id o13-20020a5d47cd000000b0021d30eaa0d5mr11146363wrc.74.1656679166170;
        Fri, 01 Jul 2022 05:39:26 -0700 (PDT)
X-Google-Smtp-Source: AGRyM1vuWsT0XC/Zky44X7gubBF+mJkHoq3T7uWaKyGNsztMBQSqQf5CWibCNdM8K8OMh+zSSDlbzg==
X-Received: by 2002:a5d:47cd:0:b0:21d:30ea:a0d5 with SMTP id o13-20020a5d47cd000000b0021d30eaa0d5mr11146345wrc.74.1656679165903;
        Fri, 01 Jul 2022 05:39:25 -0700 (PDT)
Received: from ?IPV6:2003:cb:c709:e300:d7a0:7fc3:8428:43e5? (p200300cbc709e300d7a07fc3842843e5.dip0.t-ipconnect.de. [2003:cb:c709:e300:d7a0:7fc3:8428:43e5])
        by smtp.gmail.com with ESMTPSA id r13-20020adfe68d000000b0021018642ff8sm23978560wrm.76.2022.07.01.05.39.24
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 01 Jul 2022 05:39:25 -0700 (PDT)
Message-ID: <54b67d6b-f600-1b9b-3d3f-e91b13d04c91@redhat.com>
Date: Fri, 1 Jul 2022 14:39:24 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.9.0
Subject: Re: [PATCH linux-next] mm/madvise: allow KSM hints for
 process_madvise
To: Michal Hocko <mhocko@suse.com>
Cc: cgel.zte@gmail.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org,
 vbabka@suse.cz, minchan@kernel.org, oleksandr@redhat.com,
 xu xin <xu.xin16@zte.com.cn>, Jann Horn <jannh@google.com>,
 Andrew Morton <akpm@linux-foundation.org>
References: <20220701084323.1261361-1-xu.xin16@zte.com.cn>
 <Yr66Uhcv+XAPYPwj@dhcp22.suse.cz>
 <93e1e19a-deff-2dad-0b3c-ef411309ec58@redhat.com>
 <c9de1c34-2a39-e4a2-c9b0-9790c5ffab13@redhat.com>
 <Yr7h/E/6A+tsjU9r@dhcp22.suse.cz>
 <203548a6-cf70-30ce-6756-f6c909e7ef21@redhat.com>
 <Yr7qQsWQGb0dhkxr@dhcp22.suse.cz>
From: David Hildenbrand <david@redhat.com>
Organization: Red Hat
In-Reply-To: <Yr7qQsWQGb0dhkxr@dhcp22.suse.cz>
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
ARC-Authentication-Results: i=1;
	imf22.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=BCwqjHs3;
	dmarc=pass (policy=none) header.from=redhat.com;
	spf=none (imf22.hostedemail.com: domain of david@redhat.com has no SPF policy when checking 170.10.133.124) smtp.mailfrom=david@redhat.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1656679169; a=rsa-sha256;
	cv=none;
	b=gS55sD/S/WAJnnqzge0IRNKy9MdDDbFjd6uVxSPvFHDh+RuPoDFgt1g5uJ0Aidf561w4yJ
	ig/2/+2e2382wILqmd46FtXIG1PRWDSBSsOHus+raDofWLd935lHgrL3C4ixpTPGsPXa67
	yZQ2/UQ72yAlug7VHcxQbOy3DKf/yiY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1656679169;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=s8EPJUGLXSe6M8And1ttNiEeLb4XllnEQkbnHjdKlZY=;
	b=b4gKa4Ak6lcg00TodlHPg7eLogY2sWw60R+JkhasNqlT+T3NnkdqDbXMAJH3o0UxtjEOqP
	3CbEqplIduS56QUpT7g+os5PUVv3O4+q8Zrighhwe6YFAESzvdrpALAQtPx/RPax2OgnXF
	g859tDRWCFfwz5E2cDYNj5+NDRL9mEU=
X-Stat-Signature: syfkyzgapkzg3c69sd1mii1e9j9d4s3w
X-Rspamd-Queue-Id: E317BC0040
Authentication-Results: imf22.hostedemail.com;
	dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b=BCwqjHs3;
	dmarc=pass (policy=none) header.from=redhat.com;
	spf=none (imf22.hostedemail.com: domain of david@redhat.com has no SPF policy when checking 170.10.133.124) smtp.mailfrom=david@redhat.com
X-Rspam-User: 
X-Rspamd-Server: rspam11
X-HE-Tag: 1656679168-440538
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

> I am not sure about exact details of the KSM implementation but if that
> is not a desirable behavior then it should be handled on the KSM level.
> The very sam thing can easily happen in a multithreaded (or in general
> multi-process with shared mm) environment as well.

I don't quite get what you mean.

>  
>>>> Further, if an app explicitly decides to disable KSM one some region, we
>>>> should not overwrite that.
>>>
>>> Well, the interface is rather spartan. You cannot really tell "disable
>>> KSM on some reqion". You can only tell "KSM can be applied to this
>>> region" and later change your mind. Maybe this is what you had in
>>> mind though.
>>
>> That's what I meant. The hugepage interface has different semantics and
>> you get three possible states:
>>
>> 1: yes please: MADV_HUGEPAGE
>> 2: don't care -- don't set anything
>> 3. please no: MADV_NOHUGEPAGE
>>
>> Currently for KSM we only have 1 and 2 internally I think (single
>> flag), because it didn't matter in the past ebcause there was no
>> force-enablement. One could convert it into all 3 states, changing the
>> semantics of MADV_UNMERGEABLE slightly from
>>
>>
>> 1: yes please: MADV_MERGEABLE
>> 2: don't care: MADV_UNMERGEABLE
>>
>> to
>>
>> 1: yes please: MADV_MERGEABLE
>> 2: don't care -- don't set anything
>> 3. please no: MADV_UNMERGEABLE
> 
> Are you saying that any remote handling of the KSM has to deal with a
> pre-existing semantic as well? Are we aware of any existing application
> that really uses MADV_UNMERGEABLE in a hope to disable KSM for any of
> its sensitive memory ranges? My understanding is that this is simply a
> on/off knob and a remote way to do the same is in line with the existing
> API.

"its sensitive memory ranges" that's exactly what I am concerned of.
There should be a toggle, and existing applciations will not be using it.

> 
> To be completely honest I do not really buy an argument that this might
> break something much more than the original application can do already.

How can you get a shared zeropage in a private mapping after a previous
write if not via KSM?

> Unless I am missing the ptrace check puts the bar rather high. Adversary
> with this level of access to the target application has already broken
> it. Or am I missing something?

I don't see what you mean.

-- 
Thanks,

David / dhildenb