From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 88696C433F5
	for <linux-mm@archiver.kernel.org>; Thu, 19 May 2022 03:39:48 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id DE3086B0072; Wed, 18 May 2022 23:39:47 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id D91636B0073; Wed, 18 May 2022 23:39:47 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id C5AA06B0074; Wed, 18 May 2022 23:39:47 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15])
	by kanga.kvack.org (Postfix) with ESMTP id B565A6B0072
	for <linux-mm@kvack.org>; Wed, 18 May 2022 23:39:47 -0400 (EDT)
Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay10.hostedemail.com (Postfix) with ESMTP id 86B878DF
	for <linux-mm@kvack.org>; Thu, 19 May 2022 03:39:47 +0000 (UTC)
X-FDA: 79481088414.25.6180C91
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171])
	by imf31.hostedemail.com (Postfix) with ESMTP id DCBA2200C1
	for <linux-mm@kvack.org>; Thu, 19 May 2022 03:39:17 +0000 (UTC)
Received: by mail-pf1-f171.google.com with SMTP id w200so3971193pfc.10
        for <linux-mm@kvack.org>; Wed, 18 May 2022 20:39:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=message-id:date:from:to:cc:subject:references:mime-version
         :content-disposition:in-reply-to;
        bh=yN69T3VlLbhWzqaJ04/Cruu+aC3pD4q/ss9q7X7d+FE=;
        b=O8SV9hdkE/2vj4RLhxwpWjcWg2MmD/u6TYK5SqYSCu5WCmhJAYJ+RUHEsv3o/P2ysQ
         bRQKp4ojl1sa53WL3E9LzfFg27FlqAdedOb7PSo004MffWmLAPSUznXHoPxnt8TcTzDd
         uXY/1HfmkKSt+YqRtwtKxOELNNfyrtSjAVgNI3z+xHzNXOYc9hs3k90qznkA7yyx6fOY
         m02VrVUWbUPYkt6DrMkhT8SQjGjtR/U1EZF+jlbibSj/QitF9dyFKT9jvQ/VkvYcaRL8
         cC/2SZqK5ir6P4q41NhWjX1LaVkFjqGAw4Y0evqleL8x+DoBbeZpIbnq1/Og+H8+YYDg
         zsqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:message-id:date:from:to:cc:subject:references
         :mime-version:content-disposition:in-reply-to;
        bh=yN69T3VlLbhWzqaJ04/Cruu+aC3pD4q/ss9q7X7d+FE=;
        b=cxn3fSA361ZBJASJM5Lji9WBAZybNVf8Srn5CkjU/pIUzcncPSB9BPSwlZ0x+9giCx
         mQS+B6lsVC0iEuA/zcPILk/1twYJdV0qtLi0vPPd5+G0T08nzH4ZzvU+lqNNdyofwAij
         YkcMkHvSkW6O5QcDzbiWw1rLUGhhwDUqL4I7XHe1onWng4xU3+c8/fKR5+10zpyMfMEC
         WeaJuHDoddrP/pYzgpPRw2FCkC34mWCcNdEPRqxUuW1egwi+Y5ZRSE+Ig85CtbBfhwFl
         PdK8RU6n5sBWAMF10BvxCcOZoHjzou42fYyZP1XDpkIiCQJ4QNH6PTnXZQRQVV+vyrCV
         IlFw==
X-Gm-Message-State: AOAM532GXPUPTw36N1AqjFGBlJZ4it1yQGBsEnnr/z1WnFiUWseq4/zh
	eL61KrmDdUl+1QN473+iFEw=
X-Google-Smtp-Source: ABdhPJx30F806uRbpCNtRmzK2AGNOrstjwNN4/n2kuy2Me5b9xpDht5tUrZRNMmwBhAwfAj+zwzxYg==
X-Received: by 2002:a63:1b49:0:b0:3f2:cf90:5ad4 with SMTP id b9-20020a631b49000000b003f2cf905ad4mr2275090pgm.450.1652931585799;
        Wed, 18 May 2022 20:39:45 -0700 (PDT)
Received: from localhost ([193.203.214.57])
        by smtp.gmail.com with ESMTPSA id p6-20020a170902e74600b0015e8d4eb21dsm2542589plf.103.2022.05.18.20.39.44
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 18 May 2022 20:39:45 -0700 (PDT)
Message-ID: <6285bc01.1c69fb81.c4048.6665@mx.google.com>
X-Google-Original-Message-ID: <20220519033943.GA1735704@cgel.zte@gmail.com>
Date: Thu, 19 May 2022 03:39:43 +0000
From: CGEL <cgel.zte@gmail.com>
To: Jann Horn <jannh@google.com>
Cc: akpm@linux-foundation.org, ammarfaizi2@gnuweeb.org,
	oleksandr@natalenko.name, willy@infradead.org, linux-mm@kvack.org,
	corbet@lwn.net, linux-kernel@vger.kernel.org,
	xu xin <xu.xin16@zte.com.cn>, Yang Yang <yang.yang29@zte.com.cn>,
	Ran Xiaokai <ran.xiaokai@zte.com.cn>,
	wangyong <wang.yong12@zte.com.cn>,
	Yunkai Zhang <zhang.yunkai@zte.com.cn>,
	Jiang Xuexin <jiang.xuexin@zte.com.cn>,
	Michal Hocko <mhocko@suse.com>, Hugh Dickins <hughd@google.com>,
	Linux API <linux-api@vger.kernel.org>,
	Daniel Gruss <daniel.gruss@iaik.tugraz.at>
Subject: Re: [PATCH] mm/ksm: introduce ksm_enabled for each process
References: <20220517092701.1662641-1-xu.xin16@zte.com.cn>
 <CAG48ez0riS60zcA9CC9rUDV=kLS0326Rr23OKv1_RHaTkOOj7A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAG48ez0riS60zcA9CC9rUDV=kLS0326Rr23OKv1_RHaTkOOj7A@mail.gmail.com>
Authentication-Results: imf31.hostedemail.com;
	dkim=pass header.d=gmail.com header.s=20210112 header.b=O8SV9hdk;
	spf=pass (imf31.hostedemail.com: domain of cgel.zte@gmail.com designates 209.85.210.171 as permitted sender) smtp.mailfrom=cgel.zte@gmail.com;
	dmarc=pass (policy=none) header.from=gmail.com
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-Rspamd-Queue-Id: DCBA2200C1
X-Stat-Signature: naz1n17arooeop69kqj8naum49dpr5dj
X-HE-Tag: 1652931557-250849
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, May 18, 2022 at 04:31:26PM +0200, Jann Horn wrote:
> On Tue, May 17, 2022 at 11:27 AM <cgel.zte@gmail.com> wrote:
> > For now, if we want to use KSM to merge pages of some apps, we have to
> > explicitly call madvise() in application code, which means installed
> > apps on OS needs to be uninstall and source code needs to be modified.
> > It is very inconvenient because sometimes users or app developers are not
> > willing to modify their app source codes for any reasons.
> 
> As a sidenote: If you're going to enable KSM on your devices, I hope
> you're aware that KSM significantly reduces security -
> when cloud providers were using KSM, there were a bunch of papers that
> abused it for attacks. In particular, KSM inherently creates
> significant information leaks, because an attacker can determine
> whether a memory page with specific content exists in other apps
> through timing side channels. In the worst case, this could lead to an
> attacker being able to steal things like authentication tokens out of
> other apps.
> 
> If you see significant memory savings from enabling KSM, it might be a
> good idea to look into where exactly those savings are coming from,
> and look into whether there is a better way to reduce memory
> utilization that doesn't rely on comparing entire pages against each
> other.
> 
> See https://arxiv.org/pdf/2111.08553.pdf for a recent research paper
> that shows that memory deduplication can even make it possible to
> remotely (!) leak memory contents out of a machine, over the internet.
> 
> (On top of that, KSM can also make it easier to pull off Rowhammer
> attacks in some contexts -
> see https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_razavi.pdf
> .)

Thank you for your reply. The information you provided is very
meaningful. However, the administrator should have the right to decide
whether to use KSM. The kernel should provide a flexible mechanism to
use KSM. How to use KSM safely should be decided by the user's security
policy.