From: Wei Wang <wei.w.wang@intel.com>
To: Michal Hocko <mhocko@kernel.org>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org,
virtualization@lists.linux-foundation.org, mst@redhat.com,
zhenwei.pi@youruncloud.com, akpm@linux-foundation.org,
dave.hansen@intel.com, mawilcox@microsoft.com
Subject: Re: [PATCH RESEND] mm: don't zero ballooned pages
Date: Thu, 03 Aug 2017 21:18:46 +0800 [thread overview]
Message-ID: <598322B6.8090204@intel.com> (raw)
In-Reply-To: <20170803125409.GT12521@dhcp22.suse.cz>
On 08/03/2017 08:54 PM, Michal Hocko wrote:
> On Thu 03-08-17 19:59:17, Wei Wang wrote:
>> This patch is a revert of 'commit bb01b64cfab7 ("mm/balloon_compaction.c:
>> enqueue zero page to balloon device")'
>>
>> Ballooned pages will be marked as MADV_DONTNEED by the hypervisor and
>> shouldn't be given to the host ksmd to scan.
> I find MADV_DONTNEED reference still quite confusing. What do you think
> about the following wording instead:
> "
> Zeroying ballon pages is rather time consuming, especially when a lot of
> pages are in flight. E.g. 7GB worth of ballooned memory takes 2.8s with
> __GFP_ZERO while it takes ~491ms without it. The original commit argued
> that zeroying will help ksmd to merge these pages on the host but this
> argument is assuming that the host actually marks balloon pages for ksm
> which is not universally true. So we pay performance penalty for
> something that even might not be used in the end which is wrong. The
> host can zero out pages on its own when there is a need.
> "
I think it looks good. Thanks.
>> Therefore, it is not
>> necessary to zero ballooned pages, which is very time consuming when
>> the page amount is large. The ongoing fast balloon tests show that the
>> time to balloon 7G pages is increased from ~491ms to 2.8 seconds with
>> __GFP_ZERO added. So, this patch removes the flag.
> The only reason why unconditional zeroying makes some sense is the
> data leak protection (guest doesn't want to leak potentially sensitive
> data to a malicious guest). I am not sure such a thread applies here
> though.
I think the unwashed contents left in the balloon pages (also free pages)
should be treated non-confidential - if the guest application has
confidential content in its memory, the application itself should zero that
before giving back that memory to the guest kernel.
Best,
Wei
next prev parent reply other threads:[~2017-08-03 13:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-03 11:59 [PATCH RESEND] mm: don't zero ballooned pages Wei Wang
2017-08-03 12:24 ` Michael S. Tsirkin
2017-08-03 12:54 ` Michal Hocko
2017-08-03 13:18 ` Wei Wang [this message]
2017-08-07 8:44 ` David Hildenbrand
2017-08-07 9:25 ` Michal Hocko
2017-08-07 9:37 ` David Hildenbrand
2017-08-07 9:35 ` Wei Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=598322B6.8090204@intel.com \
--to=wei.w.wang@intel.com \
--cc=akpm@linux-foundation.org \
--cc=dave.hansen@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mawilcox@microsoft.com \
--cc=mhocko@kernel.org \
--cc=mst@redhat.com \
--cc=virtualization@lists.linux-foundation.org \
--cc=zhenwei.pi@youruncloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox