From patchwork Tue Mar 14 20:45:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Roesch X-Patchwork-Id: 13174999 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58571C6FD1F for ; Tue, 14 Mar 2023 20:46:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6A4B86B0072; Tue, 14 Mar 2023 16:46:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 654928E0002; Tue, 14 Mar 2023 16:46:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 542FF8E0001; Tue, 14 Mar 2023 16:46:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 468E66B0072 for ; Tue, 14 Mar 2023 16:46:15 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay09.hostedemail.com (Postfix) with ESMTP id EA8AC80146 for ; Tue, 14 Mar 2023 20:46:14 +0000 (UTC) X-FDA: 80568686268.10.33A7777 Received: from 66-220-144-178.mail-mxout.facebook.com (66-220-144-178.mail-mxout.facebook.com [66.220.144.178]) by imf27.hostedemail.com (Postfix) with ESMTP id 6D8A640019 for ; Tue, 14 Mar 2023 20:46:13 +0000 (UTC) Authentication-Results: imf27.hostedemail.com; dkim=none; spf=neutral (imf27.hostedemail.com: 66.220.144.178 is neither permitted nor denied by domain of shr@devkernel.io) smtp.mailfrom=shr@devkernel.io; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1678826773; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references; bh=6t89QJhxENopYXRLHv0O7ijAjFpUeRtBp5eM4Vp1C2I=; b=b5DB9ye+at20VHkwFlkfBZtW/Uhr2uNzgZLeECa3V2NJ70vDjCcz5NLy5+RD1CrCpCFO06 S8LTpLEqJRylvVhCwkDGXDauIEbJREm6xRyuGY3kf2/4XUr0tCku8wQl5Cy1E4tylt1Vl+ QEq1RVuLrhhtFremgmo+XUhdFVzKYTQ= ARC-Authentication-Results: i=1; imf27.hostedemail.com; dkim=none; spf=neutral (imf27.hostedemail.com: 66.220.144.178 is neither permitted nor denied by domain of shr@devkernel.io) smtp.mailfrom=shr@devkernel.io; dmarc=none ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678826773; a=rsa-sha256; cv=none; b=PLN6XXLgvFCgA87IWQMfEpth6Licdk2kkwCeWntQm2f6R2klAvp4dgXLJWde2tGj1pnU5b tRDUu7Zt0OaultDNBDNg+hHN2UmwsAL54/yRjyxkmh8pWUVg6SfpfvuS0qKlUd99LJcum/ W0rx8LwP7DhMM/PRlJ5DUhaUt3NQ7f0= Received: by dev0134.prn3.facebook.com (Postfix, from userid 425415) id 8D4DA91E420D; Tue, 14 Mar 2023 13:45:58 -0700 (PDT) From: Stefan Roesch To: kernel-team@fb.com Cc: shr@devkernel.io, linux-mm@kvack.org, riel@surriel.com, mhocko@suse.com, david@redhat.com, linux-doc@vger.kernel.org, akpm@linux-foundation.org, hannes@cmpxchg.org Subject: [PATCH v1] docs/mm: extend ksm doc Date: Tue, 14 Mar 2023 13:45:57 -0700 Message-Id: <20230314204557.3863923-1-shr@devkernel.io> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 X-Stat-Signature: 9s8z6ptg3gwyzdrs4fqpba58xnmdxzwy X-Rspam-User: X-Rspamd-Queue-Id: 6D8A640019 X-Rspamd-Server: rspam06 X-HE-Tag: 1678826773-835861 X-HE-Meta: U2FsdGVkX1+lDreP0Lqk+QCsXG89wDFZlDjXI8uqgVqLTcX3MynEBdUYTbr/OxnVsF+edrzvZnGl6ZgyqcT3iXNq0zZbAtCyRcGWX3mplRRxFhgAIzCKrzfoWWQMxqbQsOxxb0qOEjGcWTDGyIRvMTB5p3VKGPD+REue+G/RqhyKCZ2xFUbBBaREROzF+Lit8Njyg1upFlSyu6O6REeSslWWmBvkY+bnUKA3Gs/x1C25GAImLIU6jzyiHvLW7pp77RRFO2s3TyUovnXGG+Nr62lRmJHzz9tmOfR4ky45UVSakqS3/JHTx8PtU7tFFvKmEs1nL0yjV0yWZyibDokjmg6qJ890m6spu8VVfzt3LVIDyNe4Yl6/MLcmVi1kO38/JcoBYUPCEzJUt3KO9YAVPzAOsDXnoJQ00T3o2TAyKXEwAWculZABsK+SQ0AAgySa93dRQG3mQWHmFLpWlBlkmBIDBUOhQ7i21ENUiR07dZsE9RMET0jvAqQDIKnRbR32QMiwCPm05iPcujK+QN02lQWuIkvZF9GrkVTQoC+Zma3bhKnLdW3Q51CC89gzC2e0NscKBsRUhlxYwnLihBpN4dVnLsKTcocmPByS/qhXeencf+COD7soySDeuihMmGOxgn1cTXDA8zy0d0g421i2A8Tt4Un+DT54suImIxFbIIbwdPCTKEtUzsd1sNLuBM4OV//VdcHPR8iGYjN8Ro2+nAPL/REsIfP2N24ESo0iUSG+xQtytNJtJcwXN91XAQWvfaCKmEpz+QZRtp4165M+9FfXsJq/A+QHwFn3q/pelPvFcU2DWnYP2WT5i4YhmZ+QHg5uW2cPKW0WUs2/lMKvuv1PeGRR5Kf0IA8Kb4ryvwlBycIgBX2SMuYximXcBatGXkUtozuta0JW3GCVgwK+YlEGjt52bohvR3UyAT+zgsKH+sSI7OOpO9BMxjIavZf/Z43ldKahxitDeYq4PBZ OMW1xX+8 9S/gdppMlBSdJx3Sjb6ndV9Sze4s0QIyLCBzsl3PcaywR3sg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This adds a description of the new prctl interface for KSM and also adds a general section on security concerns. Signed-off-by: Stefan Roesch --- Documentation/admin-guide/mm/ksm.rst | 41 +++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) base-commit: 5faf25f023d8816a49e168930218ffdb75d5d853 diff --git a/Documentation/admin-guide/mm/ksm.rst b/Documentation/admin-guide/mm/ksm.rst index d2929964cd0f..ba75d628f6d7 100644 --- a/Documentation/admin-guide/mm/ksm.rst +++ b/Documentation/admin-guide/mm/ksm.rst @@ -20,13 +20,15 @@ content which can be replaced by a single write-protected page (which is automatically copied if a process later wants to update its content). The amount of pages that KSM daemon scans in a single pass and the time between the passes are configured using :ref:`sysfs -intraface ` +interface ` KSM only merges anonymous (private) pages, never pagecache (file) pages. KSM's merged pages were originally locked into kernel memory, but can now be swapped out just like other user pages (but sharing is broken when they are swapped back in: ksmd must rediscover their identity and merge again). +.. _ksm_madvise: + Controlling KSM with madvise ============================ @@ -68,6 +70,43 @@ Applications should be considerate in their use of MADV_MERGEABLE, restricting its use to areas likely to benefit. KSM's scans may use a lot of processing power: some installations will disable KSM for that reason. +Controlling KSM with prctl +============================ + +KSM can be enabled for a process or a cgroup, by using the prctl(2) system +call:: + + int prctl(PR_SET_MEMORY_MERGE, 1) + +The app may call + +:: + + int prctl(PR_SET_MEMORY_MERGE, 0) + +to cancel that advice and restore unshared pages: whereupon KSM +unmerges whatever is merged for that process. Note: this unmerging call +may suddenly require more memory than is available - possibly failing +with EAGAIN, but more probably arousing the Out-Of-Memory killer. + +The restrictions mentioned in :ref:`Controlling KSM with madvise `' +also apply here. Also consider the security implications of using KSM. + +KSM security concerns +======================= + +KSM has the possibility of memory side channel attacks. When individual +VMA's have KSM enabled, the security aspect needs to be considered. + +An individual workload doesn't know what else is running on +the machine, so it needs to be highly conservative about what it can +give up for system-wide merging. + +However, if the system is dedicated to running multiple jobs within the +same security domain, there is a usecase where multiple instances of the +same job are running inside a safe shared security domain and using the +same sensitive data. + .. _ksm_sysfs: KSM daemon sysfs interface