Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp803067yba; Thu, 16 May 2019 09:08:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqxyeQkjqn2I6B98Er3A7UMeARhmKUo9uDo4MEBeLKy4hASgG+7jnuBSIDsbL2ujH0hNqZWN X-Received: by 2002:a62:e205:: with SMTP id a5mr17315497pfi.40.1558022931838; Thu, 16 May 2019 09:08:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558022931; cv=none; d=google.com; s=arc-20160816; b=UJCOKctJw8Bhp3HYlvnjzMzKdGuRuQ/gHixWkgGp1Zocp7U2Ckv9rRFFvgvexYZlFP 0z/bU6g+hNZZHpCOyM5pYSvu5BJo3srg/4SJrSkAl6MDpD8ObFXUNUmxGV0JPKSy4M2d qEPnHa2UO6Rxj9pGxKe+vzviWe0q4UcUPRjqIZWQiygnl3GmFTJogSHYAAeh6jkkiU7a D8AQRQ47Jla2wnfXw+QRyS0Ab8WEAnSTsjuHBR1Z7nj+KfajjGMbthj0NtxVK09PUTPe 6txaiSzjDpt7GlZX46pMww88ZgxQB12VLk7hv4rl85TWSYJ1sMYzUKztBLs/q6MM1OMg M7vA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=I4VKFuY3dBhk8M0E31KTPJJ8MMHDVcscAUiCzod5h4g=; b=zw3z6l01sm+8SZCJ5eA0U22EsgLq0VVguIC48zetvn7KArZelLe/p6LL27yhkpSiqO GbSQboZrHzcOkN9UXvwSFdQRGKZWZz3P3zi98nRLZnm96ql4NWfnTUkt7A62ROrXMY7t POekxI5XbZFMDtBBYCQEaUtn1hfcSHPqds3Umq4Xkg1v5t0we/VxixqbHfAKYkeC4OEj a17vRhLojmzYPWgq4xTiSthnvnqw7+rzC2W5+YpVh6xfLSDg2WeDH9cdXoSgxBNiKje3 /I4Yofvm8//9Hr5iUyqF5E1tIpR0IxF/wvwBKMUnsw9eBcqbrTP/VrKTQ+5xFKAvGtw1 KSuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=H6xNrQHk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 187si6153629pfe.116.2019.05.16.09.08.14; Thu, 16 May 2019 09:08:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=H6xNrQHk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727135AbfEPQGv (ORCPT + 99 others); Thu, 16 May 2019 12:06:51 -0400 Received: from mail-ot1-f68.google.com ([209.85.210.68]:39881 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726529AbfEPQGv (ORCPT ); Thu, 16 May 2019 12:06:51 -0400 Received: by mail-ot1-f68.google.com with SMTP id r7so3941084otn.6 for ; Thu, 16 May 2019 09:06:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=I4VKFuY3dBhk8M0E31KTPJJ8MMHDVcscAUiCzod5h4g=; b=H6xNrQHksO0mY+GD8TjSIB/dl7gXte6ptfd1KwGU7WS9fv6i/tgp5PRwV1QwuOcLn8 EQgegFWR1awHjfSGP4+gjgXMyl3Gl62XXSb7Mm7Nf1RXzKuaEetJoPJs6GSuS0KBL9vl Wub95qd5nDDIuDpLobcQrJAeLZp5nVs+LMne3mcxV43wLSgIfXzXurgIQYOiBUs8VKq4 KUB/9oEuCvZV97lXvc2ABvfckVlCEpI9+rGFlz3y2hfmc98QPPAyHhjTuVHOdOUM3Bkm UOJay+FnLHdEk6rocRtjzEXrvs47hR0q26+/2U1SS5+d0iEBJ8VXwWGOZJ51SarUWMvq 4fdw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=I4VKFuY3dBhk8M0E31KTPJJ8MMHDVcscAUiCzod5h4g=; b=JzoVi0XfxsNFw3eYEtngySwsr7a4VN1ndM36p4JN3Db+NB30Ca41Z1YwOhUEGybG7K 0HMMlTzlsVQxiCG50bKjSxvgrKrAXC2glHjV949rv5N0TWPXbn4fR1PB3Fxu0kdXnmfV 5suBo6+4rDvHuUYTveN0WhrQtmAEtwU6FSf2NWa2rwhIaX1xoDnBzPNfFBF+AXFYY1zz Hjd/Q47hLvqf8YgO18u4eFtpZWkIBEepwT5d32x//UE7NyjmGxZpstYTeFhQ/oc4ZISK 2ZBDTVLlGbUk9j09jUMlSeFotpexEcDRxLIEtECysnPCDpaDfEDi4SANLYuavpNEKhU2 qntw== X-Gm-Message-State: APjAAAUGi+i9my2BO793rnrVeCIFblTqzhsTumMwrmIK6PYFkEZszIOx lZljSJ79cP00h3yYqLlpGnr95A0sSLX+c9jxz4QTbw== X-Received: by 2002:a9d:7347:: with SMTP id l7mr6353382otk.183.1558022810319; Thu, 16 May 2019 09:06:50 -0700 (PDT) MIME-Version: 1.0 References: <20190516094234.9116-1-oleksandr@redhat.com> <20190516094234.9116-5-oleksandr@redhat.com> <20190516142013.sf2vitmksvbkb33f@butterfly.localdomain> In-Reply-To: <20190516142013.sf2vitmksvbkb33f@butterfly.localdomain> From: Jann Horn Date: Thu, 16 May 2019 18:06:24 +0200 Message-ID: Subject: Re: [PATCH RFC 4/5] mm/ksm, proc: introduce remote merge To: Oleksandr Natalenko Cc: kernel list , Kirill Tkhai , Hugh Dickins , Alexey Dobriyan , Vlastimil Babka , Michal Hocko , Matthew Wilcox , Pavel Tatashin , Greg KH , Suren Baghdasaryan , Minchan Kim , Timofey Titovets , Aaron Tomlin , Grzegorz Halat , Linux-MM , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 16, 2019 at 4:20 PM Oleksandr Natalenko wrote: > On Thu, May 16, 2019 at 12:00:24PM +0200, Jann Horn wrote: > > On Thu, May 16, 2019 at 11:43 AM Oleksandr Natalenko > > wrote: > > > Use previously introduced remote madvise knob to mark task's > > > anonymous memory as mergeable. > > > > > > To force merging task's VMAs, "merge" hint is used: > > > > > > # echo merge > /proc//madvise > > > > > > Force unmerging is done similarly: > > > > > > # echo unmerge > /proc//madvise > > > > > > To achieve this, previously introduced ksm_madvise_*() helpers > > > are used. > > > > Why does this not require PTRACE_MODE_ATTACH_FSCREDS to the target > > process? Enabling KSM on another process is hazardous because it > > significantly increases the attack surface for side channels. > > > > (Note that if you change this to require PTRACE_MODE_ATTACH_FSCREDS, > > you'll want to use mm_access() in the ->open handler and drop the mm > > in ->release. mm_access() from a ->write handler is not permitted.) > > Sounds reasonable. So, something similar to what mem_open() & friends do > now: > > static int madvise_open(...) > ... > struct task_struct *task = get_proc_task(inode); > ... > if (task) { > mm = mm_access(task, PTRACE_MODE_ATTACH_FSCREDS); > put_task_struct(task); > if (!IS_ERR_OR_NULL(mm)) { > mmgrab(mm); > mmput(mm); > ... > > Then: > > static ssize_t madvise_write(...) > ... > if (!mmget_not_zero(mm)) > goto out; > > down_write(&mm->mmap_sem); > if (!mmget_still_valid(mm)) > goto skip_mm; > ... > skip_mm: > up_write(&mm->mmap_sem); > > mmput(mm); > out: > return ...; > > And, finally: > > static int madvise_release(...) > ... > mmdrop(mm); > ... > > Right? Yeah, that looks reasonable.