Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1709293ybi; Thu, 20 Jun 2019 02:23:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqyUlObNalzrfIJ6D6INxMDG879sGQXuQcptI+wExWVITj8UVUiJ44jKeE7h0oyPb3vSNCgl X-Received: by 2002:a63:dd53:: with SMTP id g19mr11547621pgj.3.1561022631328; Thu, 20 Jun 2019 02:23:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561022631; cv=none; d=google.com; s=arc-20160816; b=Zyzgo01YszK25/fhk3c6cjAUtI2AyjTcPweuPeT3x22nf2/VxPsM4ndTP4aUhO2zzW U0Y6jBXRbpRax6iJCWpGpsamWOI4DZtN9n3vgeGugKtHvM97Ey5OBD2XB1nuTF2ATi6I YAK0P7sfNlVwvDH3iOmoEBeEUxYn2TMtj8/j74LRksk7h+rp7EN++JVvhRTmW77BHm0R pHngjWCGbLNi7aa0izKBGrOHcmX2XFvJB2LrS3CGKtphWPmTYtC5YU4UTYGGskAeq+Xu jGa0XkBRPQlKP/Tr9oUL9ot57ePHV2VTwYINyhnryk3WcUaEnLKsmEcMCLpjjmy2JpTp AFhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=sBPBhExStgMyW/2DzeZ5lD+JndetnoLAmThCc5fXkTM=; b=EtFZz6khddPIfYqCCPCXZQh3LNXgON7ED9Cgm6SeMH7gCF7roM40vuNWKTq6KOnUgX zjujc7ft6BUUtWlVdK8usPpZpjb0NQOq7Y/Fi2Nc85wC3rZFDhOcILZCEi8MYYtqj5jQ GpxFbNc8XC8nvrkG5FF5nmS5BTsu7MjPNVh8XAVRT1zOAZ4vxcqMi436nsWxb2n9MJ1G kFzTxmP24lfPEirE3kIxEPOcqrmbc0+gkqX7UxusiGdJl5v9mPzrN1mZrAKa46Tu6YS6 Gxh9vKZiF6Ec1boUjlEGKatClamPG4vCSoD3kjIvgviYVuMBKWtz1M0fUzG/5LlQZmHb SBbA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j192si2838722pge.542.2019.06.20.02.23.35; Thu, 20 Jun 2019 02:23:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726556AbfFTJWM (ORCPT + 99 others); Thu, 20 Jun 2019 05:22:12 -0400 Received: from mx2.suse.de ([195.135.220.15]:45652 "EHLO mx1.suse.de" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1725875AbfFTJWM (ORCPT ); Thu, 20 Jun 2019 05:22:12 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 1AA10AF58; Thu, 20 Jun 2019 09:22:11 +0000 (UTC) Date: Thu, 20 Jun 2019 11:22:09 +0200 From: Michal Hocko To: Minchan Kim Cc: Andrew Morton , linux-mm , LKML , linux-api@vger.kernel.org, Johannes Weiner , Tim Murray , Joel Fernandes , Suren Baghdasaryan , Daniel Colascione , Shakeel Butt , Sonny Rao , Brian Geffon , jannh@google.com, oleg@redhat.com, christian@brauner.io, oleksandr@redhat.com, hdanton@sina.com, lizeb@google.com Subject: Re: [PATCH v2 4/5] mm: introduce MADV_PAGEOUT Message-ID: <20190620092209.GD12083@dhcp22.suse.cz> References: <20190610111252.239156-1-minchan@kernel.org> <20190610111252.239156-5-minchan@kernel.org> <20190619132450.GQ2968@dhcp22.suse.cz> <20190620041620.GB105727@google.com> <20190620070444.GB12083@dhcp22.suse.cz> <20190620084040.GD105727@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190620084040.GD105727@google.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu 20-06-19 17:40:40, Minchan Kim wrote: > > > > Pushing out a shared page cache > > > > is possible even now but this interface gives a much easier tool to > > > > evict shared state and perform all sorts of timing attacks. Unless I am > > > > missing something we should be doing something similar to mincore and > > > > ignore shared pages without a writeable access or at least document why > > > > we do not care. > > > > > > I'm not sure IIUC side channel attach. As you mentioned, without this syscall, > > > 1. they already can do that simply by memory hogging > > > > This is way much more harder for practical attacks because the reclaim > > logic is not fully under the attackers control. Having a direct tool to > > reclaim memory directly then just opens doors to measure the other > > consumers of that memory and all sorts of side channel. > > Not sure it's much more harder. It's really easy on my experience. > Just creating new memory hogger and consume memory step by step until > you newly allocated pages will be reclaimed. You can contain an untrusted application into a memcg and it will only reclaim its own working set. > > > 2. If we need fix MADV_PAGEOUT, that means we need to fix MADV_DONTNEED, too? > > > > nope because MADV_DONTNEED doesn't unmap from other processes. > > Hmm, I don't understand. MADV_PAGEOUT doesn't unmap from other > processes, either. Either I am confused or missing something. shrink_page_list does try_to_unmap and that unmaps from all processes, right? > Could you elborate it a bit more what's your concern? If you manage to unmap from a remote process then you can measure delays implied from the refault and that information can be used to infer what the remote application is doing. -- Michal Hocko SUSE Labs