Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp656036ybh; Thu, 12 Mar 2020 08:42:53 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuaQGsgG0rF8yblVVNuGNXapcBpD8x1Zlx9YU7haWtaG3bUoPOX5TS/z5BNtOzi+c6D+Qmd X-Received: by 2002:a05:6830:1498:: with SMTP id s24mr5690546otq.242.1584027773284; Thu, 12 Mar 2020 08:42:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584027773; cv=none; d=google.com; s=arc-20160816; b=AcWBvJgdGSdvwZPY4TLFHBHurRBZDVqhPq6TO8XKPLYZt/y93RVkp7hS4mTy4qKeFk x/C4PG5Z6lePiKV4V+Y59rKMasLDsnwBRjGmdWKKVN3a9C3QhKyNDoq8GRaEz38bOlSl k4XtxFz8dfDH3mSGyfnUVqqjDDxQMEs6TCnyc2kj/IMKGofMM/3AWpt1LJ4D/CgKaPeY gMlFJsI2ffaKUe/aS8Fzcra2SDL1dQO0vp7sG5vS4bD+9oZcas0QgV+iCt6jrkPF+W9x VCKqM3HWZ9bc4u0Nnky7Hq4ckRQCVHU6eU+tmsN12MZ5H4dOE8xJTbmGGETSzozPCwSS jchA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=b3fqmIYaTgz9fPvW4J/w0uVz/wxJzVEcL8X8EQ/2Bm0=; b=OKmJPnj4Cc2G+tcjoRsPRzfFJoycYITFaJVj6qaNTprcyAkvV2r5yOBgtDla+pm6Qu T6f8Dh7KUYLWgPo+c1s6ZuwvGjpSpOhQs8N+dyJscwJINhpn44ucpjY6GHV4unuXcVaG PMA0UPwn9JbiOcsnMmbfvsxAuWoiVJHmUnuG6Oq4LakL/YsdbyJvZ6pruT4J5n5LOTLm ecYsTkNSdhH0DN5m4WkQ6w4CAb/Hgivpm5mNozCdCRoL9fHMqBADZQ+GllRi8BgLv9e+ FSoINHexa1qZT1rl3ggCtWLKgg20qE2S4NCnOzUObbl7w4UHQqW5xfsF+nAddqcIWufA jvNw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x136si2680598oif.122.2020.03.12.08.42.40; Thu, 12 Mar 2020 08:42:53 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727658AbgCLPks (ORCPT + 99 others); Thu, 12 Mar 2020 11:40:48 -0400 Received: from mx2.suse.de ([195.135.220.15]:57408 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727059AbgCLPkr (ORCPT ); Thu, 12 Mar 2020 11:40:47 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id BB9FFAC5F; Thu, 12 Mar 2020 15:40:45 +0000 (UTC) Subject: Re: interaction of MADV_PAGEOUT with CoW anonymous mappings? To: Michal Hocko , Jann Horn Cc: Minchan Kim , Linux-MM , kernel list , Daniel Colascione , Dave Hansen , "Joel Fernandes (Google)" , Andrew Morton References: <20200312082248.GS23944@dhcp22.suse.cz> From: Vlastimil Babka Message-ID: <86dba6eb-9c08-695a-aafd-75260bff1767@suse.cz> Date: Thu, 12 Mar 2020 16:40:44 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 MIME-Version: 1.0 In-Reply-To: <20200312082248.GS23944@dhcp22.suse.cz> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/12/20 9:22 AM, Michal Hocko wrote: > [Cc akpm] > > So what about this? > > From eca97990372679c097a88164ff4b3d7879b0e127 Mon Sep 17 00:00:00 2001 > From: Michal Hocko > Date: Thu, 12 Mar 2020 09:04:35 +0100 > Subject: [PATCH] mm: do not allow MADV_PAGEOUT for CoW pages > > Jann has brought up a very interesting point [1]. While shared pages are > excluded from MADV_PAGEOUT normally, CoW pages can be easily reclaimed > that way. This can lead to all sorts of hard to debug problems. E.g. > performance problems outlined by Daniel [2]. There are runtime > environments where there is a substantial memory shared among security > domains via CoW memory and a easy to reclaim way of that memory, which > MADV_{COLD,PAGEOUT} offers, can lead to either performance degradation > in for the parent process which might be more privileged or even open > side channel attacks. The feasibility of the later is not really clear > to me TBH but there is no real reason for exposure at this stage. It > seems there is no real use case to depend on reclaiming CoW memory via > madvise at this stage so it is much easier to simply disallow it and > this is what this patch does. Put it simply MADV_{PAGEOUT,COLD} can > operate only on the exclusively owned memory which is a straightforward > semantic. > > [1] http://lkml.kernel.org/r/CAG48ez0G3JkMq61gUmyQAaCq=_TwHbi1XKzWRooxZkv08PQKuw@mail.gmail.com > [2] http://lkml.kernel.org/r/CAKOZueua_v8jHCpmEtTB6f3i9e2YnmX4mqdYVWhV4E=Z-n+zRQ@mail.gmail.com > Reported-by: Jann Horn Fixes: 9c276cc65a58 ("mm: introduce MADV_COLD") Maybe CC stable? > Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka > --- > mm/madvise.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/mm/madvise.c b/mm/madvise.c > index 43b47d3fae02..4bb30ed6c8d2 100644 > --- a/mm/madvise.c > +++ b/mm/madvise.c > @@ -335,12 +335,14 @@ static int madvise_cold_or_pageout_pte_range(pmd_t *pmd, > } > > page = pmd_page(orig_pmd); > + > + /* Do not interfere with other mappings of this page */ > + if (page_mapcount(page) != 1) > + goto huge_unlock; > + > if (next - addr != HPAGE_PMD_SIZE) { > int err; > > - if (page_mapcount(page) != 1) > - goto huge_unlock; > - > get_page(page); > spin_unlock(ptl); > lock_page(page); > @@ -426,6 +428,10 @@ static int madvise_cold_or_pageout_pte_range(pmd_t *pmd, > continue; > } > > + /* Do not interfere with other mappings of this page */ > + if (page_mapcount(page) != 1) > + continue; > + > VM_BUG_ON_PAGE(PageTransCompound(page), page); > > if (pte_young(ptent)) { >