Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1641207pxu; Sat, 12 Dec 2020 21:41:33 -0800 (PST) X-Google-Smtp-Source: ABdhPJxWBHiaF66PU06N6aEtl41iom6TqQbHscpJ48fdpMblUK5Jyn40U7EVguVhlrViowYcZehQ X-Received: by 2002:a17:906:a011:: with SMTP id p17mr17303534ejy.30.1607838093008; Sat, 12 Dec 2020 21:41:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607838093; cv=none; d=google.com; s=arc-20160816; b=A56P37dqDh4r86Yoxt1/R2Uk41LAk4ABMSvG9xMr6LjpLzM2Ove68QCTKGMcYURmfX gI4YbqZ3H5kDmBtqMsXnei6HYT/ZEM2jjYsZ7YMrQ09NkgyRQVmjKH/WQu9nJvpY43FN TUJiqjQFEllKVTLTVTcfReeKc/Sa1mpwiAU+RrGWMjWiGiTqtMyLfV5xaLqb/ugcmIhl oTsZZ1PaykcAv+8uBBvF9xLDYcLlVVKaw5Ul8nRMSg79nnSn/D52ZjE1GujfXlEjM4hb WJeh8A6UU2BnBuD7VL4o+fousWORF9AOebUDLY80L3Tb7dkhQJt+USVX4a0ezs0O92QS qRrQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:sender:dkim-signature; bh=Bd3lnTouDkrwjjSfW9VflwhzX7QjYlCu/cZFh9AVANo=; b=qin/wIQIrIZzTNpVMmCdK49Uo6TY82qWYUTl6iAHIpqAZZzfhiaV2VcNWTqOcTg7El PJd1VW++thBgM4xLWiNG5jJ7pFLVQ7C/uhT8cP4QZ5FXooNMeSOvWjnxfOAPmr6ZXSom EqAKD1u4MGrBlLeAjxXvXTNzYLfRj6+fcQsIz5aCYmDygnqIMNwm/sIsO+C8Kl1G7nS/ YXPMvQW7CsWXvBjUE81xug1BIInkaCbrukH8EcVLSL94xUlizli8iwzWsYpL2uGnIYmX ETMo/TuRZ6mk1wpxzJWt3cIhKmeASAzKtYnuPEhYwfNM7axvJrmqkQroxT1ksv8JeD/U Yapg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RbYMW87X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b8si7775623edx.538.2020.12.12.21.41.10; Sat, 12 Dec 2020 21:41:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=RbYMW87X; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2407101AbgLKXC6 (ORCPT + 99 others); Fri, 11 Dec 2020 18:02:58 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39078 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387624AbgLKXCe (ORCPT ); Fri, 11 Dec 2020 18:02:34 -0500 Received: from mail-pf1-x442.google.com (mail-pf1-x442.google.com [IPv6:2607:f8b0:4864:20::442]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 21479C0613D3; Fri, 11 Dec 2020 15:01:54 -0800 (PST) Received: by mail-pf1-x442.google.com with SMTP id c79so7918062pfc.2; Fri, 11 Dec 2020 15:01:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=Bd3lnTouDkrwjjSfW9VflwhzX7QjYlCu/cZFh9AVANo=; b=RbYMW87X89+0E07Qfby6qNe/Hi0TJHNKUeKYLJLewGbAACwaLhmCuZd4hrqQC8FuW5 0v16SGCjiQUHjwYn/npIeSBbBhNzmqG8alz9+qAxfTQRobZ6AaTn1CJ8w19AE9RTKn+Y E8ZEDkdalSLFgY62f7Eb+kWmc2EwzxYNbnw98oM/Yf9ifr9MAs2bQg4fu8zSCCtN73CL /kM7SnTlPM2Xq9QfYJPejRpbyZgvcSk3nXuQCgV2nFKNyxNgl8pIjtU0HQxKqZ9vcqmP YnzA9n6Szqs0G7NN9Pw+k1h5MAdBafQKm7Z1qCvj+nOUrYW+yukm2o6DV0RhH5o0R1WT a/MQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to; bh=Bd3lnTouDkrwjjSfW9VflwhzX7QjYlCu/cZFh9AVANo=; b=TiCGLHJq8l4kvrDqxtJA6txVsB5MaPSAH1hqpJ5DkDul8uumkQEeinORYKZO/MsEGt LHz0rLWdBNxO2ALlKk9x0x9u+/M9KSf3lB7k+Zol9sbxBJ+1H0OyTFEP0i2hTSpZnXMR vtPnJDzayzq5tD+h1MfMcmOLvims24PwjG/vGyI5le88YFJWo9ffgI2ixfw3IEtS6u19 CxsKG7qIIQqFIzNyZXc0blATV0g2VUnlnaMLmT2KO2Sw+nfBeqost0j7C8Y9T+hXm9Hl fsdC+DufRhsRrCc4HCyJV1k6EbnAyVIajSLyEvH4+cB5OmlVKI4TKiN0DugpEBZaPBFZ A4eA== X-Gm-Message-State: AOAM5329ylXb2eYkM96aWiBEgIiWaZ1s/ZMgRiRHZX9jFsi9YrwD16vQ zcKsevuHciue/q3TC+I4ycjGxTej2f8= X-Received: by 2002:a63:db09:: with SMTP id e9mr13977072pgg.60.1607727713688; Fri, 11 Dec 2020 15:01:53 -0800 (PST) Received: from google.com ([2620:15c:211:201:7220:84ff:fe09:5e58]) by smtp.gmail.com with ESMTPSA id x4sm11537094pgg.94.2020.12.11.15.01.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 11 Dec 2020 15:01:52 -0800 (PST) Sender: Minchan Kim Date: Fri, 11 Dec 2020 15:01:50 -0800 From: Minchan Kim To: Jann Horn Cc: Christoph Hellwig , Suren Baghdasaryan , Andrew Morton , Michal Hocko , Michal Hocko , David Rientjes , Matthew Wilcox , Johannes Weiner , Roman Gushchin , Rik van Riel , Christian Brauner , Oleg Nesterov , Tim Murray , Linux API , Linux-MM , kernel list , kernel-team Subject: Re: [PATCH 1/2] mm/madvise: allow process_madvise operations on entire memory range Message-ID: References: <20201124053943.1684874-1-surenb@google.com> <20201124053943.1684874-2-surenb@google.com> <20201125231322.GF1484898@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 11, 2020 at 09:27:46PM +0100, Jann Horn wrote: > +CC Christoph Hellwig for opinions on compat > > On Thu, Nov 26, 2020 at 12:22 AM Minchan Kim wrote: > > On Mon, Nov 23, 2020 at 09:39:42PM -0800, Suren Baghdasaryan wrote: > > > process_madvise requires a vector of address ranges to be provided for > > > its operations. When an advice should be applied to the entire process, > > > the caller process has to obtain the list of VMAs of the target process > > > by reading the /proc/pid/maps or some other way. The cost of this > > > operation grows linearly with increasing number of VMAs in the target > > > process. Even constructing the input vector can be non-trivial when > > > target process has several thousands of VMAs and the syscall is being > > > issued during high memory pressure period when new allocations for such > > > a vector would only worsen the situation. > > > In the case when advice is being applied to the entire memory space of > > > the target process, this creates an extra overhead. > > > Add PMADV_FLAG_RANGE flag for process_madvise enabling the caller to > > > advise a memory range of the target process. For now, to keep it simple, > > > only the entire process memory range is supported, vec and vlen inputs > > > in this mode are ignored and can be NULL and 0. > > > Instead of returning the number of bytes that advice was successfully > > > applied to, the syscall in this mode returns 0 on success. This is due > > > to the fact that the number of bytes would not be useful for the caller > > > that does not know the amount of memory the call is supposed to affect. > > > Besides, the ssize_t return type can be too small to hold the number of > > > bytes affected when the operation is applied to a large memory range. > > > > Can we just use one element in iovec to indicate entire address rather > > than using up the reserved flags? > > > > struct iovec { > > .iov_base = NULL, > > .iov_len = (~(size_t)0), > > }; > > In addition to Suren's objections, I think it's also worth considering > how this looks in terms of compat API. If a compat process does > process_madvise() on another compat process, it would be specifying > the maximum 32-bit number, rather than the maximum 64-bit number, so > you'd need special code to catch that case, which would be ugly. > > And when a compat process uses this API on a non-compat process, it > semantically gets really weird: The actual address range covered would > be larger than the address range specified. > > And if we want different access checks for the two flavors in the > future, gating that different behavior on special values in the iovec > would feel too magical to me. > > And the length value SIZE_MAX doesn't really make sense anyway because > the length of the whole address space would be SIZE_MAX+1, which you > can't express. > > So I'm in favor of a new flag, and strongly against using SIZE_MAX as > a magic number here. Can't we simply pass NULL as iovec as special id, then?