Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C8D3C64ED8 for ; Thu, 23 Feb 2023 18:04:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230390AbjBWSEe (ORCPT ); Thu, 23 Feb 2023 13:04:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45362 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229881AbjBWSEc (ORCPT ); Thu, 23 Feb 2023 13:04:32 -0500 Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97E9C55C09 for ; Thu, 23 Feb 2023 10:04:29 -0800 (PST) Received: by mail-ed1-x52a.google.com with SMTP id i34so19950398eda.7 for ; Thu, 23 Feb 2023 10:04:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=USwxvTrM3itz7MA/18FaPbrVGvaCj22AfDbh21ZkNzo=; b=BhTeM1KHPOiptIazaVYWZ4TGpZCI3Iui0ngWB6eT0QeLw3/KHRkUGPvpKPPYJxhlnO NDPPOe0WuiZKWa7BgQM8O/0xv3ESGdUO1ScZfovh1kfSoZTrAN0yP0WgT+6kzNWAn7Bi dlc4rYkysGymNVLdZdBUXgsGHTKpLkcIgo+UKDhMc1VgBZVmSrd3WUN7Ph8QdE9s5OF6 fdPLSGbTNGyuE7Jzkc+FB9u78owmdgvub7Vp9a0vBCR0KkVX8SpThqay5zCYt6ZY+1jH 7VIubHXsT2NOpaCJ/rtJK/L9Eq9tVCW+5Q1FZQ0ij6uyqm4vr7VKfpVLT2k3L8kQWIKv 16mg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=USwxvTrM3itz7MA/18FaPbrVGvaCj22AfDbh21ZkNzo=; b=hS37UV22m5T8dICGRDeicprKOba5SZUZygq8hiXMSlueUWkD+8F27kXuDjzi1xfD0t eoagIyHd/sfuTf3UR2yRJANsqAOWklBY4CAQmdV843XqgPwOBK4qOhnWIfHeqNbOOLS9 nUC3Z5rXoDDktACGIyqQz6YRKqxIHWYqoPb2ap8g9HMMH1XpSyLYXbwLLZFxf1JA6hkF 3nxZChdcpsyeOByCEC0uFkEUJiDyPZUcDVNAx31b+NKEoGqK3+CwwrZm6H1YyTr0JQx+ 1mrx22YD6TJSk+QDRje66ONTDROjac1WS9AGaj4A+sFcD7OqVm4/n8SDUnzn1MVW3JHM ilnw== X-Gm-Message-State: AO0yUKXhWlnuP/+pnD70Rx0vRi7/cb0WcWRNOSs1nVN6FT4sUQ5FtOPl pl0mMc4GKrrj6+j3sjjqpwjhuRSDzow4YmtATx11TyFhHpdYYhEGrcM= X-Google-Smtp-Source: AK7set/PJNzgjTo1sYVS/ZVGj9bU9ocB71ixYAEGo96NUqMqWqi9x45N5eF1dL/eqPotSJPmg2BbB5m+VXz+sduUm9k= X-Received: by 2002:a17:906:3b47:b0:87a:3b3f:b9da with SMTP id h7-20020a1709063b4700b0087a3b3fb9damr10156763ejf.10.1677175467829; Thu, 23 Feb 2023 10:04:27 -0800 (PST) MIME-Version: 1.0 References: <87o7pmnd0p.fsf@nvidia.com> <87k009nvnr.fsf@nvidia.com> In-Reply-To: From: Yosry Ahmed Date: Thu, 23 Feb 2023 10:03:50 -0800 Message-ID: Subject: Re: [PATCH 14/19] mm: Introduce a cgroup for pinned memory To: Jason Gunthorpe Cc: "T.J. Mercier" , Alistair Popple , Tejun Heo , Michal Hocko , linux-mm@kvack.org, cgroups@vger.kernel.org, linux-kernel@vger.kernel.org, jhubbard@nvidia.com, hannes@cmpxchg.org, surenb@google.com, mkoutny@suse.com, daniel@ffwll.ch, "Daniel P . Berrange" , Alex Williamson , Zefan Li , Andrew Morton Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 23, 2023 at 9:28 AM Jason Gunthorpe wrote: > > On Thu, Feb 23, 2023 at 09:18:23AM -0800, T.J. Mercier wrote: > > > > Solving that problem means figuring out when every cgroup stops using > > > the memory - pinning or not. That seems to be very costly. > > > > > This is the current behavior of accounting for memfds, and I suspect > > any kind of shared memory. > > > > If cgroup A creates a memfd, maps and faults in pages, shares the > > memfd with cgroup B and then A unmaps and closes the memfd, then > > cgroup A is still charged for the pages it faulted in. > > As we discussed, as long as the memory is swappable then eventually > memory pressure on cgroup A will evict the memfd pages and then cgroup > B will swap it in and be charged for it. I am not familiar with memfd, but based on mem_cgroup_swapin_charge_folio() it seems like if cgroup B swapped in the pages they will remain charged to cgroup A, unless cgroup A is removed/offlined. Am I missing something? > > > FWIW this is also the behavior I was trying to use to attribute > > dma-buffers to their original allocators. Whoever touches it first > > gets charged as long as the memory is alive somewhere. > > > > Can't we do the same thing for pins? > > If pins are tracked independently from memcg then definately not, > a process in cgroup A should never be able to make a charge on cgroup > B as a matter of security. > > If pins are part of the memcg then we can't always turn the pin > request in to a NOP - the current cgroup always has to be charged for > the memory. Otherwise what is the point from a security perspective? > > Jason