Re: [RESEND RFC PATCH v1 00/20] mm: process/cgroup ksm support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 23.01.23 18:37, Stefan Roesch wrote:
So far KSM can only be enabled by calling madvise for memory regions. What is
required to enable KSM for more workloads is to enable / disable it at the
process / cgroup level.

Did you stumble over the proposals from last year to enable this per-process [1] and system-wide [2]? I remember there was also regarding enabling it system-wide.

I'm going to point out the security aspect, and that e.g., Windows used to enable it system-wide before getting taught by security experts otherwise. Details on KSM and security aspects can be found in that thread.

Long story short: one has to be very careful with that and only enable it for very carefully selected worklads. Letting a workload opt-in on a VMA level is most probably safer than an admin blindly turning this on for random processes ...

Last attempts got nacked ...

[1] https://lore.kernel.org/all/20220517092701.1662641-1-xu.xin16@xxxxxxxxxx/
[2] https://lore.kernel.org/all/20220609055658.703472-1-xu.xin16@xxxxxxxxxx/


1. New options for prctl system command
This patch series adds two new options to the prctl system call. The first
one allows to enable KSM at the process level and the second one to query the
setting.

The setting will be inherited by child processes.

With the above setting, KSM can be enabled for the seed process of a cgroup
and all processes in the cgroup will inherit the setting.

2. Changes to KSM processing
When KSM is enabled at the process level, the KSM code will iterate over all
the VMA's and enable KSM for the eligible VMA's.

When forking a process that has KSM enabled, the setting will be inherited by
the new child process.

In addition when KSM is disabled for a process, KSM will be disabled for the
VMA's where KSM has been enabled.

3. Add tracepoints to KSM
Currently KSM has no tracepoints. This adds tracepoints to the key KSM functions
to make it easier to debug KSM.

4. Add general_profit metric
The general_profit metric of KSM is specified in the documentation, but not
calculated. This adds the general profit metric to /sys/kernel/debug/mm/ksm.

5. Add more metrics to ksm_stat
This adds the process profit and ksm type metric to /proc/<pid>/ksm_stat.

6. Add more tests to ksm_tests
This adds an option to specify the merge type to the ksm_tests. This allows to
test madvise and prctl KSM. It also adds a new option to query if prctl KSM has
been enabled. It adds a fork test to verify that the KSM process setting is
inherited by client processes.


Stefan Roesch (20):
   mm: add new flag to enable ksm per process
   mm: add flag to __ksm_enter
   mm: add flag to __ksm_exit call
   mm: invoke madvise for all vmas in scan_get_next_rmap_item
   mm: support disabling of ksm for a process
   mm: add new prctl option to get and set ksm for a process
   mm: add tracepoints to ksm
   mm: split off pages_volatile function
   mm: expose general_profit metric
   docs: document general_profit sysfs knob
   mm: calculate ksm process profit metric
   mm: add ksm_merge_type() function
   mm: expose ksm process profit metric in ksm_stat
   mm: expose ksm merge type in ksm_stat
   docs: document new procfs ksm knobs
   tools: add new prctl flags to prctl in tools dir
   selftests/vm: add KSM prctl merge test
   selftests/vm: add KSM get merge type test
   selftests/vm: add KSM fork test
   selftests/vm: add two functions for debugging merge outcome

  Documentation/ABI/testing/sysfs-kernel-mm-ksm |   8 +
  Documentation/admin-guide/mm/ksm.rst          |   8 +-
  MAINTAINERS                                   |   1 +
  fs/proc/base.c                                |   5 +
  include/linux/ksm.h                           |  19 +-
  include/linux/sched/coredump.h                |   1 +
  include/trace/events/ksm.h                    | 257 ++++++++++++++++++
  include/uapi/linux/prctl.h                    |   2 +
  kernel/sys.c                                  |  29 ++
  mm/ksm.c                                      | 134 ++++++++-
  tools/include/uapi/linux/prctl.h              |   2 +
  tools/testing/selftests/vm/Makefile           |   3 +-
  tools/testing/selftests/vm/ksm_tests.c        | 254 ++++++++++++++---
  13 files changed, 665 insertions(+), 58 deletions(-)
  create mode 100644 include/trace/events/ksm.h


base-commit: c1649ec55708ae42091a2f1bca1ab49ecd722d55

--
Thanks,

David / dhildenb




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux