From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89DBAC282C4 for ; Tue, 12 Feb 2019 03:44:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 596EB21855 for ; Tue, 12 Feb 2019 03:44:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1549943079; bh=V+4sz6GuJCGGE8jPyQE9VqmVQ6GL9QhF5Xh07eR5KFE=; h=Date:From:To:cc:Subject:In-Reply-To:References:List-ID:From; b=d8+0Y42Qi8IuNWm/Uxu0CnxaLPPiK2l7uZcYsMEWKSGcIQY7pWazkpcSgIkfu09Ho TVxq2gEw/TgUHnjkx/Q3frwkoBt3ZBsxgL0i0PFweYZhISECFmxBkN2hFNnn0328YH KOXc+LeOk4D7FYPJ4lyqUiJOQdUoXLcFl9rO2qQc= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727359AbfBLDoh (ORCPT ); Mon, 11 Feb 2019 22:44:37 -0500 Received: from mail.kernel.org ([198.145.29.99]:54560 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726699AbfBLDoh (ORCPT ); Mon, 11 Feb 2019 22:44:37 -0500 Received: from pobox.suse.cz (prg-ext-pat.suse.com [213.151.95.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7A24F21773; Tue, 12 Feb 2019 03:44:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1549943076; bh=V+4sz6GuJCGGE8jPyQE9VqmVQ6GL9QhF5Xh07eR5KFE=; h=Date:From:To:cc:Subject:In-Reply-To:References:From; b=vKc7uY29NkDNfw5V+B7Gqas26TB+Nf3GWR62SCx9T6h+fBSNhkhryeK7eBVOE1K7K 5S11y+gpvdt8EZQhYHehrr+tYctkCpe7sumRXbltQ9/N9eFnwn3VBe5qcEayPhFi9l YssmPPJzSynButtCx2xLmRImkE6xMgI3xgHPbTQk= Date: Tue, 12 Feb 2019 04:44:30 +0100 (CET) From: Jiri Kosina To: Vlastimil Babka cc: Michal Hocko , Andrew Morton , Linus Torvalds , linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-api@vger.kernel.org, Peter Zijlstra , Greg KH , Jann Horn , Dominique Martinet , Andy Lutomirski , Dave Chinner , Kevin Easton , Matthew Wilcox , Cyril Hrubis , Tejun Heo , "Kirill A . Shutemov" , Daniel Gruss , Josh Snyder Subject: Re: [PATCH 3/3] mm/mincore: provide mapped status when cached status is not allowed In-Reply-To: <99ee4d3e-aeb2-0104-22be-b028938e7f88@suse.cz> Message-ID: References: <20190130124420.1834-1-vbabka@suse.cz> <20190130124420.1834-4-vbabka@suse.cz> <20190131100907.GS18811@dhcp22.suse.cz> <99ee4d3e-aeb2-0104-22be-b028938e7f88@suse.cz> User-Agent: Alpine 2.21 (LSU 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 1 Feb 2019, Vlastimil Babka wrote: > >> After "mm/mincore: make mincore() more conservative" we sometimes restrict the > >> information about page cache residency, which we have to do without breaking > >> existing userspace, if possible. We thus fake the resulting values as 1, which > >> should be safer than faking them as 0, as there might theoretically exist code > >> that would try to fault in the page(s) until mincore() returns 1. > >> > >> Faking 1 however means that such code would not fault in a page even if it was > >> not in page cache, with unwanted performance implications. We can improve the > >> situation by revisting the approach of 574823bfab82 ("Change mincore() to count > >> "mapped" pages rather than "cached" pages") but only applying it to cases where > >> page cache residency check is restricted. Thus mincore() will return 0 for an > >> unmapped page (which may or may not be resident in a pagecache), and 1 after > >> the process faults it in. > >> > >> One potential downside is that mincore() will be again able to recognize when a > >> previously mapped page was reclaimed. While that might be useful for some > >> attack scenarios, it's not as crucial as recognizing that somebody else faulted > >> the page in, and there are also other ways to recognize reclaimed pages anyway. > > > > Is this really worth it? Do we know about any specific usecase that > > would benefit from this change? TBH I would rather wait for the report > > than add a hard to evaluate side channel. > > Well it's not that complicated IMHO. Linus said it's worth trying, so > let's see how he likes the result. The side channel exists anyway as > long as process can e.g. check if its rss shrinked, and I doubt we are > going to remove that possibility. So, where do we go from here? Either Linus and Andrew like the mincore() return value tweak, or this could be further discussed (*). But in either of the cases, I think patches 1 and 2 should be at least queued for 5.1. (*) I'd personally include it as well, as I don't see how it would break anything, it's pretty straightforward, and brings back some sanity to mincore() return value. Thanks, -- Jiri Kosina SUSE Labs