Re: [PATCH v7 7/7] mm/madvise: allow KSM hints for remote API

From: Jann Horn
Date: Wed Jun 10 2020 - 22:21:57 EST

Next message: Xiang Zheng: "Re: [RFC PATCH v4 08/10] i40e/vf_migration: VF live migration - pass-through VF first"
Previous message: Li Zhijian: "Re: [kmemleak] b751c52bb5: BUG:kernel_hang_in_boot_stage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Mar 2, 2020 at 8:36 PM Minchan Kim <minchan@xxxxxxxxxx> wrote:
> From: Oleksandr Natalenko <oleksandr@xxxxxxxxxx>
>
> It all began with the fact that KSM works only on memory that is marked
> by madvise(). And the only way to get around that is to either:
[...]
> To overcome this restriction, lets employ a new remote madvise API. This
> can be used by some small userspace helper daemon that will do auto-KSM
> job for us.
>
> I think of two major consumers of remote KSM hints:
[...]
> * heavy applications, that can be run in multiple instances, not
> limited to opensource ones like Firefox, but also those that cannot be
> modified since they are binary-only and, maybe, statically linked.

Just as a note, since you're mentioning Firefox as a usecase: Memory
deduplication between browser renderers creates new side channels and
is a questionable idea from a security standpoint. Memory
deduplication is (mostly) fine if either all involved processes are
trusted or no involved processes contain secrets, but browsers usually
run tons of untrusted code while at the same time containing lots of
valuable secrets.

Next message: Xiang Zheng: "Re: [RFC PATCH v4 08/10] i40e/vf_migration: VF live migration - pass-through VF first"
Previous message: Li Zhijian: "Re: [kmemleak] b751c52bb5: BUG:kernel_hang_in_boot_stage"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]