lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250321173729.3175898-1-souravpanda@google.com>
Date: Fri, 21 Mar 2025 17:37:23 +0000
From: Sourav Panda <souravpanda@...gle.com>
To: mathieu.desnoyers@...icios.com, willy@...radead.org, david@...hat.com, 
	pasha.tatashin@...een.com, rientjes@...gle.com, akpm@...ux-foundation.org, 
	linux-mm@...ck.org, linux-kernel@...r.kernel.org, weixugc@...gle.com, 
	gthelen@...gle.com, souravpanda@...gle.com, surenb@...gle.com
Subject: [RFC PATCH 0/6] Selective KSM: Synchronous and Partitioned Merging

The purpose of this RFC is to supplement our discussion in LSF/MM-25.

This is sent as a proof of concept. It applies on top of v6.14-rc7.

With the goal of increasing security and improving CPU efficiency,
we would like to propose making KSM synchronous and partitioned.

The synchronous aspect eliminates the need of ksmd running in the
background. Instead, userspace can trigger merging on the specified
memory region synchronously. Contrary to SKSM [1], which uses
MADV_MERGE, we also propose sysfs and syscall based alternatives.

The partitioned aspect divides the merge space into security domains.
Merging of pages only takes place within a partition, improving security.
Furthermore, trees in each partitioning becomes smaller, improving CPU
efficiency.

Proposal 1: SYSFS Interface

  KSM_SYSFS=/sys/kernel/mm/ksm

  echo "part_1" >  ${KSM_SYSFS}/ksm/control/add_partition

  ls ${KSM_SYSFS}/part_1/
	  pages_scanned       pages_to_scan   sleep_millisecs  ...

  echo "pid start_addr end_addr" > ${KSM_SYSFS}/part_1/trigger_merge

Proposal 2: SYSCALL Interface

  Partition can be created or opened using:

    int ksm_fd = ksm_open(ksm_name, flag);
      name specifies the ksm partition to be created or opened.
      flags:
        O_CREAT
          Create the ksm partition object if it does not exist.
        O_EXCL
          If O_CREAT was also specified, and a shared memory object
          with the given name already exists, return an error.

  Trigger the merge using:
    ksm_merge(ksm_fd, pid, start_addr, size);

[1] https://lore.kernel.org/linux-mm/20250228023043.83726-1-mathieu.desnoyers@efficios.com/

Sourav Panda (6):
  mm: introduce SELECTIVE_KSM KConfig
  mm: make Selective KSM synchronous
  mm: make Selective KSM partitioned
  mm: create dedicated trees for SELECTIVE KSM partitions
  mm: trigger unmerge and remove SELECTIVE KSM partition
  mm: syscall alternative for SELECTIVE_KSM

 arch/x86/entry/syscalls/syscall_64.tbl |   3 +-
 include/linux/ksm.h                    |   4 +
 mm/Kconfig                             |  11 +
 mm/ksm.c                               | 823 ++++++++++++++++++++++---
 4 files changed, 751 insertions(+), 90 deletions(-)

-- 
2.49.0.395.g12beb8f557-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ