lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Nov 2023 15:03:30 -0800
From: Yosry Ahmed <yosryahmed@...gle.com>
To: Pasha Tatashin <pasha.tatashin@...een.com>
Cc: akpm@...ux-foundation.org, alex.williamson@...hat.com, 
	alim.akhtar@...sung.com, alyssa@...enzweig.io, asahi@...ts.linux.dev, 
	baolu.lu@...ux.intel.com, bhelgaas@...gle.com, cgroups@...r.kernel.org, 
	corbet@....net, david@...hat.com, dwmw2@...radead.org, hannes@...xchg.org, 
	heiko@...ech.de, iommu@...ts.linux.dev, jasowang@...hat.com, 
	jernej.skrabec@...il.com, jgg@...pe.ca, jonathanh@...dia.com, joro@...tes.org, 
	kevin.tian@...el.com, krzysztof.kozlowski@...aro.org, kvm@...r.kernel.org, 
	linux-arm-kernel@...ts.infradead.org, linux-doc@...r.kernel.org, 
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, 
	linux-mm@...ck.org, linux-rockchip@...ts.infradead.org, 
	linux-samsung-soc@...r.kernel.org, linux-sunxi@...ts.linux.dev, 
	linux-tegra@...r.kernel.org, lizefan.x@...edance.com, marcan@...can.st, 
	mhiramat@...nel.org, mst@...hat.com, m.szyprowski@...sung.com, 
	netdev@...r.kernel.org, paulmck@...nel.org, rdunlap@...radead.org, 
	robin.murphy@....com, samuel@...lland.org, suravee.suthikulpanit@....com, 
	sven@...npeter.dev, thierry.reding@...il.com, tj@...nel.org, 
	tomas.mudrunka@...il.com, vdumpa@...dia.com, virtualization@...ts.linux.dev, 
	wens@...e.org, will@...nel.org, yu-cheng.yu@...el.com
Subject: Re: [PATCH 00/16] IOMMU memory observability

On Tue, Nov 28, 2023 at 2:32 PM Pasha Tatashin
<pasha.tatashin@...een.com> wrote:
>
> On Tue, Nov 28, 2023 at 4:34 PM Yosry Ahmed <yosryahmed@...gle.com> wrote:
> >
> > On Tue, Nov 28, 2023 at 12:49 PM Pasha Tatashin
> > <pasha.tatashin@...een.com> wrote:
> > >
> > > From: Pasha Tatashin <tatashin@...gle.com>
> > >
> > > IOMMU subsystem may contain state that is in gigabytes. Majority of that
> > > state is iommu page tables. Yet, there is currently, no way to observe
> > > how much memory is actually used by the iommu subsystem.
> > >
> > > This patch series solves this problem by adding both observability to
> > > all pages that are allocated by IOMMU, and also accountability, so
> > > admins can limit the amount if via cgroups.
> > >
> > > The system-wide observability is using /proc/meminfo:
> > > SecPageTables:    438176 kB
> > >
> > > Contains IOMMU and KVM memory.
> > >
> > > Per-node observability:
> > > /sys/devices/system/node/nodeN/meminfo
> > > Node N SecPageTables:    422204 kB
> > >
> > > Contains IOMMU and KVM memory memory in the given NUMA node.
> > >
> > > Per-node IOMMU only observability:
> > > /sys/devices/system/node/nodeN/vmstat
> > > nr_iommu_pages 105555
> > >
> > > Contains number of pages IOMMU allocated in the given node.
> >
> > Does it make sense to have a KVM-only entry there as well?
> >
> > In that case, if SecPageTables in /proc/meminfo is found to be
> > suspiciously high, it should be easy to tell which component is
> > contributing most usage through vmstat. I understand that users can do
> > the subtraction, but we wouldn't want userspace depending on that, in
> > case a third class of "secondary" page tables emerges that we want to
> > add to SecPageTables. The in-kernel implementation can do the
> > subtraction for now if it makes sense though.
>
> Hi Yosry,
>
> Yes, another counter for KVM could be added. On the other hand KVM
> only can be computed by subtracting one from another as there are only
> two types of secondary page tables, KVM and IOMMU:
>
> /sys/devices/system/node/node0/meminfo
> Node 0 SecPageTables:    422204 kB
>
>  /sys/devices/system/node/nodeN/vmstat
> nr_iommu_pages 105555
>
> KVM only = SecPageTables - nr_iommu_pages * PAGE_SIZE / 1024
>

Right, but as I mention above, if userspace starts depending on this
equation, we won't be able to add any more classes of "secondary" page
tables to SecPageTables. I'd like to avoid that if possible. We can do
the subtraction in the kernel.

Powered by blists - more mailing lists