| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Nov 2023 15:03:30 -0800 From: Yosry Ahmed <yosryahmed@...gle.com> To: Pasha Tatashin <pasha.tatashin@...een.com> Cc: akpm@...ux-foundation.org, alex.williamson@...hat.com, alim.akhtar@...sung.com, alyssa@...enzweig.io, asahi@...ts.linux.dev, baolu.lu@...ux.intel.com, bhelgaas@...gle.com, cgroups@...r.kernel.org, corbet@....net, david@...hat.com, dwmw2@...radead.org, hannes@...xchg.org, heiko@...ech.de, iommu@...ts.linux.dev, jasowang@...hat.com, jernej.skrabec@...il.com, jgg@...pe.ca, jonathanh@...dia.com, joro@...tes.org, kevin.tian@...el.com, krzysztof.kozlowski@...aro.org, kvm@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-mm@...ck.org, linux-rockchip@...ts.infradead.org, linux-samsung-soc@...r.kernel.org, linux-sunxi@...ts.linux.dev, linux-tegra@...r.kernel.org, lizefan.x@...edance.com, marcan@...can.st, mhiramat@...nel.org, mst@...hat.com, m.szyprowski@...sung.com, netdev@...r.kernel.org, paulmck@...nel.org, rdunlap@...radead.org, robin.murphy@....com, samuel@...lland.org, suravee.suthikulpanit@....com, sven@...npeter.dev, thierry.reding@...il.com, tj@...nel.org, tomas.mudrunka@...il.com, vdumpa@...dia.com, virtualization@...ts.linux.dev, wens@...e.org, will@...nel.org, yu-cheng.yu@...el.com Subject: Re: [PATCH 00/16] IOMMU memory observability On Tue, Nov 28, 2023 at 2:32 PM Pasha Tatashin <pasha.tatashin@...een.com> wrote: > > On Tue, Nov 28, 2023 at 4:34 PM Yosry Ahmed <yosryahmed@...gle.com> wrote: > > > > On Tue, Nov 28, 2023 at 12:49 PM Pasha Tatashin > > <pasha.tatashin@...een.com> wrote: > > > > > > From: Pasha Tatashin <tatashin@...gle.com> > > > > > > IOMMU subsystem may contain state that is in gigabytes. Majority of that > > > state is iommu page tables. Yet, there is currently, no way to observe > > > how much memory is actually used by the iommu subsystem. > > > > > > This patch series solves this problem by adding both observability to > > > all pages that are allocated by IOMMU, and also accountability, so > > > admins can limit the amount if via cgroups. > > > > > > The system-wide observability is using /proc/meminfo: > > > SecPageTables: 438176 kB > > > > > > Contains IOMMU and KVM memory. > > > > > > Per-node observability: > > > /sys/devices/system/node/nodeN/meminfo > > > Node N SecPageTables: 422204 kB > > > > > > Contains IOMMU and KVM memory memory in the given NUMA node. > > > > > > Per-node IOMMU only observability: > > > /sys/devices/system/node/nodeN/vmstat > > > nr_iommu_pages 105555 > > > > > > Contains number of pages IOMMU allocated in the given node. > > > > Does it make sense to have a KVM-only entry there as well? > > > > In that case, if SecPageTables in /proc/meminfo is found to be > > suspiciously high, it should be easy to tell which component is > > contributing most usage through vmstat. I understand that users can do > > the subtraction, but we wouldn't want userspace depending on that, in > > case a third class of "secondary" page tables emerges that we want to > > add to SecPageTables. The in-kernel implementation can do the > > subtraction for now if it makes sense though. > > Hi Yosry, > > Yes, another counter for KVM could be added. On the other hand KVM > only can be computed by subtracting one from another as there are only > two types of secondary page tables, KVM and IOMMU: > > /sys/devices/system/node/node0/meminfo > Node 0 SecPageTables: 422204 kB > > /sys/devices/system/node/nodeN/vmstat > nr_iommu_pages 105555 > > KVM only = SecPageTables - nr_iommu_pages * PAGE_SIZE / 1024 > Right, but as I mention above, if userspace starts depending on this equation, we won't be able to add any more classes of "secondary" page tables to SecPageTables. I'd like to avoid that if possible. We can do the subtraction in the kernel.
Powered by blists - more mailing lists