From patchwork Fri Dec 1 09:46:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13475574 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="AmCxtAKm" Received: from mail-pg1-x529.google.com (mail-pg1-x529.google.com [IPv6:2607:f8b0:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34C31B2; Fri, 1 Dec 2023 01:47:08 -0800 (PST) Received: by mail-pg1-x529.google.com with SMTP id 41be03b00d2f7-53fa455cd94so244362a12.2; Fri, 01 Dec 2023 01:47:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701424027; x=1702028827; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=mmx346GI6fqI6wzgBEPg9Fgvbs5eLVjahXLFcCzrycE=; b=AmCxtAKmvvQspeayK4vJIMVZPb0OjjqFk7DMZhxab0YuSGvd2ZRDfOSVJS8EWnB0oI vWEZkt5/6XPRL+tA0SkaIV8OYQhCR95GaO5k9Lyu5Tn6gIap0i0IyBGqHIyT+1HPb9ih CbaNSa7b7UY7dDXRzSD467VMqJL1OD715prElZUpZoxXpk5RMrMcWkV/7zJ4rofN6qu1 0wdt/+TMXSo/QIoysuGThcw0KKzgsieMz+9SV74jJZ20+AB8gHQpHyk5Jjp9pJctUuY5 nBPaS5LJxal2ZPlMsn9GzxKVkLfSNZgN0YZvADjwS9tKvvE+FNZa8R6/FaTaxuASMnZl NpBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701424027; x=1702028827; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=mmx346GI6fqI6wzgBEPg9Fgvbs5eLVjahXLFcCzrycE=; b=eBfut50aqXTKrEivAkItP4zWZKbZjn7Q024WfrlM9kpkhba3tesmIPQ66+lT0jiqhb Fo2FPkHWWt3SqZb+5kc364el7XssyKIUXLr+57uYdnduxeMBhr5d5QAQF9z37jE6HO8K G35HrJ/+N+RcWoo7t8dZaa8NhQ3XdTe9uOsXRmytjQ+P4aEFUQqvx9CDE+ND4vorLJXD 1isAxGepelHuqIAR9fcBC6dp8bhlFAWYfm+u/U4g6vXFBb91VMvFhB6b4whX17aw6wkp TBgeiOVYmesf316MxN/QN2hzKjPAoIHlSWQGkwt27NFIAUT8Xj+TDSDRIrttAz6edotr qxGw== X-Gm-Message-State: AOJu0YwEruezQTZNxvnQHbbH4H34Z2MUAEORXpSdJGH8MBnIuxPOEcfs NmqcvjY1w8Xkctkk9vsUOfw= X-Google-Smtp-Source: AGHT+IFigdK8sQwXucIFYeMm2TxPUV3X4nzFGv3uOLyaN6ywOAWNYbjC0TurnvUFhtxnQN/TgABwqA== X-Received: by 2002:a05:6a20:5521:b0:187:f7ac:b8d5 with SMTP id ko33-20020a056a20552100b00187f7acb8d5mr20361920pzb.25.1701424027584; Fri, 01 Dec 2023 01:47:07 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id e6-20020a170902b78600b001bdd7579b5dsm2875534pls.240.2023.12.01.01.47.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 01:47:07 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v3 1/7] mm, doc: Add doc for MPOL_F_NUMA_BALANCING Date: Fri, 1 Dec 2023 09:46:30 +0000 Message-Id: <20231201094636.19770-2-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231201094636.19770-1-laoar.shao@gmail.com> References: <20231201094636.19770-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The document on MPOL_F_NUMA_BALANCING was missed in the initial commit The MPOL_F_NUMA_BALANCING document was inadvertently omitted from the initial commit bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes") Let's ensure its inclusion. Signed-off-by: Yafang Shao Reviewed-by: "Huang, Ying" --- .../admin-guide/mm/numa_memory_policy.rst | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/Documentation/admin-guide/mm/numa_memory_policy.rst b/Documentation/admin-guide/mm/numa_memory_policy.rst index eca38fa81e0f..19071b71979c 100644 --- a/Documentation/admin-guide/mm/numa_memory_policy.rst +++ b/Documentation/admin-guide/mm/numa_memory_policy.rst @@ -332,6 +332,33 @@ MPOL_F_RELATIVE_NODES MPOL_PREFERRED policies that were created with an empty nodemask (local allocation). +MPOL_F_NUMA_BALANCING (since Linux 5.12) + When operating in MPOL_BIND mode, enables NUMA balancing for tasks, + contingent upon kernel support. This feature optimizes page + placement within the confines of the specified memory binding + policy. The addition of the MPOL_F_NUMA_BALANCING flag augments the + control mechanism for NUMA balancing: + + - The sysctl knob numa_balancing governs global activation or + deactivation of NUMA balancing. + + - Even if sysctl numa_balancing is enabled, NUMA balancing remains + disabled by default for memory areas or applications utilizing + explicit memory policies. + + - The MPOL_F_NUMA_BALANCING flag facilitates NUMA balancing + activation for applications employing explicit memory policies + (MPOL_BIND). + + This flags enables various optimizations for page placement through + NUMA balancing. For instance, when an application's memory is bound + to multiple nodes (MPOL_BIND), the hint page fault handler attempts + to migrate accessed pages to reduce cross-node access if the + accessing node aligns with the policy nodemask. + + If the flag isn't supported by the kernel, or is used with mode + other than MPOL_BIND, -1 is returned and errno is set to EINVAL. + Memory Policy Reference Counting ================================ From patchwork Fri Dec 1 09:46:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13475577 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="C3bbmM7R" Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90E1E193; Fri, 1 Dec 2023 01:47:09 -0800 (PST) Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-1d0538d9bbcso2892895ad.3; Fri, 01 Dec 2023 01:47:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701424029; x=1702028829; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7q7TZ/hQmcOsL5S8ofmt3CfzAuJJI0PuQ5alBSABkro=; b=C3bbmM7RpyPc2vlkLSFBX5I/GjTcyQFwtDmE/1BodRnCa5YUF5OLWekXOoSxeH42+i PTzU/ZcPmYal047RbTBR5Qk9Xh4oK+yN9B9hhqM4rxI6GQjiMytdzvySR6a4SE2vEOFW Y+ACmfJefsuXmJe3knfWe+F54foYRl/MMTHMTTyxlNqAZscEfndscp2zqQ/dGX6f7Sft T++ueKeGe2Z2eqK2EVuu2ze9a0s//BitfkbmmaDTVQMrk7iiJY92pp9BVaMtz+n+cPks GPfY5HJ5vPnvhKZn6fqK42TJRxUygZw0ggLzjSdkor37ihHfUA2886oIPUHGlmLxLFaL TUig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701424029; x=1702028829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7q7TZ/hQmcOsL5S8ofmt3CfzAuJJI0PuQ5alBSABkro=; b=dNxq6+IJoesuvUMTXCdvkh8umtqIHullmkyOkpo7blDP1bL8fnwepjAVnv+IGdXPb1 H7uwZEVmpmKNUcTZ/r2EwCwAfkZPZLwEPSlvAFGje7RPkw2+LJAgbe1w8svM/D2H2m2S x8xuSRfsJspFN1gYGvxKIBNBHzTDy7I1xeOfB0cfj59wkSf+yi/r1RmK1R3MHZ8T0w+O 8F8ycNOdEKE56zviyeSl7rk3XQWZWR8l/mMPxjkQZLXyTTv4U8/r000j73HgXMF2o7oC 4IKbgc4KdhJPIQ3u2W+y5+JEnLExHC2M/WsbSanf2xpdQqJH8uGDzfw359px3QpUEB+v e3sg== X-Gm-Message-State: AOJu0Yz3Zf7q+5bIoTo8re2iF/0ky7BO621RItdhBq/eKZHyWes6vS93 ugsoo2035+HKjvbejB44XUU= X-Google-Smtp-Source: AGHT+IHY7BXr2lrItoDjy9fRRvCLOX0ey7rYRvBq4aXsP/3tg6wFqHDYposNzHDwQ5WVCd/30HQ5Hg== X-Received: by 2002:a17:902:c944:b0:1cf:a2e7:f843 with SMTP id i4-20020a170902c94400b001cfa2e7f843mr32499685pla.23.1701424028951; Fri, 01 Dec 2023 01:47:08 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id e6-20020a170902b78600b001bdd7579b5dsm2875534pls.240.2023.12.01.01.47.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 01:47:08 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao , Eric Dumazet Subject: [PATCH v3 2/7] mm: mempolicy: Revise comment regarding mempolicy mode flags Date: Fri, 1 Dec 2023 09:46:31 +0000 Message-Id: <20231201094636.19770-3-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231201094636.19770-1-laoar.shao@gmail.com> References: <20231201094636.19770-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 MPOL_F_STATIC_NODES, MPOL_F_RELATIVE_NODES, and MPOL_F_NUMA_BALANCING are mode flags applicable to both set_mempolicy(2) and mbind(2) system calls. It's worth noting that MPOL_F_NUMA_BALANCING was initially introduced in commit bda420b98505 ("numa balancing: migrate on fault among multiple bound nodes") exclusively for set_mempolicy(2). However, it was later made a shared flag for both set_mempolicy(2) and mbind(2) following commit 6d2aec9e123b ("mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind()"). This revised version aims to clarify the details regarding the mode flags. Signed-off-by: Yafang Shao Reviewed-by: "Huang, Ying" Cc: Eric Dumazet --- include/uapi/linux/mempolicy.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/uapi/linux/mempolicy.h b/include/uapi/linux/mempolicy.h index a8963f7ef4c2..afed4a45f5b9 100644 --- a/include/uapi/linux/mempolicy.h +++ b/include/uapi/linux/mempolicy.h @@ -26,7 +26,7 @@ enum { MPOL_MAX, /* always last member of enum */ }; -/* Flags for set_mempolicy */ +/* Flags for set_mempolicy() or mbind() */ #define MPOL_F_STATIC_NODES (1 << 15) #define MPOL_F_RELATIVE_NODES (1 << 14) #define MPOL_F_NUMA_BALANCING (1 << 13) /* Optimize with NUMA balancing if possible */ From patchwork Fri Dec 1 09:46:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13475576 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="lQl4mazy" Received: from mail-pf1-x429.google.com (mail-pf1-x429.google.com [IPv6:2607:f8b0:4864:20::429]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9FA2C10DE; Fri, 1 Dec 2023 01:47:10 -0800 (PST) Received: by mail-pf1-x429.google.com with SMTP id d2e1a72fcca58-6cdd4aab5f5so1902163b3a.3; Fri, 01 Dec 2023 01:47:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701424030; x=1702028830; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Dess//0c2Lh04XmQ2u56zFtWMuXDgxNkubc5UfyU5ak=; b=lQl4mazypz+7JgpnradWaXdq19xkZ1iqFM556jppCCtXOlIBxDCMFeDTUliT9j0MtL pzcqGiH3Q6tVmGK0TElaS8dilXYY4Tlxmmtl0QoY4AZJg6ODoXXgpQG7aC1oQdyBB2nu R9sZs5V+oaC1zEakupZqGITCJDM4NQKehcIqvN984JHcWzVQmVljySJ585Z8f4zAxAw9 mSBVZajb+6uNp/0C8mbqMbGuDODgvs7NdnRHi5jbx4Y50DuMJdxmXSpW+qO+94k517wZ lEYH4cREweO/AFz/7DcmdWi2gOy2ztQj0QHSCmQNpyccTAI7g90U2wu4KQ/p8tqq282b 6BRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701424030; x=1702028830; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Dess//0c2Lh04XmQ2u56zFtWMuXDgxNkubc5UfyU5ak=; b=L9SNBCFUcRK9rPjNqiDEcQTpLsZbzJ6PuFJcNU4Txic9jPh32SGS99tgnlyuqHExWT zS9GN897A6GB9CZbgCTw4ZjT8VXsv/cc+0hV5o8XScjxzfVHEa5DYe2TB4XYNwkVNNch hD6j8PlxAEVADTDE1pTpdz4WkpAnmfovhE8GDLRz35lOcfFeyaU5fUj9ej23p1pOOzkm UNSC7dDckyd2cCW1Gao70Dq9H+d5BeFiZ6imEULJczFh3xvzAw5/wQHz2lBExZqlDxgQ hIbMrIqmq2DHkuVpJSXNhHBSlD/f26h4W6X2QE77L+tr2yrN5Hrc7PvI8JePYDPS2YOK orrA== X-Gm-Message-State: AOJu0YyX/1UvqQbHw00lS4sJNmJdXdjsiACmRyIPmJM14/vwMPxxCAXI nqFn6skzLRPvg1mB+tavJXTBbXvde3WP6eCg X-Google-Smtp-Source: AGHT+IFKEK9U8bDFol/OVizJQvuY/KulkxmLfMUD7mG6RF1mpjVP4Jnt4qHJlMEuVuE8HB+QA/XgNw== X-Received: by 2002:a05:6a20:9154:b0:18b:5a66:3f70 with SMTP id x20-20020a056a20915400b0018b5a663f70mr30186543pzc.2.1701424030179; Fri, 01 Dec 2023 01:47:10 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id e6-20020a170902b78600b001bdd7579b5dsm2875534pls.240.2023.12.01.01.47.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 01:47:09 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v3 3/7] mm, security: Fix missed security_task_movememory() Date: Fri, 1 Dec 2023 09:46:32 +0000 Message-Id: <20231201094636.19770-4-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231201094636.19770-1-laoar.shao@gmail.com> References: <20231201094636.19770-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Considering that MPOL_F_NUMA_BALANCING or mbind(2) using either MPOL_MF_MOVE or MPOL_MF_MOVE_ALL are capable of memory movement, it's essential to include security_task_movememory() to cover this functionality as well. It was identified during a code review. Signed-off-by: Yafang Shao --- mm/mempolicy.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 10a590ee1c89..1eafe81d782e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1259,8 +1259,15 @@ static long do_mbind(unsigned long start, unsigned long len, if (!new) flags |= MPOL_MF_DISCONTIG_OK; - if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) + if (flags & (MPOL_MF_MOVE | MPOL_MF_MOVE_ALL)) { + err = security_task_movememory(current); + if (err) { + mpol_put(new); + return err; + } lru_cache_disable(); + } + { NODEMASK_SCRATCH(scratch); if (scratch) { @@ -1450,6 +1457,8 @@ static int copy_nodes_to_user(unsigned long __user *mask, unsigned long maxnode, /* Basic parameter sanity check used by both mbind() and set_mempolicy() */ static inline int sanitize_mpol_flags(int *mode, unsigned short *flags) { + int err; + *flags = *mode & MPOL_MODE_FLAGS; *mode &= ~MPOL_MODE_FLAGS; @@ -1460,6 +1469,9 @@ static inline int sanitize_mpol_flags(int *mode, unsigned short *flags) if (*flags & MPOL_F_NUMA_BALANCING) { if (*mode != MPOL_BIND) return -EINVAL; + err = security_task_movememory(current); + if (err) + return err; *flags |= (MPOL_F_MOF | MPOL_F_MORON); } return 0; From patchwork Fri Dec 1 09:46:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13475575 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KMkI7FMU" Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D1FE910F3; Fri, 1 Dec 2023 01:47:11 -0800 (PST) Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1d04c097e34so2721845ad.0; Fri, 01 Dec 2023 01:47:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701424031; x=1702028831; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+x2gW85qXpDm39JWWNR8xOYWTSjKi1NE52O+Y4CVIzE=; b=KMkI7FMU9Atz0ySZLeHG7OtdPqYVZis4QBNf0frUQoGNdhT6sqbkwyH+I3xrPDBrVa HS1358VQ834+DAkw0itc5MoM377WJumHC6uz/ZVxOqXXj8xSnAQ17cL5F7n1aU9Tcdq4 qKJ8gVoaQaIdb2lEGWVwXyguZKANvWRyn9az2TGeY29yKTiN7WHYWFamkIGSzAMFki0B oWHOhFBB/njSUdLAFwLIveWR/XfGCQDTQ//PTBlW6aYsoKnQkzHdzM+C2rKcmjaaL8GT LE+vNg0LiN6eGDnYdrePZ2sabdRT7cDkDZmWf0KFwzT3dU5hEZf+2iw/mau7oCIWEKDe wYyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701424031; x=1702028831; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+x2gW85qXpDm39JWWNR8xOYWTSjKi1NE52O+Y4CVIzE=; b=rgl6yFHal3ZhwgieBT8jPzUsLrmVzBCu9ljf37d4I4JPeQNoL4ETFL1/NLkvk/Jc3W fdhZZ9VM2CILg599Ra0PuhiPS5Fl2IdinSRIdgCFasitoRglBWWXRWfZ6zXGnV2Bb5Yn LTG9b8E25gxp3z9iB5+whdaWunKGiFxnBAirb2YpXrs5A98MUVfOh9gsd+QZ+lrkUrdw uInpUBxONjZmcBR2S4GZtWJcpxmBgwHTdpr//jOWqAACl+g8epCtFQ9hW9wlanRo4G50 GSzkPeetrrsbhW3vhH75wrNuIEcRUYbTdOc638WF+8NAAKaJ9HecDVc5RRcMfCtUq00g G4gA== X-Gm-Message-State: AOJu0YxwYsi8lx+xQViLVA2G2u3mC10dbEbhgE0SnM8NhwMRU6AlX1Sb IwaF4d6Ov23xaBogtdWqwh8= X-Google-Smtp-Source: AGHT+IEfi8CntkWgmrNALbbEki4QUlWGaiYFcUK8uZQCNPbFfdkSpNYq2ORQNXwcZZsO/tOOLRY9fA== X-Received: by 2002:a17:903:447:b0:1d0:5302:4642 with SMTP id iw7-20020a170903044700b001d053024642mr1803858plb.16.1701424031283; Fri, 01 Dec 2023 01:47:11 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id e6-20020a170902b78600b001bdd7579b5dsm2875534pls.240.2023.12.01.01.47.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 01:47:10 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v3 4/7] mm, security: Add lsm hook for memory policy adjustment Date: Fri, 1 Dec 2023 09:46:33 +0000 Message-Id: <20231201094636.19770-5-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231201094636.19770-1-laoar.shao@gmail.com> References: <20231201094636.19770-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In a containerized environment, independent memory binding by a user can lead to unexpected system issues or disrupt tasks being run by other users on the same server. If a user genuinely requires memory binding, we will allocate dedicated servers to them by leveraging kubelet deployment. At present, users have the capability to bind their memory to a specific node without explicit agreement or authorization from us. Consequently, a new LSM hook is introduced to mitigate this. This implementation allows us to exercise fine-grained control over memory policy adjustments within our container environment Signed-off-by: Yafang Shao --- include/linux/lsm_hook_defs.h | 3 +++ include/linux/security.h | 9 +++++++++ mm/mempolicy.c | 8 ++++++++ security/security.c | 13 +++++++++++++ 4 files changed, 33 insertions(+) diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index ff217a5ce552..558012719f98 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -419,3 +419,6 @@ LSM_HOOK(int, 0, uring_override_creds, const struct cred *new) LSM_HOOK(int, 0, uring_sqpoll, void) LSM_HOOK(int, 0, uring_cmd, struct io_uring_cmd *ioucmd) #endif /* CONFIG_IO_URING */ + +LSM_HOOK(int, 0, set_mempolicy, unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) diff --git a/include/linux/security.h b/include/linux/security.h index 1d1df326c881..cc4a19a0888c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -484,6 +484,8 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) @@ -1395,6 +1397,13 @@ static inline int security_locked_down(enum lockdown_reason what) { return 0; } + +static inline int +security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return 0; +} #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index 1eafe81d782e..9a260dd24a4b 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1495,6 +1495,10 @@ static long kernel_mbind(unsigned long start, unsigned long len, if (err) return err; + err = security_set_mempolicy(lmode, mode_flags, &nodes, flags); + if (err) + return err; + return do_mbind(start, len, lmode, mode_flags, &nodes, flags); } @@ -1589,6 +1593,10 @@ static long kernel_set_mempolicy(int mode, const unsigned long __user *nmask, if (err) return err; + err = security_set_mempolicy(lmode, mode_flags, &nodes, 0); + if (err) + return err; + return do_set_mempolicy(lmode, mode_flags, &nodes); } diff --git a/security/security.c b/security/security.c index dcb3e7014f9b..685ad7993753 100644 --- a/security/security.c +++ b/security/security.c @@ -5337,3 +5337,16 @@ int security_uring_cmd(struct io_uring_cmd *ioucmd) return call_int_hook(uring_cmd, 0, ioucmd); } #endif /* CONFIG_IO_URING */ + +/** + * security_set_mempolicy() - Check if memory policy can be adjusted + * @mode: The memory policy mode to be set + * @mode_flags: optional mode flags + * @nmask: modemask to which the mode applies + * @flags: mode flags for mbind(2) only + */ +int security_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return call_int_hook(set_mempolicy, 0, mode, mode_flags, nmask, flags); +} From patchwork Fri Dec 1 09:46:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13475579 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="WJ06Gg5Y" Received: from mail-pf1-x435.google.com (mail-pf1-x435.google.com [IPv6:2607:f8b0:4864:20::435]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F40D310F9; Fri, 1 Dec 2023 01:47:12 -0800 (PST) Received: by mail-pf1-x435.google.com with SMTP id d2e1a72fcca58-6cd97c135e8so1753573b3a.0; Fri, 01 Dec 2023 01:47:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701424032; x=1702028832; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Hrd8Q/aZ94cCzu/B8oHzIUPKN1cXCmsoH2G1FVF6YII=; b=WJ06Gg5Y2l0Kve01pUObWIYRfzTPMdp0PZNSOMDGHrWbopIJpkaoyJbGoHGI1vqxhr NsRC4eE8mV4Yyy1+ruwfc5mTiI3hu1s/XzDXNE1GjHKnB5T3k7K+BjmWzz1r/UvQUbqq VoMp0P/AaOEB9+D8/81Gp5PqQvAknnqvz/4f8ubAeZ9D6I/PVtgR0DQeFKign+pUoryQ WsLWl1tPt7UAyxb7w2V+jNWROQt18MStBUCvbzE/naGvBjyNyFTEKbMSnLZMbuWA5FHq /CU37492EsQi9UKUz6Id5AF+wZpTnz6cb/V447UuUdmz4KY6XByRq0Oow7viuGfss5jh 0+tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701424032; x=1702028832; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Hrd8Q/aZ94cCzu/B8oHzIUPKN1cXCmsoH2G1FVF6YII=; b=M5JSXQGW9rae2V2Sp3ukwlQ0AB6CmTOPjZ/ng2fcHQC1WNjn7n/fjRhGyDCXLr1bs2 zB/dBPtXbhJp1uDYXQNX1Sr8RGSY+P4BzO7ApniYn3XTtqo8naSHLOAKj60JDk9zrdk7 dN9X90vvh6+l/UdiH3t4A1tC/HeHJ+uWtib5neg5+fuslJoJMGv7ZIR9E0Qp+xQGZq8v wbL9RfqiIJ6yhaPjHGrEMO5dDhP8XChqAjCfB8pbJLYQjAlICooweNIKkoFl3UDpd/cQ A47hqAosdGhriDJLAL9dK+nIo+/m7HBPIo45kzgqi2LG3ulVno9ta90l/PDLnYsWoy21 A2Lg== X-Gm-Message-State: AOJu0YxDs7nARNnlXLUgOZMHg3JGjcB0eHdmxD/WuBcfMG0mhp69nSfN MUcoyhEZBcpZwht/a4xDAfI= X-Google-Smtp-Source: AGHT+IGTfBMOdaKabUHzgD6/ex7gttFCAVl5dyu04ZCxUj3YMK/ifw1iGQwqNjXNRb2rj7NPqQSuqQ== X-Received: by 2002:a05:6a21:6215:b0:16c:b5ce:50f with SMTP id wm21-20020a056a21621500b0016cb5ce050fmr19689003pzb.32.1701424032510; Fri, 01 Dec 2023 01:47:12 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id e6-20020a170902b78600b001bdd7579b5dsm2875534pls.240.2023.12.01.01.47.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 01:47:12 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v3 5/7] security: selinux: Implement set_mempolicy hook Date: Fri, 1 Dec 2023 09:46:34 +0000 Message-Id: <20231201094636.19770-6-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231201094636.19770-1-laoar.shao@gmail.com> References: <20231201094636.19770-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Add a SELinux access control for the newly introduced set_mempolicy lsm hook. A new permission "setmempolicy" is defined under the "process" class for it. Signed-off-by: Yafang Shao --- security/selinux/hooks.c | 8 ++++++++ security/selinux/include/classmap.h | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index feda711c6b7b..1528d4dcfa03 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4238,6 +4238,13 @@ static int selinux_userns_create(const struct cred *cred) USER_NAMESPACE__CREATE, NULL); } +static int selinux_set_mempolicy(unsigned long mode, unsigned short mode_flags, + nodemask_t *nmask, unsigned int flags) +{ + return avc_has_perm(current_sid(), task_sid_obj(current), SECCLASS_PROCESS, + PROCESS__SETMEMPOLICY, NULL); +} + /* Returns error only if unable to parse addresses */ static int selinux_parse_skb_ipv4(struct sk_buff *skb, struct common_audit_data *ad, u8 *proto) @@ -7072,6 +7079,7 @@ static struct security_hook_list selinux_hooks[] __ro_after_init = { LSM_HOOK_INIT(task_kill, selinux_task_kill), LSM_HOOK_INIT(task_to_inode, selinux_task_to_inode), LSM_HOOK_INIT(userns_create, selinux_userns_create), + LSM_HOOK_INIT(set_mempolicy, selinux_set_mempolicy), LSM_HOOK_INIT(ipc_permission, selinux_ipc_permission), LSM_HOOK_INIT(ipc_getsecid, selinux_ipc_getsecid), diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index a3c380775d41..c280d92a409f 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -51,7 +51,7 @@ const struct security_class_mapping secclass_map[] = { "getattr", "setexec", "setfscreate", "noatsecure", "siginh", "setrlimit", "rlimitinh", "dyntransition", "setcurrent", "execmem", "execstack", "execheap", "setkeycreate", - "setsockcreate", "getrlimit", NULL } }, + "setsockcreate", "getrlimit", "setmempolicy", NULL } }, { "process2", { "nnp_transition", "nosuid_transition", NULL } }, { "system", From patchwork Fri Dec 1 09:46:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13475578 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="foRr5VBt" Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33BDC13E; Fri, 1 Dec 2023 01:47:14 -0800 (PST) Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-1cfc2d03b3aso2866525ad.1; Fri, 01 Dec 2023 01:47:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701424033; x=1702028833; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Bc/JnQzKFnW7sQYk0Nc9Zpaw4UcMe6UJECHeJqeWNU0=; b=foRr5VBt8ndzC5REdlLq+fFwHZVIhFhP31Emy2Xk2OSyuy/ZO8Gg4/jOKN/nMlaQH3 Wycopa7TZa6Ee12xfkgkl3vLD4EhphwOTxlZSaGHLG0a2W7oPMeBZ9dUaGxVvP0dgW1x NebgW4Qp7se1tSaz0DxfCDm7sAqodUoBS0QG3a0F7aocMPYuWWkZhf6AjYzxw99caOKu jXq2CgNiFP4miT+oGmM7bTxX4azdc/ux2pZoLAYcoRv6RWy791IT+O65hRxlBBHUCzZd 0Yag61wSNzQ9Sg2yngL6FOcgJ2ss1YSs/84XqcgLYS7G75UfxDlzGjy2UXXurqUT0Oxd lZ6w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701424033; x=1702028833; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Bc/JnQzKFnW7sQYk0Nc9Zpaw4UcMe6UJECHeJqeWNU0=; b=eF11fMaVNjtSwLWKZCMMuIXnLXEms1n2GWGLkkN1Q7gVXyb8wrMwpf7iJVf1y/8T4/ JAFMtktJfBGLychCbzBUkiraNvRYqZ0+15umiS3j9Sns+MknKJx/fdXe0yQXR7N8psiL oP2/1zsbOooJ/7Cp8J6IfXhtCkYU7YMSNd2g+TwULbqEc0lIhybXv389FhVcilhlrMt+ vqlMiqYCnrPcS0Am2TAvqEDCvn2lnH4C4Sm6fyG60eG2noklsXWx78ssG4r8Jq1qsFO4 bKJSCbYsjl2G1SAYdI9kZpR0I0QqtS68DLIpY+HXi5JZQ95awKv4pdjsBNHaOJdq5/Ni UTYQ== X-Gm-Message-State: AOJu0Yz2Qd+ZMOYMvucO3gTyTeFBK6ZiSfwFU3ed0u9EIoEVr58KkFEm MDecKJGJ98Jt7HipC7dGS6U= X-Google-Smtp-Source: AGHT+IHzDiK6o6MOlN3a1X1HHIiCln1ILc6SVwnXbjY0NMbXK8wHeCruOVe9g11XZtiAGRL7ZsnvhA== X-Received: by 2002:a17:902:e88b:b0:1cf:d404:5e7c with SMTP id w11-20020a170902e88b00b001cfd4045e7cmr20071237plg.42.1701424033643; Fri, 01 Dec 2023 01:47:13 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id e6-20020a170902b78600b001bdd7579b5dsm2875534pls.240.2023.12.01.01.47.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 01:47:13 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao Subject: [PATCH v3 6/7] selftests/bpf: Add selftests for set_mempolicy with a lsm prog Date: Fri, 1 Dec 2023 09:46:35 +0000 Message-Id: <20231201094636.19770-7-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231201094636.19770-1-laoar.shao@gmail.com> References: <20231201094636.19770-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The result as follows, #261/1 set_mempolicy/MPOL_BIND_with_lsm:OK #261/2 set_mempolicy/MPOL_DEFAULT_with_lsm:OK #261/3 set_mempolicy/MPOL_BIND_without_lsm:OK #261/4 set_mempolicy/MPOL_DEFAULT_without_lsm:OK #261 set_mempolicy:OK Summary: 1/4 PASSED, 0 SKIPPED, 0 FAILED Signed-off-by: Yafang Shao --- .../selftests/bpf/prog_tests/set_mempolicy.c | 81 +++++++++++++++++++ .../selftests/bpf/progs/test_set_mempolicy.c | 28 +++++++ 2 files changed, 109 insertions(+) create mode 100644 tools/testing/selftests/bpf/prog_tests/set_mempolicy.c create mode 100644 tools/testing/selftests/bpf/progs/test_set_mempolicy.c diff --git a/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c b/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c new file mode 100644 index 000000000000..6d115ecedb10 --- /dev/null +++ b/tools/testing/selftests/bpf/prog_tests/set_mempolicy.c @@ -0,0 +1,81 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include +#include +#include +#include +#include +#include "test_set_mempolicy.skel.h" + +#define SIZE 4096 + +static void mempolicy_bind(bool success) +{ + unsigned long mask = 1; + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + /* -lnuma is required by mbind(2), so use __NR_mbind to avoid the dependency. */ + err = syscall(__NR_mbind, addr, SIZE, MPOL_BIND, &mask, sizeof(mask), 0); + if (success) + ASSERT_OK(err, "mbind_success"); + else + ASSERT_ERR(err, "mbind_fail"); + + munmap(addr, SIZE); +} + +static void mempolicy_default(void) +{ + char *addr; + int err; + + addr = mmap(NULL, SIZE, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); + if (!ASSERT_OK_PTR(addr, "mmap")) + return; + + err = syscall(__NR_mbind, addr, SIZE, MPOL_DEFAULT, NULL, 0, 0); + ASSERT_OK(err, "mbind_success"); + + munmap(addr, SIZE); +} + +void test_set_mempolicy(void) +{ + struct test_set_mempolicy *skel; + int err; + + skel = test_set_mempolicy__open(); + if (!ASSERT_OK_PTR(skel, "open")) + return; + + skel->bss->target_pid = getpid(); + + err = test_set_mempolicy__load(skel); + if (!ASSERT_OK(err, "load")) + goto destroy; + + /* Attach LSM prog first */ + err = test_set_mempolicy__attach(skel); + if (!ASSERT_OK(err, "attach")) + goto destroy; + + /* syscall to adjust memory policy */ + if (test__start_subtest("MPOL_BIND_with_lsm")) + mempolicy_bind(false); + if (test__start_subtest("MPOL_DEFAULT_with_lsm")) + mempolicy_default(); + +destroy: + test_set_mempolicy__destroy(skel); + + if (test__start_subtest("MPOL_BIND_without_lsm")) + mempolicy_bind(true); + if (test__start_subtest("MPOL_DEFAULT_without_lsm")) + mempolicy_default(); +} diff --git a/tools/testing/selftests/bpf/progs/test_set_mempolicy.c b/tools/testing/selftests/bpf/progs/test_set_mempolicy.c new file mode 100644 index 000000000000..b5356d5fcb8b --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_set_mempolicy.c @@ -0,0 +1,28 @@ +// SPDX-License-Identifier: GPL-2.0 +/* Copyright (C) 2023 Yafang Shao */ + +#include "vmlinux.h" +#include +#include + +int target_pid; + +static int mem_policy_adjustment(u64 mode) +{ + struct task_struct *task = bpf_get_current_task_btf(); + + if (task->pid != target_pid) + return 0; + + if (mode != MPOL_BIND) + return 0; + return -1; +} + +SEC("lsm/set_mempolicy") +int BPF_PROG(setmempolicy, u64 mode, u16 mode_flags, nodemask_t *nmask, u32 flags) +{ + return mem_policy_adjustment(mode); +} + +char _license[] SEC("license") = "GPL"; From patchwork Fri Dec 1 09:46:36 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yafang Shao X-Patchwork-Id: 13475580 X-Patchwork-Delegate: paul@paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jevcNiOX" Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C3BCB2; Fri, 1 Dec 2023 01:47:15 -0800 (PST) Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1d04c097e34so2722175ad.0; Fri, 01 Dec 2023 01:47:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701424035; x=1702028835; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KGCoJREXvSOAbrJphjZNhFQw16aaUKi1TbhunSAnqyc=; b=jevcNiOX5rWmIDl+8uMuo+yG4NYe/rMus/ep5qXtgrdUG0yttLDgrqujwCGAXzQtXN E7PuvKlQ2GlfLwWwww8Wk4tb4Cge0ZViU0Ve757wdiUVSPKC1VmWOKkwZtYCfixTquCc RTc4r68B4uNM+RG9c/T8CcG/o2Cy+h4AGUMt+/SJbMCE2nvEhbU+y+vbKSKeLGXeBqKf OcWyNu567IYnig9/7peTQG4Op1Vx2Mh4QfZIyswWhldVHXtYyuCjVubRonGLTaOkSgJ+ oV/cenrMFuuf2KTCAIgUsLNoLHHx2oTTcIR8I5nXx0k6dH1wLVq1C4El0w0C9vKbfspc FmcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701424035; x=1702028835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KGCoJREXvSOAbrJphjZNhFQw16aaUKi1TbhunSAnqyc=; b=Bcdjro5rgR2SX6Ns0XEoxHSgzEDLZv51VM6Rr9iIlGA5Q640J2z0ELZnQ9JmlvVY4b aEz5HV2BzM0ydosnYCfoYA3rbRhFvMuxiNT/pROfXgdF5rRiQF+z4LYIhErckasexd79 AMwM6N2ElR1Hhd/Dqi0Y5DonkXm2HS+gyjZuDgg//LEYHQ72eZeTBVaWxyfQV2lHabSf v5UQQb+obCOGp+/UUF2tHznkQFcJVBs3ueNDPzWN12HX7wkB3bIyyVrxqE792plqZ3sq 7wX6pPqiOLuoOFTwq/QtIDJdCs9YkLQp23+Npz0U7IZAU4DpEI2puffQRaQLZGtGItj6 Il0Q== X-Gm-Message-State: AOJu0YxhscufmD5AurqfWYvQ2STEOJSXikf8/RvM6n5/dWb7kEFcKSNj D7+F26malxAUg4GqMJRsr9Q= X-Google-Smtp-Source: AGHT+IGzXU9LrPgZca13IbQFWnu/fiFk9usQfcwA1GinqIP6YmUaY32WZLHTprYh2c8I8vSS8VEDvA== X-Received: by 2002:a17:902:f805:b0:1cf:5806:564f with SMTP id ix5-20020a170902f80500b001cf5806564fmr27316532plb.10.1701424034967; Fri, 01 Dec 2023 01:47:14 -0800 (PST) Received: from vultr.guest ([149.28.194.201]) by smtp.gmail.com with ESMTPSA id e6-20020a170902b78600b001bdd7579b5dsm2875534pls.240.2023.12.01.01.47.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 01 Dec 2023 01:47:14 -0800 (PST) From: Yafang Shao To: akpm@linux-foundation.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, omosnace@redhat.com, mhocko@suse.com, ying.huang@intel.com Cc: linux-mm@kvack.org, linux-security-module@vger.kernel.org, bpf@vger.kernel.org, ligang.bdlg@bytedance.com, Yafang Shao , Alejandro Colomar , Michael Kerrisk Subject: [PATCH v3 7/7] NOT kernel/man2/mbind.2: Add mode flag MPOL_F_NUMA_BALANCING Date: Fri, 1 Dec 2023 09:46:36 +0000 Message-Id: <20231201094636.19770-8-laoar.shao@gmail.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231201094636.19770-1-laoar.shao@gmail.com> References: <20231201094636.19770-1-laoar.shao@gmail.com> Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In Linux Kernel 5.12, a new mode flag, MPOL_F_NUMA_BALANCING, was added to set_mempolicy() to optimize the page placement among the NUMA nodes with the NUMA balancing mechanism even if the memory of the applications is bound with MPOL_BIND. In Linux Kernel 5.15, this mode flag was extended to mbind(2). Let's also add man-page for mbind(2). It is copied from set_mempoicy(2) man-page with subtle modifications. Related kernel commits: bda420b985054a3badafef23807c4b4fa38a3dff 6d2aec9e123bb9c49cb5c7fc654f25f81e688e8c Signed-off-by: Yafang Shao Cc: "Huang, Ying" Cc: Alejandro Colomar Cc: Michael Kerrisk --- man2/mbind.2 | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/man2/mbind.2 b/man2/mbind.2 index ba1b81ae9..dac784389 100644 --- a/man2/mbind.2 +++ b/man2/mbind.2 @@ -142,6 +142,23 @@ The supported .I "mode flags" are: .TP +.BR MPOL_F_NUMA_BALANCING " (since Linux 5.15)" +.\" commit bda420b985054a3badafef23807c4b4fa38a3dff +.\" commit 6d2aec9e123bb9c49cb5c7fc654f25f81e688e8c +When +.I mode +is +.BR MPOL_BIND , +enable the kernel NUMA balancing for the task if it is supported by the kernel. +If the flag isn't supported by the kernel, or is used with +.I mode +other than +.BR MPOL_BIND , +\-1 is returned and +.I errno +is set to +.BR EINVAL . +.TP .BR MPOL_F_STATIC_NODES " (since Linux-2.6.26)" A nonempty .I nodemask