From: Tejun Heo <tj@kernel.org>
To: Michal Hocko <mhocko@suse.cz>
Cc: "Kirill A. Shutemov" <kirill@shutemov.name>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
cgroups@vger.kernel.org, Johannes Weiner <hannes@cmpxchg.org>,
KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Andrew Morton <akpm@linux-foundation.org>,
Anton Vorontsov <anton.vorontsov@linaro.org>
Subject: Re: [PATCH 1/3] memcg: limit the number of thresholds per-memcg
Date: Thu, 8 Aug 2013 20:50:26 -0400 [thread overview]
Message-ID: <20130809005026.GE13427@mtj.dyndns.org> (raw)
In-Reply-To: <20130808144351.GD3189@dhcp22.suse.cz>
Hello,
On Thu, Aug 08, 2013 at 04:43:51PM +0200, Michal Hocko wrote:
> > Is it correct that you fix one local DoS by introducing a new one?
> > With the page the !priv user can block root from registering a threshold.
> > Is it really the way we want to fix it?
>
> OK, I will think about it some more.
The only thing the patch does is replacing implicit global resource
limit with an explicit one. Whether that's useful or not, I don't
know, but it doesn't really change the nature of the problem or
actually fix anything. The only way to fix it is rewriting the whole
thing so that allocations are broken up per source, which I don't
think is a good idea at this point. I'd just add a comment noting why
it's broken. Given that delegating to !priv users is horribly broken
anyway, I don't think this worsens the situation by too much anyway.
Thanks.
--
tejun
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
prev parent reply other threads:[~2013-08-09 0:50 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-07 11:28 Michal Hocko
2013-08-07 11:28 ` [PATCH 2/3] memcg: Limit the number of events registered on oom_control Michal Hocko
2013-08-07 13:08 ` Tejun Heo
2013-08-07 13:11 ` Tejun Heo
2013-08-07 13:37 ` Michal Hocko
2013-08-07 13:47 ` Tejun Heo
2013-08-07 13:57 ` Michal Hocko
2013-08-07 14:01 ` Tejun Heo
2013-08-07 14:47 ` Michal Hocko
2013-08-07 17:30 ` Michal Hocko
2013-08-09 0:46 ` Tejun Heo
2013-08-07 11:28 ` [PATCH 3/3] vmpressure: limit the number of registered events Michal Hocko
2013-08-07 13:22 ` [PATCH 1/3] memcg: limit the number of thresholds per-memcg Tejun Heo
2013-08-07 13:46 ` Michal Hocko
2013-08-07 13:58 ` Tejun Heo
2013-08-07 14:37 ` Michal Hocko
2013-08-07 22:05 ` Kirill A. Shutemov
2013-08-08 14:43 ` Michal Hocko
2013-08-09 0:50 ` Tejun Heo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130809005026.GE13427@mtj.dyndns.org \
--to=tj@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=anton.vorontsov@linaro.org \
--cc=cgroups@vger.kernel.org \
--cc=hannes@cmpxchg.org \
--cc=kamezawa.hiroyu@jp.fujitsu.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@suse.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox