From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43329C433E0 for ; Mon, 15 Mar 2021 13:32:56 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 8228164EFC for ; Mon, 15 Mar 2021 13:32:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8228164EFC Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=alien8.de Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id A0FA66B0036; Mon, 15 Mar 2021 09:32:53 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 984CC6B006C; Mon, 15 Mar 2021 09:32:53 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 899946B0070; Mon, 15 Mar 2021 09:32:52 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0217.hostedemail.com [216.40.44.217]) by kanga.kvack.org (Postfix) with ESMTP id ECE256B0036 for ; Mon, 15 Mar 2021 09:32:50 -0400 (EDT) Received: from smtpin18.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id EF743180AD81F for ; Mon, 15 Mar 2021 13:32:50 +0000 (UTC) X-FDA: 77922198900.18.6072CF0 Received: from smtprelay.test.hostedemail.com (mail.test.hostedemail.com [216.40.41.5]) by imf12.hostedemail.com (Postfix) with ESMTP id 2CBCC84DA for ; Mon, 15 Mar 2021 13:31:11 +0000 (UTC) Received: from forelay.test.hostedemail.com (10.5.29.251.rfc1918.com [10.5.29.251]) by smtprelay01.test.hostedemail.com (Postfix) with ESMTP id CDE1311CEC for ; Mon, 15 Mar 2021 13:31:10 +0000 (UTC) Received: from forelay.prod.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by fograve01.test.hostedemail.com (Postfix) with ESMTP id B030E23810 for ; Mon, 15 Mar 2021 13:31:10 +0000 (UTC) Received: from smtpin22.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay05.hostedemail.com (Postfix) with ESMTP id 279E0181AF5E6 for ; Mon, 15 Mar 2021 13:31:10 +0000 (UTC) X-FDA: 77922194700.22.97CACFF Received: from smtprelay.test.hostedemail.com (mail.test.hostedemail.com [216.40.41.5]) by imf18.hostedemail.com (Postfix) with ESMTP id E32B1200BE7D for ; Mon, 15 Mar 2021 13:29:40 +0000 (UTC) Received: from forelay.test.hostedemail.com (10.5.29.251.rfc1918.com [10.5.29.251]) by smtprelay01.test.hostedemail.com (Postfix) with ESMTP id 8F35811CEC for ; Mon, 15 Mar 2021 13:29:40 +0000 (UTC) Received: from forelay.prod.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by fograve01.test.hostedemail.com (Postfix) with ESMTP id 7061123810 for ; Mon, 15 Mar 2021 13:29:40 +0000 (UTC) Received: from smtpin27.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay04.hostedemail.com (Postfix) with ESMTP id 3749C6124 for ; Mon, 15 Mar 2021 13:29:30 +0000 (UTC) X-FDA: 77922190500.27.6B39CFE Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by imf07.hostedemail.com (Postfix) with ESMTP id 288C9A00064F for ; Mon, 15 Mar 2021 13:27:57 +0000 (UTC) Received: from zn.tnic (p200300ec2f0786006d6cd745861f0d39.dip0.t-ipconnect.de [IPv6:2003:ec:2f07:8600:6d6c:d745:861f:d39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 72A251EC0577; Mon, 15 Mar 2021 14:27:54 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1615814874; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=Ak+E12GBZwVGrIOych3fPRWu9zZC1hEEOdve/9U70zg=; b=f7OV/4KwJ0lilfDZewDSPgYOvuFlHRuu6kotJkJ7Vog6fokNZnUlm56IQx49imeAol5FRR /vxll6l2XLcTU376+wGHq4kt6g0kEhuYdbnxyuIhIDFmrWFQgnbw0KAJMBn1iK5OyUkpsB XkG7cd79v5BXwcwWPgEI040eXY6eIcA= Date: Mon, 15 Mar 2021 14:27:40 +0100 From: Borislav Petkov To: Vasily Averin Cc: cgroups@vger.kernel.org, Michal Hocko , linux-mm@kvack.org, Johannes Weiner , Vladimir Davydov , Shakeel Butt , Thomas Gleixner , Ingo Molnar , x86@kernel.org Subject: Re: [PATCH v2 8/8] memcg: accounting for ldt_struct objects Message-ID: <20210315132740.GB20497@zn.tnic> References: <360b4c94-8713-f621-1049-6bc0865c1867@virtuozzo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <360b4c94-8713-f621-1049-6bc0865c1867@virtuozzo.com> Received-SPF: none (alien8.de>: No applicable sender policy available) receiver=imf07; identity=mailfrom; envelope-from=""; helo=mail.skyhub.de; client-ip=5.9.137.197 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1615814877-660864 Received-SPF: none (alien8.de>: No applicable sender policy available) receiver=imf18; identity=mailfrom; envelope-from=""; helo=smtprelay.test.hostedemail.com; client-ip=216.40.41.5 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1615814980-251172 X-Stat-Signature: t1urqwypfkujryxjwjpb3nj6n1wwk8ft X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 2CBCC84DA Received-SPF: none (alien8.de>: No applicable sender policy available) receiver=imf12; identity=mailfrom; envelope-from=""; helo=smtprelay.test.hostedemail.com; client-ip=216.40.41.5 X-HE-DKIM-Result: pass/pass X-HE-Tag: 1615815071-45244 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Mar 15, 2021 at 03:24:01PM +0300, Vasily Averin wrote: > Unprivileged user inside memcg-limited container can create > non-accounted multi-page per-thread kernel objects for LDT I have hard time parsing this commit message. And I'm CCed only on patch 8 of what looks like a patchset. And that patchset is not on lkml so I can't find the rest to read about it, perhaps linux-mm. /me goes and finds it on lore I can see some bits and pieces, this, for example: https://lore.kernel.org/linux-mm/05c448c7-d992-8d80-b423-b80bf5446d7c@virtuozzo.com/ ( Btw, that version has your SOB and this patch doesn't even have a Signed-off-by. Next time, run your whole set through checkpatch please before sending. ) Now, this URL above talks about OOM, ok, that gets me close to the "why" this patch. >From a quick look at the ldt.c code, we allow a single LDT struct per mm. Manpage says so too: DESCRIPTION modify_ldt() reads or writes the local descriptor table (LDT) for a process. The LDT is an array of segment descriptors that can be referenced by user code. Linux allows processes to configure a per-process (actually per-mm) LDT. We allow /* Maximum number of LDT entries supported. */ #define LDT_ENTRIES 8192 so there's an upper limit per mm. Now, please explain what is this accounting for? Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette