From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from psmtp.com (na3sys010amx185.postini.com [74.125.245.185]) by kanga.kvack.org (Postfix) with SMTP id 1D51D6B005D for ; Tue, 21 Aug 2012 05:44:00 -0400 (EDT) Message-ID: <5033579D.5000203@parallels.com> Date: Tue, 21 Aug 2012 13:40:45 +0400 From: Glauber Costa MIME-Version: 1.0 Subject: Re: [PATCH v2 11/11] protect architectures where THREAD_SIZE >= PAGE_SIZE against fork bombs References: <1344517279-30646-1-git-send-email-glommer@parallels.com> <1344517279-30646-12-git-send-email-glommer@parallels.com> <20120821093513.GD19797@dhcp22.suse.cz> In-Reply-To: <20120821093513.GD19797@dhcp22.suse.cz> Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: Michal Hocko Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, cgroups@vger.kernel.org, devel@openvz.org, Johannes Weiner , Andrew Morton , kamezawa.hiroyu@jp.fujitsu.com, Christoph Lameter , David Rientjes , Pekka Enberg , Pekka Enberg , Suleiman Souhlal On 08/21/2012 01:35 PM, Michal Hocko wrote: > On Thu 09-08-12 17:01:19, Glauber Costa wrote: >> Because those architectures will draw their stacks directly from the >> page allocator, rather than the slab cache, we can directly pass >> __GFP_KMEMCG flag, and issue the corresponding free_pages. >> >> This code path is taken when the architecture doesn't define >> CONFIG_ARCH_THREAD_INFO_ALLOCATOR (only ia64 seems to), and has >> THREAD_SIZE >= PAGE_SIZE. Luckily, most - if not all - of the remaining >> architectures fall in this category. > > quick git grep "define *THREAD_SIZE\>" arch says that there is no such > architecture. > >> This will guarantee that every stack page is accounted to the memcg the >> process currently lives on, and will have the allocations to fail if >> they go over limit. >> >> For the time being, I am defining a new variant of THREADINFO_GFP, not >> to mess with the other path. Once the slab is also tracked by memcg, we >> can get rid of that flag. >> >> Tested to successfully protect against :(){ :|:& };: > > I guess there were no other tasks in the same group (except for the > parent shell), right? Yes. > I am asking because this should trigger memcg-oom > but that one will usually pick up something else than the fork bomb > which would have a small memory footprint. But that needs to be handled > on the oom level obviously. > Sure, but keep in mind that the main protection is against tasks *not* in this memcg. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org