From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id F2E61EE49A5 for ; Mon, 21 Aug 2023 17:52:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 50B878E0010; Mon, 21 Aug 2023 13:52:54 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4BC748E0002; Mon, 21 Aug 2023 13:52:54 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 384218E0010; Mon, 21 Aug 2023 13:52:54 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 2549F8E0002 for ; Mon, 21 Aug 2023 13:52:54 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id EFC5C405A4 for ; Mon, 21 Aug 2023 17:52:53 +0000 (UTC) X-FDA: 81148857426.09.30BE0BE Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) by imf07.hostedemail.com (Postfix) with ESMTP id 3AC3840010 for ; Mon, 21 Aug 2023 17:52:52 +0000 (UTC) Authentication-Results: imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=qsB6uSYb; spf=pass (imf07.hostedemail.com: domain of hughd@google.com designates 209.85.128.179 as permitted sender) smtp.mailfrom=hughd@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1692640372; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=xqMfktYMcrqLgm14jQLwnwwBK0D+OoI+2vpZunSF7Uk=; b=p/O+3NBgHs4xDZWYTzDc+1DG1XiTY2V/C7ax9nw1qThg9pHWv76osTTZadNDGUO7U1zIFk IWX8LvKUU9Le6QAkHDrrVUXc3Str0AFY9mSFGKGBLitgnggqTAkpo9GVx2xuzi/0/tYinD t9wGooP2yQR4sXVOaDfDfr5MWQrOO1c= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1692640372; a=rsa-sha256; cv=none; b=UKm5iJbKjRnywZpUrDpCjXeqm+eARx26mBkO8NvhBQUumhWfSGo9TFEZe0nhTfbGDy5vUf q2ATg/wq0+VqSZyoIhKAi+gUome3yrFRpWu1R7FJwOkgFbTAMIWv3blb150W1R+KHCtRaM mMIErycndrfNs6F9Wbq0dMnW4Z4IpvE= ARC-Authentication-Results: i=1; imf07.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b=qsB6uSYb; spf=pass (imf07.hostedemail.com: domain of hughd@google.com designates 209.85.128.179 as permitted sender) smtp.mailfrom=hughd@google.com; dmarc=pass (policy=reject) header.from=google.com Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-58d9ba95c78so42878637b3.1 for ; Mon, 21 Aug 2023 10:52:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1692640371; x=1693245171; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=xqMfktYMcrqLgm14jQLwnwwBK0D+OoI+2vpZunSF7Uk=; b=qsB6uSYbSVhTlgrhY0mAV33NTCOs+CYi6pwiv+XEpTtANzs6AUFVsYkUVSKT1MUlG6 xh8SMkcqXuX3WxQtrzNbxawJc8kpC6zQnbbXAXw0m4YsglLhnDQIb5dZHy3I/4XZTnO8 bLiDJNO5tCC0MlzGLIMncSW2rtbEg++T3jUZELwmzlNHeym5tW03lgiHfON8NATLe9hc ITmNqT+XjdnxlIlzI9ZTRIqnU2ti3BpUbBh3kz/rrBtWK0j54/osb2ncWsQU9wkhNB3+ smxI9P2N1djVHak8X740Su/sxFkMxvWkNi2t08V9i5LjL2TkmSvvVnQBLfnXu2gnvQnv fqjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692640371; x=1693245171; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=xqMfktYMcrqLgm14jQLwnwwBK0D+OoI+2vpZunSF7Uk=; b=gFMgPxzFTnj492m9+rkGDPyPNrVE/26yjTYfGVrJqP6m9Jq6bLLG1gPzuwIscjCSsD JXH/bQXVoACw7n2CW3YjPjVsMbjeFTPvE3jPsRd6cKB42/dLx4U2YIHEGHhlQ6ut2E5M MD1Zj8f+AGPtvC3GXc4SzFTZ17SAjbuV/ZQpZKoh6iAjxOE2ZDOfTBP4bXZVuTquiMrX 5/MFig6Cvl9SIBAR51Ea8Cx43Ak/+Souifklonsk/useIMH6aIkbzpTE25exE5eltM3f Q71xjntPsAphvkmZdOY/fWJTe/RhabLxT2IhUUE0b6kWUmiHjX7k6qXNx0w5XkMvDGKk vvcw== X-Gm-Message-State: AOJu0YzS3GR/c83kO2EIYGGt+PakXR1MabWWbgVUkunfx5ZtDL+L0bBD KdUl7doEQUZGOUGXd397lql+GQ== X-Google-Smtp-Source: AGHT+IG4VzcMVfNmGoqOvLGvrxn1c9Lu30/XT1xcOaItP6jB77hpFnbFnn/0sKfW0yoqOmCnjZuLUQ== X-Received: by 2002:a81:9289:0:b0:58c:54f8:bd45 with SMTP id j131-20020a819289000000b0058c54f8bd45mr7966589ywg.44.1692640371163; Mon, 21 Aug 2023 10:52:51 -0700 (PDT) Received: from ripple.attlocal.net (172-10-233-147.lightspeed.sntcca.sbcglobal.net. [172.10.233.147]) by smtp.gmail.com with ESMTPSA id b16-20020a0dd910000000b00577139f85dfsm2337195ywe.22.2023.08.21.10.52.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Aug 2023 10:52:50 -0700 (PDT) Date: Mon, 21 Aug 2023 10:52:41 -0700 (PDT) From: Hugh Dickins X-X-Sender: hugh@ripple.attlocal.net To: Christian Brauner cc: =?UTF-8?Q?Franklin_=E2=80=9CSnaipe=E2=80=9D_Mathieu?= , Hugh Dickins , ovt@google.com, corbet@lwn.net, akpm@linux-foundation.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH] shmem: add support for user extended attributes In-Reply-To: <20230815-sensibel-weltumsegelung-6593f2195293@brauner> Message-ID: <924ed61c-5681-aa8b-d943-7f73694d159@google.com> References: <9b8d38f0-fd22-3f98-d070-16baf976ecb5@google.com> <20230814082339.2006418-1-snaipe@arista.com> <986c412c-669a-43fe-d72a-9e81bca8211@google.com> <20230815-sensibel-weltumsegelung-6593f2195293@brauner> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="-1463760895-1288635433-1692640370=:4598" X-Rspamd-Queue-Id: 3AC3840010 X-Rspam-User: X-Rspamd-Server: rspam11 X-Stat-Signature: de19b5c7wr93cdtrzt4czbiahupu6dnc X-HE-Tag: 1692640372-516866 X-HE-Meta: U2FsdGVkX18tDLW40i5lfBB1qu25dZckA9mGR/smG4zNfqMxGvshyj2ZNjB+/u2eakolLNlY8OC/EaD4x1qGwgUIgRIatO05WvhdA22BOZM25EcGYmbk0EPT2otI6kbNQ8XkP88U7n0ohnCErX7lgtDXxS2P6SRcFgpLd9Lhubz/+1zRiSsXwa/43fqMdRQqXftqsF6tNTlol0NCD+k/4HdS2ALy7o2rcgs01/Cl1w1QfZvo7RZ5LasadPYRwkDIpgWEgTNs8Z1VnMDy4DQ3UoQAexjtbGkuYmBGe41D3hqeNQdwARXbWwL/JAL3j/B1hKrNlpmT+Y3/yaBFvuMpsJYTxyYu2Jj47Gw52kC+QIwoAJQxsy4/iWUKspbpeAeCw2ZJuNRQaVafWAYYMXrPYRtyjNMf9/BTKmI0tBoQuQnKbWF0DZgCwqwZYIKD2pPVvARHr0RqNJhbH5coXdtTx2YNxmF4nTzUaqrHtIGqCvrSwPn0GpYSoP+4HEFqoA/1gzPt57ZCNk81XpXS20vqPzp1adXL26NM28jepwmKMoBXGfJVuU46HFSQfX+97/hQV+E0H4bjGgNp9+6LzzQC2E+OvWhoHbIFjOMEaErone11GO5gUN7rP7/OxKJ+nlQkirW9p59CW48rAh3vMPJ7cce1WjK4jKXX9ia+xy7S6G5ZVGnVy5kdU9Fz/LHz0IgwT/EYZ8NDviGOwJSEuMMST7Q6HMWp5g0GDtfxbLicYjzEPk9Jjaq6pjTsNoQ5UiMpq1oFosPlD36nkPlfP6ybgxUVFWNhphv6QdO3P0QQevxiNp95O/tgPK5SOS4fQY1gacM8ua89IpjC8NXXkF3nTfGKSaVSOVvrozepvx3DhiKMQhLlU8LQaHhK3n1QuSjcarpbeak3v6AjiaZe77cdjUA6i2Goy/LE6Xt6e+PQdQa1NyF6ubUwcHmK4Jultvf1XIeJNcmRdfGlmmQqTC6 uxndNnnh 9oMSpV0RRJMT02A4awJmZZ1Z7vX3iIsZM22ywy6+rVoK8v1oy5rs/LsbJKhymoAumTwGM9JylS8/Ke/9QwAb+XBVK0jXbTGnTaizrceRv0QUWNZe37dPHSOUjZGlr31Ir28kKKvASTOzx0It7m3GmeUq1IZYLXSMbH/D02YSC14OjKaqIR8gT0uocpr7OJsReMqU/4GP+y06t0iZCgUyzyemIc/kvHHSpHDEdSNbxnYW7yIEdKA5AiT6Y+xkkrG0PR6izuhX3yesuJjzjDB75zsvoj85GZVVqTqg+jaXB1DSAw1Tcnx/chK5Egrd4A8ZqcXpIhbL1lnMJKizb3eUvgP/+VSyPZq1k2t6VqoXldf4Nm0oYFuUhkEcr6NqFDs6kg4U5KxWv2PF+pA18nmkKIFA8YG0/udW1x4mN+qEF0BFqa02DtpU7K2JD3V904Fm0N33I3mcjWBNkWa5ildER7wuQV3Gq0rKRIaBCL5jkOnoLcdG0xjNgePnFuxWSgPitwPifuI7kQ65oA+I= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. ---1463760895-1288635433-1692640370=:4598 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: QUOTED-PRINTABLE On Tue, 15 Aug 2023, Christian Brauner wrote: > On Tue, Aug 15, 2023 at 09:46:22AM +0200, Franklin =E2=80=9CSnaipe=E2=80= =9D Mathieu wrote: > >=20 > > So, it's likely that there's some more work to do in that area; I'd > > certainly expect the OOM killer to take the overall memory footprint > > of mount namespaces into account when selecting which processes to > > kill. It's also possible my experiment was flawed and not > > representative of a real-life scenario, as I clearly have interacted > > with misbehaving containers before, which got killed when they wrote > > too much to tmpfs. But then again, my experiment also didn't take > > memory cgroups into account. >=20 > So mount namespaces are orthogonal to that and they would be the wrong > layer to handle this. >=20 > Note that an unprivileged user (regular or via containers) on the system > can just exhaust all memory in various ways. Ultimately the container or > user would likely be taken down by in-kernel OOM or systemd-oomd or > similar tools under memory pressure. >=20 > Of course, all that means is that untrusted workloads need to have > cgroup memory limits. That also limits tmpfs instances and prevents > unprivileged user from using all memory. >=20 > If you don't set a memory limit then yes, the container might be able to > exhaust all memory but that's a bug in the container runtime. Also, at > some point the OOM killer or related userspace tools will select the > container init process for termination at which point all the namespaces > and mounts go away. That's probably what you experience as misbehaving > containers. The real bug there is probably that they're allowed to run > without memory limits in the first place. Thanks, this was a good reminder that I very much needed to look back at the memory cgroup limiting of xattrs on tmpfs - I'd had the patch in the original series, then was alarmed to find shmem_alloc_inode() using GFP_KERNEL, so there seemed no point in accounting the xattrs if the inodes were not being accounted: so dropped it temporarily. I had forgotten that SLAB_ACCOUNT on the kmem_cache ensures that accounting. "tmpfs,xattr: GFP_KERNEL_ACCOUNT for simple xattrs" just sent to fix it: https://lore.kernel.org/linux-fsdevel/f6953e5a-4183-8314-38f2-40be60998615@= google.com/ Thanks, Hugh ---1463760895-1288635433-1692640370=:4598--