From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69FB1C7EE32 for ; Thu, 26 Jun 2025 23:27:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CAF8A6B00AF; Thu, 26 Jun 2025 19:27:46 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C5EFF6B00B0; Thu, 26 Jun 2025 19:27:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B270A6B00B1; Thu, 26 Jun 2025 19:27:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 9FBC56B00AF for ; Thu, 26 Jun 2025 19:27:46 -0400 (EDT) Received: from smtpin28.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 49DFE121FA2 for ; Thu, 26 Jun 2025 23:27:46 +0000 (UTC) X-FDA: 83599141332.28.CB9938C Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2052.outbound.protection.outlook.com [40.107.244.52]) by imf03.hostedemail.com (Postfix) with ESMTP id 6873720006 for ; Thu, 26 Jun 2025 23:27:43 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=YTev+hpy; dmarc=pass (policy=reject) header.from=nvidia.com; spf=pass (imf03.hostedemail.com: domain of ziy@nvidia.com designates 40.107.244.52 as permitted sender) smtp.mailfrom=ziy@nvidia.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1750980463; a=rsa-sha256; cv=pass; b=p6KSOm+cPjVPPksF284Uu7rMCIe7rQdFKt7yofBk6ESV1sgibVwzEA7Is7ue/fxZpmEBFP QOAaCFm5lbaA9klm0Olgl2t1tAPjOfoDu1abRFcuJjGw8xa7zwRj65TB6wNHIpBVewrVfM Ju36vpimG9l91RcubHItlFFiT8o2HAI= ARC-Authentication-Results: i=2; imf03.hostedemail.com; dkim=pass header.d=Nvidia.com header.s=selector2 header.b=YTev+hpy; dmarc=pass (policy=reject) header.from=nvidia.com; spf=pass (imf03.hostedemail.com: domain of ziy@nvidia.com designates 40.107.244.52 as permitted sender) smtp.mailfrom=ziy@nvidia.com; arc=pass ("microsoft.com:s=arcselector10001:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1750980463; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=h6LBTllYmCs6AQbGaJQZy3UVX06hjDL1P1uKbQtmzyQ=; b=SIs7RNNRGDXHo+4iJgIYx292/eVGGFOOisonC1x5Q1J6UP0x0htO87c72Sqz1W/x32Nj/W aIuefCGt1fN5U9QKi8hRi9qpa7EYwJpovLKQksVXAAQJ4kjSm/+mMXpBSgxdhduHHhaPlz o1rm4TfZOxWx7ye2ZBaL+zb6ukC7Ht4= ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=YJ1LQyzBzApJWVV3NTcAnQSdJL6zHxP3w1yHieixhW+wa/5FuLXb+y8QFVD2fRlQS1Vv3XClF+k+XIQinZoA4hGCGfF7LSEFf2/sLY5SiXFoa8aQPPUIt1BbKMrWOpeLTR2ERC2nylGv+XlkJ0vXq+vEiBBo0LMVwK+O5QnLXx4oRbpD/TvFAEjebR+WISdEJ/b1vCx4IzGpIDRmILCqreqNQgYpKNDajorqbfBd4XrgU8cipNHKrtkhknwmL8u0Prz6K0PzyEKY9GW734KJogm32LMvBiAR01p1mAW4ovxVaLlX1qP/U3Z6GQlY0BW/wBVNTTv4fr26uKQC7OVCzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h6LBTllYmCs6AQbGaJQZy3UVX06hjDL1P1uKbQtmzyQ=; b=ohHyP3lffO3FhdAcNlUJ9vDogb4USSQiv4oQGKfdloYIoTY87Ir8yK16CNR+bpRIQ/HnlT0M34BUj+YPZW/NedOFbbp+1REAGWRMVJumELz21WuQj2sD+MJEdayZBEe92IXy8eMk0qsK5TClXBbuG5/KB1x2cH1rVv1NXfBBrECoV+a3n7FAom/zCgdHPLEPZiIhw6LgGugiLPIyO+WjPdcCIPTyRq0VyTW1YBMnHlPahwmdzI1etzSP8mR6KDbkwrpyBjaA7EOd7DiCtUcVYfLEajIZnE3aB18NkHWNXNL3n2x0zFu+ZARVLoZ9UtTQhurudt1A1h6+BGTZqS2XQg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h6LBTllYmCs6AQbGaJQZy3UVX06hjDL1P1uKbQtmzyQ=; b=YTev+hpyRcVTxBv7d/2PlgkMtDjscxjBzXYvxJv7OMEOPac1UzSN0bD0+/Ju8/xVJmpDCQdCJ/TMwogHhDJQvGPUaFmB6EN2tJZ6uOs090mGsk3ZHvEO7vQOeX7AIBFWeK5ZitLiEVFMOYHZO7Wa5n3KwaVMxEMVAJAtDHnABIF2qIPrfUJHjjJly9xdyDfZ+uvy0FMwRaUY3GMF4wRZg+XjCF4wwK0aEjys1OKeWWG2vWP6eSS1yViCtb44J4TnJtnNl9d9oGkXJdo1X+Ro2uAtIaXA73RaEGUuKN8wyBtYT9kO66ltg4NOyMytmIcs7/zL1i16KSPZwJ9NJmml2g== Received: from DS7PR12MB9473.namprd12.prod.outlook.com (2603:10b6:8:252::5) by CH2PR12MB4085.namprd12.prod.outlook.com (2603:10b6:610:79::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8857.18; Thu, 26 Jun 2025 23:27:38 +0000 Received: from DS7PR12MB9473.namprd12.prod.outlook.com ([fe80::5189:ecec:d84a:133a]) by DS7PR12MB9473.namprd12.prod.outlook.com ([fe80::5189:ecec:d84a:133a%5]) with mapi id 15.20.8835.037; Thu, 26 Jun 2025 23:27:38 +0000 From: Zi Yan To: Pedro Falcato Cc: Felix Abecassis , linux-mm@kvack.org, John Hubbard , Johannes Weiner , Michal Hocko , Roman Gushchin , Shakeel Butt , Muchun Song Subject: Re: OOM kill of privileged processes when exhausting a single NUMA node Date: Thu, 26 Jun 2025 19:27:36 -0400 X-Mailer: MailMate (2.0r6265) Message-ID: In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: MN2PR01CA0022.prod.exchangelabs.com (2603:10b6:208:10c::35) To DS7PR12MB9473.namprd12.prod.outlook.com (2603:10b6:8:252::5) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS7PR12MB9473:EE_|CH2PR12MB4085:EE_ X-MS-Office365-Filtering-Correlation-Id: b59abb7b-1109-4bb7-0c95-08ddb50909c9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|366016; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?E0z0nacyvPmlJb5XPL/Bus6eTkuZX3zhcnx62oEAVDO/qPf0q7QJ/2Hc7YJS?= =?us-ascii?Q?ndB45TzeLvyPoh+jUHMBXakrl8aQW2azHJhABI4qCRb15bs0oHzOXVrZNwZA?= =?us-ascii?Q?Ilc/JXy+WYSNO5d5R1rb+WPNccY7bRivnKFNzmilwBhcEXnivaf966zRzpwZ?= =?us-ascii?Q?lKnQkzIPlSZE2t6bzf3y2N5BjyuCnP3bvwQAz2Rox/CYvL4SEvPK+rEFuyP0?= =?us-ascii?Q?62GXVJVuj2Z9rgcJGg88nbCXeO4q0s0HzlxMQDYlS8JoS0oj1JX4GkJjcDt3?= =?us-ascii?Q?yPgo/paS4Ea7SVcHbGUchpXUn1vEwGpzLeR+yngxA9Xv1m4vXjRtp5Oz10A1?= =?us-ascii?Q?8z8lpMRTNSZnmMvCbT4spciJnJ+bJt13YCnQXCDEgCKQUHlSO0MPASA3WHg5?= =?us-ascii?Q?yxBy4nh6QdQFk+eKVqU2TGaZuMgjaaVB92sMXNassgk08qC70jOD8ll5H8rX?= =?us-ascii?Q?tLyi8fWZ7/wt7w6Fhx6DVTZXELGO86ta3ma83XRd7ubwnHO+DKdvAZlXa5oD?= =?us-ascii?Q?iz3XvXtSB6VwhztZQ4RS8KgYMi+L/Vlth6AOq73hFs8rcWUxxZRdj8K7Ye0z?= =?us-ascii?Q?MJYNMVOmoMXSu7jKosgETDdvvBRWr2DyzvaAY7rZgxd4grhOpily2uhEXrtd?= =?us-ascii?Q?gsH52ALCKf4Y2+YWmKf2B+HAS/pcvK/nsYYOG1bGxM+gmhHMYOwpW46idfIy?= =?us-ascii?Q?NiiY1KBtZ7JM5U0yBRFWQQkh7sHgsnSeYJ0slOkbwyT3q64AX67IiaLW2kj7?= =?us-ascii?Q?uZnXEcinXoCGZSDuxpYJVx7fye/daEhUVIjlMbhhY3liSC5w8kc1r6hdnu6G?= =?us-ascii?Q?yS+PTXx+oAwcFjVRjAnGUOINmC6n6umKPlFNVqg8WCSZrX30ZV6W5AyO555T?= =?us-ascii?Q?jrUuQA5eWFL3ZThjdv+ZrFbqXTYfpHcCl4YxRbK+hmwqJgKOf6gxA7ab8wU6?= =?us-ascii?Q?sV4HL2qmpwZB3u2k3QrbhAA/QgXvS7WYyN9urDLLY4aW/j3PNi7gWo8JOR7T?= =?us-ascii?Q?stoYyaXdCgQEYjKON4I7YRy5eU1tjh7MBD9mJCWKWxQi99mtRO5I1XOT9NqJ?= =?us-ascii?Q?TEi+RoyHAhXmO2rjt3cjj/q6ca8GCfOkJpIVSo7ELUOd0YHJpVmPjO6qAbTz?= =?us-ascii?Q?z9oYhBFo42oGeafan64A7enA57U47SKG+KK9I/oI6FD/MiliEH3eD6JGOpWS?= =?us-ascii?Q?nJGDeM10e6IOZoCgdPYWu/EhADEvJZMYcQKsJgypKPuFtAvTjC666+oNbU3K?= =?us-ascii?Q?NYKXvDxz5RaNiZdxKyN7jf9TiRN1R8rw5y+cCRW+9IyAUI8kMy5yaiL9wSoI?= =?us-ascii?Q?90rArcqgziMiZDjcZzmZlVe5dmxkxkOwUpnk0aqpJplObEJAJlT4a8oYcy7m?= =?us-ascii?Q?CdTTYFAqmrr6mcSXaqNXqXkR/tFwpBxVD7j0Dis9RpO8x2geddfaiysMqnLS?= =?us-ascii?Q?zNsdjKRt5Xs=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS7PR12MB9473.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?BXQKOMKk6PqdYO1vAF1AH8tLgKSU7OOpTYd4MHuGBSJJ0tUFsKnCzTmUYiW5?= =?us-ascii?Q?U9i3LpSXpo6x06lokEcEX3sxAKe/QQaq0RdmhSAuuVupEBZ8vqSW7fVhgObJ?= =?us-ascii?Q?1HKEiCYnDwNWfvc+MElaVaKAjCvRRqe3JjBYjMtb+4/796rCyDJGvvBBVcv6?= =?us-ascii?Q?cMskizn3eltfHd4Ppxsm8VqhoVYYr47vQ0iuLXYeMxW87JBgbe1HWVnYBEkR?= =?us-ascii?Q?Mmj6aSOb1Yo7Lbe4drLw4feq08fXEK40a+4SrKm2hEMSaVfLKl2aho/DVQdR?= =?us-ascii?Q?QCY4KnpcMXObuuPslTWQGI4IOKxJ+E7QKnLvhdylchWTPfdikZjsfSaLfugf?= =?us-ascii?Q?j+Xq5RNoS5qAcH5x4gRQvuD//392NePsYOADsrFJRwIM6DWLCtBQaaLzc233?= =?us-ascii?Q?FngevhZSkU3ochm6F5FFOqEH9nfGlXjbnNzt2QXN7lh1E3P2dYWUfpIGhji3?= =?us-ascii?Q?DyVbgcIBuJ/HtKp5go88VXhhxQMfPm5cCsEHE5f5vrOYq269XNoiVdScsfFm?= =?us-ascii?Q?xXOdH89jQNKXAmZ7z4L/p2CP6GTZkHHKj3R97QMI4mRAXBUt1Uh0Yzen2PH6?= =?us-ascii?Q?JSZXzpGsES4kqOVEVJgv3gX+C7FnKPWtk8YWotqSVt+GBxvZhLFK3tc4xfMw?= =?us-ascii?Q?dBCrqZ7Aecctgsrm1bbZGLQnAqrS9ieeQIb8IzY9u8LdZbqB6oDgBGztzdp0?= =?us-ascii?Q?THiF+t81CvUZvn25I4vQeRS7uXRsnhDRShFvkb7t5k6FyIRXLugtMADOu9q3?= =?us-ascii?Q?0apMgrd1Jt3ahq4hJG9JyxPCRztzng6nBz9DTcv/B03vQC1dkJd3q1Sx/Kyd?= =?us-ascii?Q?2MKRgm+5ywVQRnlU8vzg01GPqJy08e3iFaDUl2XPme0s3QACWkopuv7chokm?= =?us-ascii?Q?Dl4Sfq6nmesTkaB5YR4mSacoLVbYLzdLcJW9+kjqMaZtWTEAMsscPQo0xMIQ?= =?us-ascii?Q?yhdVNrzLwhBDn4STM2CD6KDI4dQkQk1O2pxEKhi8mDilYgJh7qtkcJK8p/vj?= =?us-ascii?Q?tiSAg0PbUqQ/Ufh/7j09QosQWE101UCUgNOr8GAZdu1tf1BbclRKdFmg0fWo?= =?us-ascii?Q?6OBHNyc3ut8OMYPNgO/357aXmwVsCTV0kF4BAhRhQWhcKrZLRvJo7H1GoMNX?= =?us-ascii?Q?Sf3xlH79ngtl5G5BPzHWNZ896V142A/qszNZswkrarurAZNgxoun/tugpivy?= =?us-ascii?Q?h7V/sYnezOOkZwWi68Y+Pa2lhgTPMCJgxkE1m3PCo0Xn9A8qLk2QVFAV9AtA?= =?us-ascii?Q?lBb6+1lhWQe9LPhJOfpqx9RaHq5+IjG4mIeh6opyuzpyjB2EfeLglAOhyijc?= =?us-ascii?Q?n0NroGwb5K60U9WkpppHJTW6i7xWLPzSQCHF7KTpi/iX35WjlD5skd5weHZ6?= =?us-ascii?Q?uCMKwDabrIWo+9L4CZSAmRKWGncUkW4vjZw3P4gC0gOTMsqEmC6+VcsFk9JH?= =?us-ascii?Q?Ojdto70ebqH8NSAhWS90+/ZfDwB2erVDb4BA2eohe/c+TgfRazkxn9eXJZEs?= =?us-ascii?Q?H2f2IhD1FO44rvPxKNgjRAEJejg5WAnObqxiZ4TZC2dfx3nMgaCV+n8g5Z0e?= =?us-ascii?Q?AQr8t5x7SVzDx1XrGuJ9OcE/sYXyTWjCXYqW4D4O?= X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: b59abb7b-1109-4bb7-0c95-08ddb50909c9 X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB9473.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 26 Jun 2025 23:27:38.3191 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: v8jvZwxiu4zbHTk9HK6szbEIr4kgvSkd6T5aMid+gcGtDvavozPP5qYAfgnDsElF X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4085 X-Rspam-User: X-Stat-Signature: cf8tauj4qtde9jwoqm3kx95at1t65bpq X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: 6873720006 X-HE-Tag: 1750980463-133418 X-HE-Meta: U2FsdGVkX1/N1J50bbCahoq8PgVM1Ei73AH5R1bC+Wor3qC24rk4kzsNfMS/Pf4WHV8yU30CnYibFDg3EAqlPTMPljN3bSsXFOXDkqHMcNthfnnKZZ0xBWzrcQ98YxU3hvXegRvefJhK7agDqkrXD9ZxPmvxk6YOM4iZQLSDqX54qNRwbu+B32VSpVaMPuRu2abiQDZ0VQof+uIFszjScipuuNPmUadINE6ywblFBlCcUY2R+nbz4gxpnOvcss7WT7MEyQx3bN3m+/mAGpsW0HbJiPiyVEZYGDm9ENloAADRRkHtda2qV6LSd2h+XqODAU0JOp/5kEVO4DcbdlHfiMF/Dd6Z1pWXERfO/huuggV0fbhfkMSwHslBnb7cA1JKDl4aWkiQn+wcc/jOxdq6MXupZjr4zwlRipbKitIBCg3ms5Cjv7Sqq+Xfz6nz8zbOShbK3CgUlQmv3ETLeo/Cxk8a2JeK7AbzRgKSvr/swbTKQA2+OfxI7FKEaNUV+GGzOfmbb8AMcyFRBRFcl+xr5ZOJHKz/EI06HEs/I2lzizhzY1xAYI480rS5BlOQJSZVlCu0end/0PkuvsbrQDibPDVlQqopH4JnXI34TatZc9zBlJ/kvHzvnYMXkmmuos+rIzJydHPuI5D0JINdaknNQ3b2o4itU0RYq4yNodpDtvFYsYYuCGCyUklo14M0UAYlxnbYHhiWiOGi0ym93p2/JW/Mx1vQpzqSpiz1HvogQW2OkxJ/72aO1aY/6MWpUEHvO64gx9T9wmEJwE+SY0YWHiEi7C37XDl1Wtif0iPxdctD3JtPuyzyEHGaLZN1/tuWGKQzWaeQRE58sqipOce+aCBEFKE/MIKNXJ5WDev39A4kvGrzwTeFX1kjAxA5QroGO0f8AJ5sVZqgi4WgSqm9L7np1RUEyJ4GokZWXts0cgu32zcOb8EFIXjHyKRRzs1GCNUGzCr3L+sF5KmRQSz /DZKEI3J RbYQU9Ga9suv3t9xOVz8URrbtFqjItnKhNBwPhhDaFWXyGA08QIPVi5g8bDA4zfSmnYUO1l5rQkTrhLeG+2ZOzrcCBpgtuUp8ezIfdNgYuxLkcxDm5aITFx7YtOh5/p8kT93RbC2YRYWGDYFrZnUoBKUxpvIqt3Q3NMenDiDISccp1hWpy1dyIvrMQO9zTFkUHW2ToperAe08R11yOBcRFT2ChxkSAtbTEEhhXAuPSgMidGbk1J+Uqu15LZ2qH5sZaGnnxCNpjEaC8Aetlyzcxq1wFVwvL6GCKt8jZIvHtyqYa3cY2GmoDY8YJUqAxcNGrNBA4kvHRQaFnCoy5zcz3pjs5A1uAe1dv0XGXo8jYpwAr2dxJP3eiZUVDjw/ofAjamoIzmJ4FCUUT0aSf9vBL0jbGg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 26 Jun 2025, at 19:21, Pedro Falcato wrote: > On Thu, Jun 26, 2025 at 10:27:36PM +0000, Felix Abecassis wrote: >> Hello linux-mm team, >> >> I have found an interesting behavior in the Linux kernel: an unprivile= ged user >> with access to user namespaces can cause privileged processes to be ki= lled due >> to an OOM situation on a single NUMA node, even if the system has plen= ty of >> memory available on other NUMA nodes. >> >> This might lead to a local denial of service in some situations, so pl= ease >> review and let me know if the current behavior is expected. >> >> The steps are simple: >> 1. Use a Linux system with multiple NUMA nodes >> 2. Enable unprivileged user namespaces (often distro dependent) >> 3. As an unprivileged user, create a user namespace + mount namespace >> and mount a tmpfs bound to NUMA node 1 >> 4. Attempt to fill the tmpfs with more data than it can possibly store= >> 5. The OOM killer will kill a significant amount of system daemons >> (UID 0). >> > > I somewhat agree that this is somewhat unintended tmpfs behavior, but y= ou can > (probably) pull this off in other ways: > > - use set_mempolicy()/mbind to bind to a NUMA node and use a big mmap()= mapping > - just use a lot of memory OOM will kill the app using a lot of memory, but with tmpfs, like you men= tioned below, OOM is not able to find a victim process to kill. > > and it's not limited to NUMA either. > > AFAIK user namespaces aren't really isolating in the sense that you nee= d a > cgroup on top to further control software you don't trust (or want to l= imit > for other reasons) > > > And in this case the particular problem is that tmpfs really can't trac= k > what process "owns" a file, even if O_TMPFILE was specified. So you can= quite > trivially run out of memory in a regular Linux distro by filling up the= /tmp > (if tmpfs, of course), if you have write perms for /tmp, which by defau= lt you do. > > > The only alarming bit (to me) is that cgroups don't work in this case a= s well. > The most adhoc solution I have would be to possibly limit the tmpfs siz= e to > memory.max. Adding the memcg folks for more comments. > > -- > Pedro > >> The possible mitigations I currently know of are: create a swap space,= disable >> unprivileged user namespaces, or set sysctl vm.oom_kill_allocating_tas= k=3D1. >> >> To be 100% clear, this does not require elevated privileges, and we ar= e only >> using a fraction of the total system memory. >> >> Below is an example on a Ubuntu 25.04 VM under qemu where I hotplugged= a new >> NUMA node with 1GB of memory, I also place the current process under a= 2GB >> memory cgroup to show that it's not an effective mitigation. >> >> $ uname -a >> Linux ubuntu 6.14.0-22-generic #22-Ubuntu SMP PREEMPT_DYNAMIC Wed May = 21 15:01:51 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux >> >> $ id -u >> 1000 >> >> # Enable unprivileged user namespaces (this is an Ubuntu feature) >> $ sudo sysctl kernel.apparmor_restrict_unprivileged_userns=3D0 >> >> $ sudo sh -c 'echo 2G > /sys/fs/cgroup/user.slice/user-1000.slice/memo= ry.max' >> >> $ numastat -mzc >> >> Per-node system memory usage (in MBs): >> Token Unaccepted not in hash table. >> Token Unaccepted not in hash table. >> Node 0 Node 1 Total >> ------ ------ ----- >> MemTotal 7940 1024 8964 >> MemFree 7533 1024 8557 >> MemUsed 407 0 407 >> Active 176 0 176 >> Inactive 44 0 44 >> Active(anon) 42 0 42 >> Active(file) 134 0 134 >> Inactive(file) 44 0 44 >> Unevictable 26 0 26 >> Mlocked 26 0 26 >> Dirty 0 0 0 >> FilePages 186 0 186 >> Mapped 57 0 57 >> AnonPages 59 0 59 >> Shmem 1 0 1 >> KernelStack 2 0 2 >> PageTables 2 0 2 >> Slab 84 0 84 >> SReclaimable 17 0 17 >> SUnreclaim 68 0 68 >> KReclaimable 17 0 17 >> >> $ unshare -U -r -m sh -xc 'mount -t tmpfs -o mpol=3Dbind:1 tmpfs /dev/= shm ; dd if=3D/dev/zero of=3D/dev/shm/file bs=3D64K count=3D25000' >> + mount -t tmpfs -o mpol=3Dbind:1 tmpfs /dev/shm >> + dd if=3D/dev/zero of=3D/dev/shm/file bs=3D64K count=3D25000 >> [ 294.046130] Out of memory: Killed process 1074 (systemd) total-vm:2= 1968kB, anon-rss:2048kB, file-rss:10164kB, shmem-rss:0kB, UID:1000 pgtabl= es:88kB oom_score_adj:100 >> [ 294.052224] Out of memory: Killed process 1076 ((sd-pam)) total-vm:= 21992kB, anon-rss:1772kB, file-rss:1832kB, shmem-rss:0kB, UID:1000 pgtabl= es:76kB oom_score_adj:100 >> [ 294.058446] Out of memory: Killed process 821 (unattended-upgr) tot= al-vm:121388kB, anon-rss:13272kB, file-rss:16004kB, shmem-rss:0kB, UID:0 = pgtables:140kB oom_score_adj:0 >> [ 294.064551] Out of memory: Killed process 423 (systemd-resolve) tot= al-vm:23200kB, anon-rss:2560kB, file-rss:11504kB, shmem-rss:0kB, UID:990 = pgtables:88kB oom_score_adj:0 >> [ 294.070491] Out of memory: Killed process 789 (udisksd) total-vm:47= 0572kB, anon-rss:1920kB, file-rss:11840kB, shmem-rss:0kB, UID:0 pgtables:= 136kB oom_score_adj:0 >> [ 294.076371] Out of memory: Killed process 848 (ModemManager) total-= vm:391392kB, anon-rss:1792kB, file-rss:10516kB, shmem-rss:0kB, UID:0 pgta= bles:124kB oom_score_adj:0 >> [ 294.082350] Out of memory: Killed process 733 (systemd-network) tot= al-vm:20804kB, anon-rss:1296kB, file-rss:10068kB, shmem-rss:0kB, UID:998 = pgtables:76kB oom_score_adj:0 >> [ 294.088273] Out of memory: Killed process 1141 ((resolved)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8556kB, shmem-rss:0kB, UID:0 pgtable= s:80kB oom_score_adj:0 >> [ 294.094350] Out of memory: Killed process 788 (systemd-logind) tota= l-vm:18896kB, anon-rss:896kB, file-rss:7968kB, shmem-rss:0kB, UID:0 pgtab= les:84kB oom_score_adj:0 >> [ 294.100461] Out of memory: Killed process 1151 ((resolved)) total-v= m:20604kB, anon-rss:1280kB, file-rss:7732kB, shmem-rss:0kB, UID:0 pgtable= s:84kB oom_score_adj:0 >> [ 294.106462] Out of memory: Killed process 1154 ((networkd)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8036kB, shmem-rss:0kB, UID:0 pgtable= s:84kB oom_score_adj:0 >> [ 294.112592] Out of memory: Killed process 1155 ((resolved)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8648kB, shmem-rss:0kB, UID:0 pgtable= s:84kB oom_score_adj:0 >> [ 294.118725] Out of memory: Killed process 1161 ((networkd)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8648kB, shmem-rss:0kB, UID:998 pgtab= les:84kB oom_score_adj:0 >> [ 294.124827] Out of memory: Killed process 1165 ((resolved)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8484kB, shmem-rss:0kB, UID:0 pgtable= s:88kB oom_score_adj:0 >> [ 294.131138] Out of memory: Killed process 1169 ((networkd)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8604kB, shmem-rss:0kB, UID:0 pgtable= s:80kB oom_score_adj:0 >> [ 294.137548] Out of memory: Killed process 1177 ((resolved)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8592kB, shmem-rss:0kB, UID:0 pgtable= s:84kB oom_score_adj:0 >> [ 294.144659] Out of memory: Killed process 1187 ((networkd)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8800kB, shmem-rss:0kB, UID:998 pgtab= les:80kB oom_score_adj:0 >> [ 294.151118] Out of memory: Killed process 1179 (systemd-logind) tot= al-vm:18728kB, anon-rss:1024kB, file-rss:7972kB, shmem-rss:0kB, UID:0 pgt= ables:76kB oom_score_adj:0 >> [ 294.157569] Out of memory: Killed process 1194 ((networkd)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8596kB, shmem-rss:0kB, UID:0 pgtable= s:80kB oom_score_adj:0 >> [ 294.163877] Out of memory: Killed process 417 (systemd-timesyn) tot= al-vm:91608kB, anon-rss:896kB, file-rss:7132kB, shmem-rss:0kB, UID:996 pg= tables:88kB oom_score_adj:0 >> [ 294.170240] Out of memory: Killed process 783 (polkitd) total-vm:30= 6832kB, anon-rss:640kB, file-rss:7264kB, shmem-rss:0kB, UID:988 pgtables:= 96kB oom_score_adj:0 >> [ 294.176668] Out of memory: Killed process 1200 ((imesyncd)) total-v= m:20604kB, anon-rss:1280kB, file-rss:7776kB, shmem-rss:0kB, UID:0 pgtable= s:84kB oom_score_adj:0 >> [ 294.183107] Out of memory: Killed process 1205 (9) total-vm:20136kB= , anon-rss:1152kB, file-rss:6584kB, shmem-rss:0kB, UID:0 pgtables:80kB oo= m_score_adj:0 >> [ 294.189627] Out of memory: Killed process 1210 ((imesyncd)) total-v= m:20604kB, anon-rss:1280kB, file-rss:7844kB, shmem-rss:0kB, UID:0 pgtable= s:80kB oom_score_adj:0 >> [ 294.196227] Out of memory: Killed process 1209 ((d-logind)) total-v= m:20140kB, anon-rss:1280kB, file-rss:7284kB, shmem-rss:0kB, UID:0 pgtable= s:80kB oom_score_adj:0 >> [ 294.202956] Out of memory: Killed process 1212 ((imesyncd)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8568kB, shmem-rss:0kB, UID:0 pgtable= s:84kB oom_score_adj:0 >> [ 294.209719] Out of memory: Killed process 1223 ((imesyncd)) total-v= m:20604kB, anon-rss:1280kB, file-rss:8556kB, shmem-rss:0kB, UID:0 pgtable= s:80kB oom_score_adj:0 >> [ 294.216356] Out of memory: Killed process 851 (rsyslogd) total-vm:2= 20676kB, anon-rss:1280kB, file-rss:4292kB, shmem-rss:0kB, UID:101 pgtable= s:80kB oom_score_adj:0 >> [ 294.223146] Out of memory: Killed process 1220 (systemd-logind) tot= al-vm:18728kB, anon-rss:1024kB, file-rss:8044kB, shmem-rss:0kB, UID:0 pgt= ables:88kB oom_score_adj:0 >> [ 294.229888] Out of memory: Killed process 1234 ((systemd)) total-vm= :21992kB, anon-rss:1664kB, file-rss:8852kB, shmem-rss:0kB, UID:0 pgtables= :84kB oom_score_adj:100 >> [ 294.236624] Out of memory: Killed process 952 (login) total-vm:1122= 0kB, anon-rss:768kB, file-rss:4616kB, shmem-rss:0kB, UID:0 pgtables:64kB = oom_score_adj:0 >> [ 294.243266] Out of memory: Killed process 940 (cron) total-vm:7512k= B, anon-rss:256kB, file-rss:2760kB, shmem-rss:0kB, UID:0 pgtables:56kB oo= m_score_adj:0 >> [ 294.249871] Out of memory: Killed process 956 (agetty) total-vm:851= 6kB, anon-rss:128kB, file-rss:2492kB, shmem-rss:0kB, UID:0 pgtables:60kB = oom_score_adj:0 Best Regards, Yan, Zi