From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0B305C433EF for ; Mon, 23 May 2022 09:45:14 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 749A36B0005; Mon, 23 May 2022 05:45:14 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 6D2A06B0006; Mon, 23 May 2022 05:45:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 59AD66B0007; Mon, 23 May 2022 05:45:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 439BA6B0005 for ; Mon, 23 May 2022 05:45:14 -0400 (EDT) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id 0E47BD36 for ; Mon, 23 May 2022 09:45:14 +0000 (UTC) X-FDA: 79496524548.25.04059E9 Received: from out0.migadu.com (out0.migadu.com [94.23.1.103]) by imf02.hostedemail.com (Postfix) with ESMTP id 0DC88800EF for ; Mon, 23 May 2022 09:45:10 +0000 (UTC) Message-ID: <0017e4c6-84d8-6d62-2ceb-4851771fec18@linux.dev> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1653299111; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xzDfkTjQhONMEpUiGwdClhq7wMW8hJhptzcebkFZ4fY=; b=qLAwUHyTcw9VMr5IKzQkJNQnD7g3cOF1I0/lcg+Ubkym4eB3uU7axJHz49oSAZnaiPgA+b Uw9iWxqe+j7HqWmLUfV53wy9gtYcXiJEtqk5Jxz/HsTUFhiEm7iPESan/3LMykPpzM6TF8 hVBVciGAVMnToa0pGS8fJs37cGknwAA= Date: Mon, 23 May 2022 12:45:09 +0300 MIME-Version: 1.0 Subject: Re: [PATCH] memcg: enable accounting in keyctl subsys Content-Language: en-US To: Yutian Yang , jarkko@kernel.org, Shakeel Butt , Michal Hocko , David Howells , Roman Gushchin Cc: cgroups@vger.kernel.org, linux-mm@kvack.org, shenwenbo@zju.edu.cn, Johannes Weiner , kernel@openvz.org References: <1626682667-10771-1-git-send-email-nglaive@gmail.com> X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Vasily Averin In-Reply-To: <1626682667-10771-1-git-send-email-nglaive@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: linux.dev X-Rspam-User: X-Rspamd-Queue-Id: 0DC88800EF X-Stat-Signature: uobo16wskc7gt5fx6mjkym7n3zmcw75q Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=linux.dev header.s=key1 header.b=qLAwUHyT; dmarc=pass (policy=none) header.from=linux.dev; spf=pass (imf02.hostedemail.com: domain of vasily.averin@linux.dev designates 94.23.1.103 as permitted sender) smtp.mailfrom=vasily.averin@linux.dev X-Rspamd-Server: rspam04 X-HE-Tag: 1653299110-706925 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 7/19/21 11:17, Yutian Yang wrote: > This patch enables accounting for key objects and auth record objects. > Allocation of the objects are triggerable by syscalls from userspace. > > We have written a PoC to show that the missing-charging objects lead to > breaking memcg limits. The PoC program takes around 2.2GB unaccounted > memory, while it is charged for only 24MB memory usage. We evaluate the > PoC on QEMU x86_64 v5.2.90 + Linux kernel v5.10.19 + Debian buster. All > the limitations including ulimits and sysctl variables are set as default. > Specifically, we set kernel.keys.maxbytes = 20000 and > kernel.keys.maxkeys = 200. > > /*------------------------- POC code ----------------------------*/ [skipped] > /*-------------------------- end --------------------------------*/ I experimented with "keyctl request2 user debug: X:Y Z" inside the container and found that the problem is still relevant and the proposed patch solves it correctly. I didn't find any complaints about this patch, could someone explain why it wasn't applied? If no one objects, I'd like to push it. > Signed-off-by: Yutian Yang Reviewed-by: Vasily Averin Thank you, Vasily Averin PS. Should I perhaps resend it? > --- > security/keys/key.c | 4 ++-- > security/keys/request_key_auth.c | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/security/keys/key.c b/security/keys/key.c > index e282c6179..925d85c2e 100644 > --- a/security/keys/key.c > +++ b/security/keys/key.c > @@ -279,7 +279,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, > goto no_memory_2; > > key->index_key.desc_len = desclen; > - key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL); > + key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL_ACCOUNT); > if (!key->index_key.description) > goto no_memory_3; > key->index_key.type = type; > @@ -1198,7 +1198,7 @@ void __init key_init(void) > { > /* allocate a slab in which we can store keys */ > key_jar = kmem_cache_create("key_jar", sizeof(struct key), > - 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); > + 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, NULL); > > /* add the special key types */ > list_add_tail(&key_type_keyring.link, &key_types_list); > diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c > index 41e973500..ed50a100a 100644 > --- a/security/keys/request_key_auth.c > +++ b/security/keys/request_key_auth.c > @@ -171,10 +171,10 @@ struct key *request_key_auth_new(struct key *target, const char *op, > kenter("%d,", target->serial); > > /* allocate a auth record */ > - rka = kzalloc(sizeof(*rka), GFP_KERNEL); > + rka = kzalloc(sizeof(*rka), GFP_KERNEL_ACCOUNT); > if (!rka) > goto error; > - rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL); > + rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL_ACCOUNT); > if (!rka->callout_info) > goto error_free_rka; > rka->callout_len = callout_len; From mboxrd@z Thu Jan 1 00:00:00 1970 From: Vasily Averin Subject: Re: [PATCH] memcg: enable accounting in keyctl subsys Date: Mon, 23 May 2022 12:45:09 +0300 Message-ID: <0017e4c6-84d8-6d62-2ceb-4851771fec18@linux.dev> References: <1626682667-10771-1-git-send-email-nglaive@gmail.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.dev; s=key1; t=1653299111; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xzDfkTjQhONMEpUiGwdClhq7wMW8hJhptzcebkFZ4fY=; b=qLAwUHyTcw9VMr5IKzQkJNQnD7g3cOF1I0/lcg+Ubkym4eB3uU7axJHz49oSAZnaiPgA+b Uw9iWxqe+j7HqWmLUfV53wy9gtYcXiJEtqk5Jxz/HsTUFhiEm7iPESan/3LMykPpzM6TF8 hVBVciGAVMnToa0pGS8fJs37cGknwAA= Content-Language: en-US In-Reply-To: <1626682667-10771-1-git-send-email-nglaive-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> List-ID: Content-Type: text/plain; charset="us-ascii" To: Yutian Yang , jarkko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org, Shakeel Butt , Michal Hocko , David Howells , Roman Gushchin Cc: cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, shenwenbo-Y5EWUtBUdg4nDS1+zs4M5A@public.gmane.org, Johannes Weiner , kernel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org On 7/19/21 11:17, Yutian Yang wrote: > This patch enables accounting for key objects and auth record objects. > Allocation of the objects are triggerable by syscalls from userspace. > > We have written a PoC to show that the missing-charging objects lead to > breaking memcg limits. The PoC program takes around 2.2GB unaccounted > memory, while it is charged for only 24MB memory usage. We evaluate the > PoC on QEMU x86_64 v5.2.90 + Linux kernel v5.10.19 + Debian buster. All > the limitations including ulimits and sysctl variables are set as default. > Specifically, we set kernel.keys.maxbytes = 20000 and > kernel.keys.maxkeys = 200. > > /*------------------------- POC code ----------------------------*/ [skipped] > /*-------------------------- end --------------------------------*/ I experimented with "keyctl request2 user debug: X:Y Z" inside the container and found that the problem is still relevant and the proposed patch solves it correctly. I didn't find any complaints about this patch, could someone explain why it wasn't applied? If no one objects, I'd like to push it. > Signed-off-by: Yutian Yang Reviewed-by: Vasily Averin Thank you, Vasily Averin PS. Should I perhaps resend it? > --- > security/keys/key.c | 4 ++-- > security/keys/request_key_auth.c | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/security/keys/key.c b/security/keys/key.c > index e282c6179..925d85c2e 100644 > --- a/security/keys/key.c > +++ b/security/keys/key.c > @@ -279,7 +279,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, > goto no_memory_2; > > key->index_key.desc_len = desclen; > - key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL); > + key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL_ACCOUNT); > if (!key->index_key.description) > goto no_memory_3; > key->index_key.type = type; > @@ -1198,7 +1198,7 @@ void __init key_init(void) > { > /* allocate a slab in which we can store keys */ > key_jar = kmem_cache_create("key_jar", sizeof(struct key), > - 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); > + 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, NULL); > > /* add the special key types */ > list_add_tail(&key_type_keyring.link, &key_types_list); > diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c > index 41e973500..ed50a100a 100644 > --- a/security/keys/request_key_auth.c > +++ b/security/keys/request_key_auth.c > @@ -171,10 +171,10 @@ struct key *request_key_auth_new(struct key *target, const char *op, > kenter("%d,", target->serial); > > /* allocate a auth record */ > - rka = kzalloc(sizeof(*rka), GFP_KERNEL); > + rka = kzalloc(sizeof(*rka), GFP_KERNEL_ACCOUNT); > if (!rka) > goto error; > - rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL); > + rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL_ACCOUNT); > if (!rka->callout_info) > goto error_free_rka; > rka->callout_len = callout_len;