From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757343Ab2FZNoX (ORCPT ); Tue, 26 Jun 2012 09:44:23 -0400 Received: from mail-qa0-f49.google.com ([209.85.216.49]:60728 "EHLO mail-qa0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757123Ab2FZNoV (ORCPT ); Tue, 26 Jun 2012 09:44:21 -0400 Date: Tue, 26 Jun 2012 15:44:15 +0200 From: Frederic Weisbecker To: Glauber Costa Cc: Tejun Heo , Frederic Weisbecker , cgroups@vger.kernel.org, linux-mm@kvack.org, Andrew Morton , linux-kernel@vger.kernel.org, David Rientjes , Pekka Enberg , Michal Hocko , Johannes Weiner , Christoph Lameter , devel@openvz.org, kamezawa.hiroyu@jp.fujitsu.com, Pekka Enberg , Suleiman Souhlal Subject: Re: [PATCH 11/11] protect architectures where THREAD_SIZE >= PAGE_SIZE against fork bombs Message-ID: <20120626134412.GB11519@somewhere.redhat.com> References: <1340633728-12785-1-git-send-email-glommer@parallels.com> <1340633728-12785-12-git-send-email-glommer@parallels.com> <4FE89807.50708@redhat.com> <20120625183818.GH3869@google.com> <4FE9AF88.5070803@parallels.com> <20120626133838.GA11519@somewhere.redhat.com> <4FE9BB25.60905@parallels.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4FE9BB25.60905@parallels.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jun 26, 2012 at 05:37:41PM +0400, Glauber Costa wrote: > On 06/26/2012 05:38 PM, Frederic Weisbecker wrote: > >On Tue, Jun 26, 2012 at 04:48:08PM +0400, Glauber Costa wrote: > >>On 06/25/2012 10:38 PM, Tejun Heo wrote: > >>>On Mon, Jun 25, 2012 at 06:55:35PM +0200, Frederic Weisbecker wrote: > >>>>On 06/25/2012 04:15 PM, Glauber Costa wrote: > >>>> > >>>>>Because those architectures will draw their stacks directly from > >>>>>the page allocator, rather than the slab cache, we can directly > >>>>>pass __GFP_KMEMCG flag, and issue the corresponding free_pages. > >>>>> > >>>>>This code path is taken when the architecture doesn't define > >>>>>CONFIG_ARCH_THREAD_INFO_ALLOCATOR (only ia64 seems to), and has > >>>>>THREAD_SIZE >= PAGE_SIZE. Luckily, most - if not all - of the > >>>>>remaining architectures fall in this category. > >>>>> > >>>>>This will guarantee that every stack page is accounted to the memcg > >>>>>the process currently lives on, and will have the allocations to fail > >>>>>if they go over limit. > >>>>> > >>>>>For the time being, I am defining a new variant of THREADINFO_GFP, not > >>>>>to mess with the other path. Once the slab is also tracked by memcg, > >>>>>we can get rid of that flag. > >>>>> > >>>>>Tested to successfully protect against :(){ :|:& };: > >>>>> > >>>>>Signed-off-by: Glauber Costa > >>>>>CC: Christoph Lameter > >>>>>CC: Pekka Enberg > >>>>>CC: Michal Hocko > >>>>>CC: Kamezawa Hiroyuki > >>>>>CC: Johannes Weiner > >>>>>CC: Suleiman Souhlal > >>>> > >>>> > >>>>Acked-by: Frederic Weisbecker > >>> > >>>Frederic, does this (with proper slab accounting added later) achieve > >>>what you wanted with the task counter? > >>> > >> > >>A note: Frederic may confirm, but I think he doesn't even need > >>the slab accounting to follow to achieve that goal. > > > >Limiting is enough. But that requires internal accounting. > > > Yes, but why the *slab* needs to get involved? > accounting task stack pages should be equivalent to what you > were doing, even without slab accounting. Right ? Yeah that alone should be fine. From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from psmtp.com (na3sys010amx194.postini.com [74.125.245.194]) by kanga.kvack.org (Postfix) with SMTP id 02B076B0113 for ; Tue, 26 Jun 2012 09:44:21 -0400 (EDT) Received: by qcsp15 with SMTP id p15so3334666qcs.30 for ; Tue, 26 Jun 2012 06:44:21 -0700 (PDT) Date: Tue, 26 Jun 2012 15:44:15 +0200 From: Frederic Weisbecker Subject: Re: [PATCH 11/11] protect architectures where THREAD_SIZE >= PAGE_SIZE against fork bombs Message-ID: <20120626134412.GB11519@somewhere.redhat.com> References: <1340633728-12785-1-git-send-email-glommer@parallels.com> <1340633728-12785-12-git-send-email-glommer@parallels.com> <4FE89807.50708@redhat.com> <20120625183818.GH3869@google.com> <4FE9AF88.5070803@parallels.com> <20120626133838.GA11519@somewhere.redhat.com> <4FE9BB25.60905@parallels.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4FE9BB25.60905@parallels.com> Sender: owner-linux-mm@kvack.org List-ID: To: Glauber Costa Cc: Tejun Heo , Frederic Weisbecker , cgroups@vger.kernel.org, linux-mm@kvack.org, Andrew Morton , linux-kernel@vger.kernel.org, David Rientjes , Pekka Enberg , Michal Hocko , Johannes Weiner , Christoph Lameter , devel@openvz.org, kamezawa.hiroyu@jp.fujitsu.com, Pekka Enberg , Suleiman Souhlal On Tue, Jun 26, 2012 at 05:37:41PM +0400, Glauber Costa wrote: > On 06/26/2012 05:38 PM, Frederic Weisbecker wrote: > >On Tue, Jun 26, 2012 at 04:48:08PM +0400, Glauber Costa wrote: > >>On 06/25/2012 10:38 PM, Tejun Heo wrote: > >>>On Mon, Jun 25, 2012 at 06:55:35PM +0200, Frederic Weisbecker wrote: > >>>>On 06/25/2012 04:15 PM, Glauber Costa wrote: > >>>> > >>>>>Because those architectures will draw their stacks directly from > >>>>>the page allocator, rather than the slab cache, we can directly > >>>>>pass __GFP_KMEMCG flag, and issue the corresponding free_pages. > >>>>> > >>>>>This code path is taken when the architecture doesn't define > >>>>>CONFIG_ARCH_THREAD_INFO_ALLOCATOR (only ia64 seems to), and has > >>>>>THREAD_SIZE >= PAGE_SIZE. Luckily, most - if not all - of the > >>>>>remaining architectures fall in this category. > >>>>> > >>>>>This will guarantee that every stack page is accounted to the memcg > >>>>>the process currently lives on, and will have the allocations to fail > >>>>>if they go over limit. > >>>>> > >>>>>For the time being, I am defining a new variant of THREADINFO_GFP, not > >>>>>to mess with the other path. Once the slab is also tracked by memcg, > >>>>>we can get rid of that flag. > >>>>> > >>>>>Tested to successfully protect against :(){ :|:& };: > >>>>> > >>>>>Signed-off-by: Glauber Costa > >>>>>CC: Christoph Lameter > >>>>>CC: Pekka Enberg > >>>>>CC: Michal Hocko > >>>>>CC: Kamezawa Hiroyuki > >>>>>CC: Johannes Weiner > >>>>>CC: Suleiman Souhlal > >>>> > >>>> > >>>>Acked-by: Frederic Weisbecker > >>> > >>>Frederic, does this (with proper slab accounting added later) achieve > >>>what you wanted with the task counter? > >>> > >> > >>A note: Frederic may confirm, but I think he doesn't even need > >>the slab accounting to follow to achieve that goal. > > > >Limiting is enough. But that requires internal accounting. > > > Yes, but why the *slab* needs to get involved? > accounting task stack pages should be equivalent to what you > were doing, even without slab accounting. Right ? Yeah that alone should be fine. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 From: Frederic Weisbecker Subject: Re: [PATCH 11/11] protect architectures where THREAD_SIZE >= PAGE_SIZE against fork bombs Date: Tue, 26 Jun 2012 15:44:15 +0200 Message-ID: <20120626134412.GB11519@somewhere.redhat.com> References: <1340633728-12785-1-git-send-email-glommer@parallels.com> <1340633728-12785-12-git-send-email-glommer@parallels.com> <4FE89807.50708@redhat.com> <20120625183818.GH3869@google.com> <4FE9AF88.5070803@parallels.com> <20120626133838.GA11519@somewhere.redhat.com> <4FE9BB25.60905@parallels.com> Mime-Version: 1.0 Return-path: DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=F/yWHjzHxx/J5co2MwEaJAyuqwgqGlywP90tL/v+Wzw=; b=w5AkPpYtJsiBNx3zEvjYXQVvnqm5aks3KME2dShOWNHwCGEPWj/3QRX4uAbeNowpCR Y6qJCUeWHJtTsNzyefRMgQVNfC4/Rmzi+lELwTiOdVSyPizsR9d0IblRg9m1q1eTP+Iu KCCL7MAY39+I60CKXchxpAlB6khtRhr3MJYH+xkmQZxhI2UE4Esi+bUEyxp0E0nSiSmg D6IAwovx0HbbB1ySMAB9ldvz0Sou5IK/iVcTIoJzhU76PrRHEaUPBYF2wBw7hB6ryJVY mjgT+BwN+r5i3WGMbIqnKcjvUzOmc33xmk633xGGV5awxbrBV8PHN/benrm84M6u1Tzr jRdQ== Content-Disposition: inline In-Reply-To: <4FE9BB25.60905-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org> Sender: cgroups-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-ID: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Glauber Costa Cc: Tejun Heo , Frederic Weisbecker , cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org, Andrew Morton , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, David Rientjes , Pekka Enberg , Michal Hocko , Johannes Weiner , Christoph Lameter , devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org, kamezawa.hiroyu-+CUm20s59erQFUHtdCDX3A@public.gmane.org, Pekka Enberg , Suleiman Souhlal On Tue, Jun 26, 2012 at 05:37:41PM +0400, Glauber Costa wrote: > On 06/26/2012 05:38 PM, Frederic Weisbecker wrote: > >On Tue, Jun 26, 2012 at 04:48:08PM +0400, Glauber Costa wrote: > >>On 06/25/2012 10:38 PM, Tejun Heo wrote: > >>>On Mon, Jun 25, 2012 at 06:55:35PM +0200, Frederic Weisbecker wrote: > >>>>On 06/25/2012 04:15 PM, Glauber Costa wrote: > >>>> > >>>>>Because those architectures will draw their stacks directly from > >>>>>the page allocator, rather than the slab cache, we can directly > >>>>>pass __GFP_KMEMCG flag, and issue the corresponding free_pages. > >>>>> > >>>>>This code path is taken when the architecture doesn't define > >>>>>CONFIG_ARCH_THREAD_INFO_ALLOCATOR (only ia64 seems to), and has > >>>>>THREAD_SIZE >= PAGE_SIZE. Luckily, most - if not all - of the > >>>>>remaining architectures fall in this category. > >>>>> > >>>>>This will guarantee that every stack page is accounted to the memcg > >>>>>the process currently lives on, and will have the allocations to fail > >>>>>if they go over limit. > >>>>> > >>>>>For the time being, I am defining a new variant of THREADINFO_GFP, not > >>>>>to mess with the other path. Once the slab is also tracked by memcg, > >>>>>we can get rid of that flag. > >>>>> > >>>>>Tested to successfully protect against :(){ :|:& };: > >>>>> > >>>>>Signed-off-by: Glauber Costa > >>>>>CC: Christoph Lameter > >>>>>CC: Pekka Enberg > >>>>>CC: Michal Hocko > >>>>>CC: Kamezawa Hiroyuki > >>>>>CC: Johannes Weiner > >>>>>CC: Suleiman Souhlal > >>>> > >>>> > >>>>Acked-by: Frederic Weisbecker > >>> > >>>Frederic, does this (with proper slab accounting added later) achieve > >>>what you wanted with the task counter? > >>> > >> > >>A note: Frederic may confirm, but I think he doesn't even need > >>the slab accounting to follow to achieve that goal. > > > >Limiting is enough. But that requires internal accounting. > > > Yes, but why the *slab* needs to get involved? > accounting task stack pages should be equivalent to what you > were doing, even without slab accounting. Right ? Yeah that alone should be fine.