From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Mackerras Subject: Re: [PATCH kernel 5/9] KVM: PPC: Account TCE-containing pages in locked_vm Date: Mon, 30 Nov 2015 13:06:00 +1100 Message-ID: <20151130020600.GB8991@fergus.ozlabs.ibm.com> References: <1442314179-9706-1-git-send-email-aik@ozlabs.ru> <1442314179-9706-6-git-send-email-aik@ozlabs.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: linuxppc-dev@lists.ozlabs.org, Alexander Graf , David Gibson , kvm-ppc@vger.kernel.org, kvm@vger.kernel.org To: Alexey Kardashevskiy Return-path: Received: from ozlabs.org ([103.22.144.67]:56695 "EHLO ozlabs.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751730AbbK3CG0 (ORCPT ); Sun, 29 Nov 2015 21:06:26 -0500 Content-Disposition: inline In-Reply-To: <1442314179-9706-6-git-send-email-aik@ozlabs.ru> Sender: kvm-owner@vger.kernel.org List-ID: On Tue, Sep 15, 2015 at 08:49:35PM +1000, Alexey Kardashevskiy wrote: > At the moment pages used for TCE tables (in addition to pages addressed > by TCEs) are not counted in locked_vm counter so a malicious userspace > tool can call ioctl(KVM_CREATE_SPAPR_TCE) as many times as RLIMIT_NOFILE and > lock a lot of memory. > > This adds counting for pages used for TCE tables. > > This counts the number of pages required for a table plus pages for > the kvmppc_spapr_tce_table struct (TCE table descriptor) itself. > > This does not change the amount of (de)allocated memory. > > Signed-off-by: Alexey Kardashevskiy > --- > arch/powerpc/kvm/book3s_64_vio.c | 51 +++++++++++++++++++++++++++++++++++++++- > 1 file changed, 50 insertions(+), 1 deletion(-) > > diff --git a/arch/powerpc/kvm/book3s_64_vio.c b/arch/powerpc/kvm/book3s_64_vio.c > index 9526c34..b70787d 100644 > --- a/arch/powerpc/kvm/book3s_64_vio.c > +++ b/arch/powerpc/kvm/book3s_64_vio.c > @@ -45,13 +45,56 @@ static long kvmppc_stt_npages(unsigned long window_size) > * sizeof(u64), PAGE_SIZE) / PAGE_SIZE; > } > > +static long kvmppc_account_memlimit(long npages, bool inc) > +{ > + long ret = 0; > + const long bytes = sizeof(struct kvmppc_spapr_tce_table) + > + (abs(npages) * sizeof(struct page *)); Why abs(npages)? Can npages be negative? If so, what does that mean? Paul. From mboxrd@z Thu Jan 1 00:00:00 1970 From: Paul Mackerras Date: Mon, 30 Nov 2015 02:06:00 +0000 Subject: Re: [PATCH kernel 5/9] KVM: PPC: Account TCE-containing pages in locked_vm Message-Id: <20151130020600.GB8991@fergus.ozlabs.ibm.com> List-Id: References: <1442314179-9706-1-git-send-email-aik@ozlabs.ru> <1442314179-9706-6-git-send-email-aik@ozlabs.ru> In-Reply-To: <1442314179-9706-6-git-send-email-aik@ozlabs.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Alexey Kardashevskiy Cc: linuxppc-dev@lists.ozlabs.org, Alexander Graf , David Gibson , kvm-ppc@vger.kernel.org, kvm@vger.kernel.org On Tue, Sep 15, 2015 at 08:49:35PM +1000, Alexey Kardashevskiy wrote: > At the moment pages used for TCE tables (in addition to pages addressed > by TCEs) are not counted in locked_vm counter so a malicious userspace > tool can call ioctl(KVM_CREATE_SPAPR_TCE) as many times as RLIMIT_NOFILE and > lock a lot of memory. > > This adds counting for pages used for TCE tables. > > This counts the number of pages required for a table plus pages for > the kvmppc_spapr_tce_table struct (TCE table descriptor) itself. > > This does not change the amount of (de)allocated memory. > > Signed-off-by: Alexey Kardashevskiy > --- > arch/powerpc/kvm/book3s_64_vio.c | 51 +++++++++++++++++++++++++++++++++++++++- > 1 file changed, 50 insertions(+), 1 deletion(-) > > diff --git a/arch/powerpc/kvm/book3s_64_vio.c b/arch/powerpc/kvm/book3s_64_vio.c > index 9526c34..b70787d 100644 > --- a/arch/powerpc/kvm/book3s_64_vio.c > +++ b/arch/powerpc/kvm/book3s_64_vio.c > @@ -45,13 +45,56 @@ static long kvmppc_stt_npages(unsigned long window_size) > * sizeof(u64), PAGE_SIZE) / PAGE_SIZE; > } > > +static long kvmppc_account_memlimit(long npages, bool inc) > +{ > + long ret = 0; > + const long bytes = sizeof(struct kvmppc_spapr_tce_table) + > + (abs(npages) * sizeof(struct page *)); Why abs(npages)? Can npages be negative? If so, what does that mean? Paul.