From: Vasily Averin <vasily.averin@linux.dev>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Yutian Yang <nglaive@gmail.com>,
Shakeel Butt <shakeelb@google.com>,
Michal Hocko <mhocko@kernel.org>,
David Howells <dhowells@redhat.com>,
Roman Gushchin <roman.gushchin@linux.dev>,
cgroups@vger.kernel.org, linux-mm@kvack.org,
shenwenbo@zju.edu.cn, Johannes Weiner <hannes@cmpxchg.org>,
kernel@openvz.org, Jarkko Sakkinen <jarkko@kernel.org>
Subject: Re: [PATCH] memcg: enable accounting in keyctl subsys
Date: Mon, 30 May 2022 12:38:28 +0300 [thread overview]
Message-ID: <ca0ba233-ed09-5dce-5f38-2e05b1114610@linux.dev> (raw)
In-Reply-To: <YovnzLqXqEHY6SAC@kernel.org>
Dear Andrew,
could you please pick up this patch too?
Thank you,
Vasily Averin
On 5/23/22 23:00, Jarkko Sakkinen wrote:
> On Mon, May 23, 2022 at 12:45:09PM +0300, Vasily Averin wrote:
>> On 7/19/21 11:17, Yutian Yang wrote:
>>> This patch enables accounting for key objects and auth record objects.
>>> Allocation of the objects are triggerable by syscalls from userspace.
>>>
>>> We have written a PoC to show that the missing-charging objects lead to
>>> breaking memcg limits. The PoC program takes around 2.2GB unaccounted
>>> memory, while it is charged for only 24MB memory usage. We evaluate the
>>> PoC on QEMU x86_64 v5.2.90 + Linux kernel v5.10.19 + Debian buster. All
>>> the limitations including ulimits and sysctl variables are set as default.
>>> Specifically, we set kernel.keys.maxbytes = 20000 and
>>> kernel.keys.maxkeys = 200.
>>>
>>> /*------------------------- POC code ----------------------------*/
>> [skipped]
>>> /*-------------------------- end --------------------------------*/
>>
>> I experimented with "keyctl request2 user debug: X:Y Z" inside the container
>> and found that the problem is still relevant and the proposed patch solves it
>> correctly.
>>
>> I didn't find any complaints about this patch, could someone explain why
>> it wasn't applied? If no one objects, I'd like to push it.
>>
>>> Signed-off-by: Yutian Yang <nglaive@gmail.com>
>> Reviewed-by: Vasily Averin <vvs@openvz.org>
>>
>> Thank you,
>> Vasily Averin
>>
>> PS. Should I perhaps resend it?
>>
>>> ---
>>> security/keys/key.c | 4 ++--
>>> security/keys/request_key_auth.c | 4 ++--
>>> 2 files changed, 4 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/security/keys/key.c b/security/keys/key.c
>>> index e282c6179..925d85c2e 100644
>>> --- a/security/keys/key.c
>>> +++ b/security/keys/key.c
>>> @@ -279,7 +279,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
>>> goto no_memory_2;
>>>
>>> key->index_key.desc_len = desclen;
>>> - key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
>>> + key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL_ACCOUNT);
>>> if (!key->index_key.description)
>>> goto no_memory_3;
>>> key->index_key.type = type;
>>> @@ -1198,7 +1198,7 @@ void __init key_init(void)
>>> {
>>> /* allocate a slab in which we can store keys */
>>> key_jar = kmem_cache_create("key_jar", sizeof(struct key),
>>> - 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
>>> + 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, NULL);
>>>
>>> /* add the special key types */
>>> list_add_tail(&key_type_keyring.link, &key_types_list);
>>> diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
>>> index 41e973500..ed50a100a 100644
>>> --- a/security/keys/request_key_auth.c
>>> +++ b/security/keys/request_key_auth.c
>>> @@ -171,10 +171,10 @@ struct key *request_key_auth_new(struct key *target, const char *op,
>>> kenter("%d,", target->serial);
>>>
>>> /* allocate a auth record */
>>> - rka = kzalloc(sizeof(*rka), GFP_KERNEL);
>>> + rka = kzalloc(sizeof(*rka), GFP_KERNEL_ACCOUNT);
>>> if (!rka)
>>> goto error;
>>> - rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL);
>>> + rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL_ACCOUNT);
>>> if (!rka->callout_info)
>>> goto error_free_rka;
>>> rka->callout_len = callout_len;
>>
>
>
> Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
>
> BR, Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: Vasily Averin <vasily.averin-fxUVXftIFDnyG1zEObXtfA@public.gmane.org>
To: Andrew Morton <akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
Cc: Yutian Yang <nglaive-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Shakeel Butt <shakeelb-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Michal Hocko <mhocko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Roman Gushchin
<roman.gushchin-fxUVXftIFDnyG1zEObXtfA@public.gmane.org>,
cgroups-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-mm-Bw31MaZKKs3YtjvyW6yDsg@public.gmane.org,
shenwenbo-Y5EWUtBUdg4nDS1+zs4M5A@public.gmane.org,
Johannes Weiner <hannes-druUgvl0LCNAfugRpC6u6w@public.gmane.org>,
kernel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org,
Jarkko Sakkinen <jarkko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Subject: Re: [PATCH] memcg: enable accounting in keyctl subsys
Date: Mon, 30 May 2022 12:38:28 +0300 [thread overview]
Message-ID: <ca0ba233-ed09-5dce-5f38-2e05b1114610@linux.dev> (raw)
In-Reply-To: <YovnzLqXqEHY6SAC-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Dear Andrew,
could you please pick up this patch too?
Thank you,
Vasily Averin
On 5/23/22 23:00, Jarkko Sakkinen wrote:
> On Mon, May 23, 2022 at 12:45:09PM +0300, Vasily Averin wrote:
>> On 7/19/21 11:17, Yutian Yang wrote:
>>> This patch enables accounting for key objects and auth record objects.
>>> Allocation of the objects are triggerable by syscalls from userspace.
>>>
>>> We have written a PoC to show that the missing-charging objects lead to
>>> breaking memcg limits. The PoC program takes around 2.2GB unaccounted
>>> memory, while it is charged for only 24MB memory usage. We evaluate the
>>> PoC on QEMU x86_64 v5.2.90 + Linux kernel v5.10.19 + Debian buster. All
>>> the limitations including ulimits and sysctl variables are set as default.
>>> Specifically, we set kernel.keys.maxbytes = 20000 and
>>> kernel.keys.maxkeys = 200.
>>>
>>> /*------------------------- POC code ----------------------------*/
>> [skipped]
>>> /*-------------------------- end --------------------------------*/
>>
>> I experimented with "keyctl request2 user debug: X:Y Z" inside the container
>> and found that the problem is still relevant and the proposed patch solves it
>> correctly.
>>
>> I didn't find any complaints about this patch, could someone explain why
>> it wasn't applied? If no one objects, I'd like to push it.
>>
>>> Signed-off-by: Yutian Yang <nglaive-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
>> Reviewed-by: Vasily Averin <vvs-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org>
>>
>> Thank you,
>> Vasily Averin
>>
>> PS. Should I perhaps resend it?
>>
>>> ---
>>> security/keys/key.c | 4 ++--
>>> security/keys/request_key_auth.c | 4 ++--
>>> 2 files changed, 4 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/security/keys/key.c b/security/keys/key.c
>>> index e282c6179..925d85c2e 100644
>>> --- a/security/keys/key.c
>>> +++ b/security/keys/key.c
>>> @@ -279,7 +279,7 @@ struct key *key_alloc(struct key_type *type, const char *desc,
>>> goto no_memory_2;
>>>
>>> key->index_key.desc_len = desclen;
>>> - key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL);
>>> + key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL_ACCOUNT);
>>> if (!key->index_key.description)
>>> goto no_memory_3;
>>> key->index_key.type = type;
>>> @@ -1198,7 +1198,7 @@ void __init key_init(void)
>>> {
>>> /* allocate a slab in which we can store keys */
>>> key_jar = kmem_cache_create("key_jar", sizeof(struct key),
>>> - 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
>>> + 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_ACCOUNT, NULL);
>>>
>>> /* add the special key types */
>>> list_add_tail(&key_type_keyring.link, &key_types_list);
>>> diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
>>> index 41e973500..ed50a100a 100644
>>> --- a/security/keys/request_key_auth.c
>>> +++ b/security/keys/request_key_auth.c
>>> @@ -171,10 +171,10 @@ struct key *request_key_auth_new(struct key *target, const char *op,
>>> kenter("%d,", target->serial);
>>>
>>> /* allocate a auth record */
>>> - rka = kzalloc(sizeof(*rka), GFP_KERNEL);
>>> + rka = kzalloc(sizeof(*rka), GFP_KERNEL_ACCOUNT);
>>> if (!rka)
>>> goto error;
>>> - rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL);
>>> + rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL_ACCOUNT);
>>> if (!rka->callout_info)
>>> goto error_free_rka;
>>> rka->callout_len = callout_len;
>>
>
>
> Acked-by: Jarkko Sakkinen <jarkko-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
>
> BR, Jarkko
next prev parent reply other threads:[~2022-05-30 9:38 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-19 8:17 [PATCH] memcg: enable accounting in keyctl subsys Yutian Yang
2021-07-19 8:17 ` Yutian Yang
2022-05-23 9:45 ` Vasily Averin
2022-05-23 9:45 ` Vasily Averin
2022-05-23 20:00 ` Jarkko Sakkinen
2022-05-23 20:00 ` Jarkko Sakkinen
2022-05-30 9:38 ` Vasily Averin [this message]
2022-05-30 9:38 ` Vasily Averin
2022-05-30 20:38 ` Andrew Morton
2022-05-30 20:38 ` Andrew Morton
2022-06-03 4:23 ` Vasily Averin
2022-06-03 4:23 ` Vasily Averin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ca0ba233-ed09-5dce-5f38-2e05b1114610@linux.dev \
--to=vasily.averin@linux.dev \
--cc=akpm@linux-foundation.org \
--cc=cgroups@vger.kernel.org \
--cc=dhowells@redhat.com \
--cc=hannes@cmpxchg.org \
--cc=jarkko@kernel.org \
--cc=kernel@openvz.org \
--cc=linux-mm@kvack.org \
--cc=mhocko@kernel.org \
--cc=nglaive@gmail.com \
--cc=roman.gushchin@linux.dev \
--cc=shakeelb@google.com \
--cc=shenwenbo@zju.edu.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.