From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752455AbdJ3MoE (ORCPT ); Mon, 30 Oct 2017 08:44:04 -0400 Received: from mx2.suse.de ([195.135.220.15]:42130 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752389AbdJ3MoB (ORCPT ); Mon, 30 Oct 2017 08:44:01 -0400 Date: Mon, 30 Oct 2017 13:43:58 +0100 From: Jan Kara To: Yang Shi Cc: jack@suse.cz, amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] fs: fsnotify: account fsnotify metadata to kmemcg Message-ID: <20171030124358.GF23278@quack2.suse.cz> References: <1509128538-50162-1-git-send-email-yang.s@alibaba-inc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1509128538-50162-1-git-send-email-yang.s@alibaba-inc.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat 28-10-17 02:22:18, Yang Shi wrote: > If some process generates events into a huge or unlimit event queue, but no > listener read them, they may consume significant amount of memory silently > until oom happens or some memory pressure issue is raised. > It'd better to account those slab caches in memcg so that we can get heads > up before the problematic process consume too much memory silently. > > But, the accounting might be heuristic if the producer is in the different > memcg from listener if the listener doesn't read the events. Due to the > current design of kmemcg, who does the allocation, who gets the accounting. > > Signed-off-by: Yang Shi > --- > v1 --> v2: > * Updated commit log per Amir's suggestion I'm sorry but I don't think this solution is acceptable. I understand that in some cases (and you likely run one of these) the result may *happen* to be the desired one but in other cases, you might be charging wrong memcg and so misbehaving process in memcg A can effectively cause a DoS attack on a process in memcg B. If you have a setup in which notification events can consume considerable amount of resources, you are doing something wrong I think. Standard event queue length is limited, overall events are bounded to consume less than 1 MB. If you have unbounded queue, the process has to be CAP_SYS_ADMIN and presumably it has good reasons for requesting unbounded queue and it should know what it is doing. So maybe we could come up with some better way to control amount of resources consumed by notification events but for that we lack more information about your use case. And I maintain that the solution should account events to the consumer, not the producer... Honza -- Jan Kara SUSE Labs, CR