[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CALvZod7-S6=qzKgcnMh_=pK5HRVR6PdGkVXdNNrv9EJLcYW_aw@mail.gmail.com>
Date: Tue, 20 Jul 2021 12:15:37 -0700
From: Shakeel Butt <shakeelb@...gle.com>
To: Vasily Averin <vvs@...tuozzo.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Cgroups <cgroups@...r.kernel.org>,
Michal Hocko <mhocko@...nel.org>,
Johannes Weiner <hannes@...xchg.org>,
Vladimir Davydov <vdavydov.dev@...il.com>,
Roman Gushchin <guro@...com>, Jens Axboe <axboe@...nel.dk>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Oleg Nesterov <oleg@...hat.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v5 13/16] memcg: enable accounting for signals
On Mon, Jul 19, 2021 at 3:46 AM Vasily Averin <vvs@...tuozzo.com> wrote:
>
> When a user send a signal to any another processes it forces the kernel
> to allocate memory for 'struct sigqueue' objects. The number of signals
> is limited by RLIMIT_SIGPENDING resource limit, but even the default
> settings allow each user to consume up to several megabytes of memory.
> Moreover, an untrusted admin inside container can increase the limit or
> create new fake users and force them to sent signals.
>
> It makes sense to account for these allocations to restrict the host's
> memory consumption from inside the memcg-limited container.
>
> Signed-off-by: Vasily Averin <vvs@...tuozzo.com>
It seems like there is an agreement on this patch with the updated
commit message. In next version you can add:
Reviewed-by: Shakeel Butt <shakeelb@...gle.com>
Powered by blists - more mailing lists