lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 20 May 2022 01:07:07 +0000
From:   Shakeel Butt <shakeelb@...gle.com>
To:     Vasily Averin <vvs@...nvz.org>
Cc:     Roman Gushchin <roman.gushchin@...ux.dev>,
        "Michal Koutný" <mkoutny@...e.com>,
        kernel@...nvz.org, linux-kernel@...r.kernel.org,
        Vlastimil Babka <vbabka@...e.cz>,
        Michal Hocko <mhocko@...e.com>, cgroups@...r.kernel.org
Subject: Re: [PATCH 1/4] memcg: enable accounting for large allocations in mem_cgroup_css_alloc

On Fri, May 13, 2022 at 06:51:41PM +0300, Vasily Averin wrote:
> cgroup mkdir can be misused inside memcg limited container. It can allocate
> a lot of host memory without memcg accounting, cause global memory shortage
> and force OOM to kill random host process.
> 
> Below [1] is result of mkdir /sys/fs/cgroup/test tracing on VM with 4 cpus
> 
> number	bytes	$1*$2	sum	note	call_site
> of	alloc
> allocs
> ------------------------------------------------------------
> 1       14448   14448   14448   =       percpu_alloc_percpu:
> 1       8192    8192    22640           (mem_cgroup_css_alloc+0x54)
> 49      128     6272    28912           (__kernfs_new_node+0x4e)
> 49      96      4704    33616           (simple_xattr_alloc+0x2c)
> 49      88      4312    37928           (__kernfs_iattrs+0x56)
> 1       4096    4096    42024           (cgroup_mkdir+0xc7)
> 1       3840    3840    45864   =       percpu_alloc_percpu:
> 4       512     2048    47912           (alloc_fair_sched_group+0x166)
> 4       512     2048    49960           (alloc_fair_sched_group+0x139)
> 1       2048    2048    52008           (mem_cgroup_css_alloc+0x109)
> 	[smaller objects skipped]
> ---
> Total			61728
> 
> '=' --  accounted allocations
> 
> This patch enabled accounting for one of the main memory hogs in this
> experiment: allocation which are called inside mem_cgroup_css_alloc()
> 
> Signed-off-by: Vasily Averin <vvs@...nvz.org>
> Link: [1] https://lore.kernel.org/all/1aa4cd22-fcb6-0e8d-a1c6-23661d618864@openvz.org/
> 

Acked-by: Shakeel Butt <shakeelb@...gle.com>

Powered by blists - more mailing lists