[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y+JB7VQX+Ypof4j6@nvidia.com>
Date: Tue, 7 Feb 2023 08:19:57 -0400
From: Jason Gunthorpe <jgg@...dia.com>
To: Tejun Heo <tj@...nel.org>
Cc: Yosry Ahmed <yosryahmed@...gle.com>,
Alistair Popple <apopple@...dia.com>, linux-mm@...ck.org,
cgroups@...r.kernel.org, linux-kernel@...r.kernel.org,
jhubbard@...dia.com, tjmercier@...gle.com, hannes@...xchg.org,
surenb@...gle.com, mkoutny@...e.com, daniel@...ll.ch,
"Daniel P . Berrange" <berrange@...hat.com>,
Alex Williamson <alex.williamson@...hat.com>,
Zefan Li <lizefan.x@...edance.com>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH 14/19] mm: Introduce a cgroup for pinned memory
On Mon, Feb 06, 2023 at 02:32:37PM -1000, Tejun Heo wrote:
> Hello,
>
> On Mon, Feb 06, 2023 at 07:40:55PM -0400, Jason Gunthorpe wrote:
> > (a) kind of destroys the point of this as a sandboxing tool
> >
> > It is not so harmful to use memory that someone else has been charged
> > with allocating.
> >
> > But it is harmful to pin memory if someone else is charged for the
> > pin. It means it is unpredictable how much memory a sandbox can
> > actually lock down.
> >
> > Plus we have the double accounting problem, if 1000 processes in
> > different cgroups open the tmpfs and all pin the memory then cgroup A
> > will be charged 1000x for the memory and hit its limit, possibly
> > creating a DOS from less priv to more priv
>
> Let's hear what memcg people think about it. I'm not a fan of disassociating
> the ownership and locker of the same page but it is true that actively
> increasing locked consumption on a remote cgroup is awkward too.
The main purpose of all this is to support libvirt, so they need to
support (a) too.
(b) is what we have now and most closely emulates the way the RLIMIT
works.
Jason
Powered by blists - more mailing lists