| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e3e0323c6291c3ceab18f9e39bf772d98b29f81e.1705507931.git.jpoimboe@kernel.org>
Date: Wed, 17 Jan 2024 08:14:44 -0800
From: Josh Poimboeuf <jpoimboe@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>,
Jeff Layton <jlayton@...nel.org>,
Chuck Lever <chuck.lever@...cle.com>,
Shakeel Butt <shakeelb@...gle.com>,
Roman Gushchin <roman.gushchin@...ux.dev>,
Johannes Weiner <hannes@...xchg.org>,
Michal Hocko <mhocko@...nel.org>
Cc: linux-kernel@...r.kernel.org,
Jens Axboe <axboe@...nel.dk>,
Tejun Heo <tj@...nel.org>,
Vasily Averin <vasily.averin@...ux.dev>,
Michal Koutny <mkoutny@...e.com>,
Waiman Long <longman@...hat.com>,
Muchun Song <muchun.song@...ux.dev>,
Jiri Kosina <jikos@...nel.org>,
cgroups@...r.kernel.org,
linux-mm@...ck.org
Subject: [PATCH RFC 2/4] fs/locks: Add CONFIG_FLOCK_ACCOUNTING
Allow flock cache accounting to be disabled at build time.
Signed-off-by: Josh Poimboeuf <jpoimboe@...nel.org>
---
fs/Kconfig | 15 +++++++++++++++
fs/locks.c | 2 +-
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/fs/Kconfig b/fs/Kconfig
index a3159831ba98..591f54a03059 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -129,6 +129,21 @@ config FILE_LOCKING
for filesystems like NFS and for the flock() system
call. Disabling this option saves about 11k.
+config FLOCK_ACCOUNTING
+ bool "Enable kernel memory accounting for file locks" if EXPERT
+ depends on FILE_LOCKING
+ default y
+ help
+ This option enables kernel memory accounting for file locks. This
+ prevents task groups from exceeding their memcg allocation limits.
+ However, it may cause slowdowns in the flock() system call.
+
+ Disabling this option is not recommended as it may allow a rogue task
+ to DoS the system by forcing the kernel to allocate memory beyond the
+ task group's memcg limits.
+
+ If unsure, say Y.
+
source "fs/crypto/Kconfig"
source "fs/verity/Kconfig"
diff --git a/fs/locks.c b/fs/locks.c
index 235ac56c557d..e2799a18c4e8 100644
--- a/fs/locks.c
+++ b/fs/locks.c
@@ -2905,7 +2905,7 @@ static int __init proc_locks_init(void)
fs_initcall(proc_locks_init);
#endif
-static bool flock_accounting __ro_after_init = true;
+static bool flock_accounting __ro_after_init = IS_ENABLED(CONFIG_FLOCK_ACCOUNTING);
static int __init flock_accounting_cmdline(char *str)
{
--
2.43.0
Powered by blists - more mailing lists