lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <hlxtpscuxjjzgsiom4yh6r7zj4vpiuibqod7mkvceqzabhqeba@zsybr6aadn3c>
Date: Mon, 8 Sep 2025 16:46:36 -0700
From: Shakeel Butt <shakeel.butt@...ux.dev>
To: Kuniyuki Iwashima <kuniyu@...gle.com>
Cc: Alexei Starovoitov <ast@...nel.org>, 
	Andrii Nakryiko <andrii@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, 
	Martin KaFai Lau <martin.lau@...ux.dev>, John Fastabend <john.fastabend@...il.com>, 
	Stanislav Fomichev <sdf@...ichev.me>, Johannes Weiner <hannes@...xchg.org>, 
	Michal Hocko <mhocko@...nel.org>, Roman Gushchin <roman.gushchin@...ux.dev>, 
	"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, 
	Neal Cardwell <ncardwell@...gle.com>, Willem de Bruijn <willemb@...gle.com>, 
	Mina Almasry <almasrymina@...gle.com>, Kuniyuki Iwashima <kuni1840@...il.com>, bpf@...r.kernel.org, 
	netdev@...r.kernel.org
Subject: Re: [PATCH v6 bpf-next/net 0/5] bpf: Allow decoupling memcg from
 sk->sk_prot->memory_allocated.

Let me quickly give couple of high level comments.

On Mon, Sep 08, 2025 at 10:34:34PM +0000, Kuniyuki Iwashima wrote:
> Some protocols (e.g., TCP, UDP) have their own memory accounting for
> socket buffers and charge memory to global per-protocol counters such
> as /proc/net/ipv4/tcp_mem.
> 
> When running under a non-root cgroup, 

Remove this non-root cgroup as we may change in future to also associate
with root memcg for stat purpose. In addition, we may switch sk pointing
to objcg instead of memcg.

> this memory is also charged to
> the memcg as sock in memory.stat.
> 
> We do not need to pay costs for two orthogonal memory accounting
> mechanisms.
> 
> This series allows decoupling memcg from the global memory accounting
> (memcg + tcp_mem -> memcg) if socket is configured as such by BPF prog.
> 

I understand that you need fine grained control but I see more users
interested in system level settings i.e. either through config, boot
param or sysctl, let the user/admin disable protocol specific accounting
if memcg is enabled.

Please rename SK_BPF_MEMCG_SOCK_ISOLATED to something more appropriate.
The isolated word is giving wrong impression. We want something which
specify that the kernel is only doing memcg accounting and not protocol
specific accounting for this socket. So, something like
SK_BPF_MEMCG_ONLY make more sense.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ