Received: by 10.223.185.116 with SMTP id b49csp2279156wrg; Thu, 22 Feb 2018 11:01:40 -0800 (PST) X-Google-Smtp-Source: AH8x224ZyVtiPLDmyvHFIS47gYq+QIVCt+Y984eKS5KccUL2wf73eydZz5evExLb85ePvol4NLNP X-Received: by 2002:a17:902:6c4c:: with SMTP id h12-v6mr7396410pln.101.1519326100230; Thu, 22 Feb 2018 11:01:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519326100; cv=none; d=google.com; s=arc-20160816; b=R2Yrsl2V0qYbmRInI7gAR2hEQ6L4nvMIDPcfS3c8n2clvjxzO+v66SMKatDtYH7TAl ts9kt5lJB641g2c2HkeD1a7DqrMSMetWD4NtnNOwj4akqJ0MXvdtNY2RJ8FgTEHNhBPI htIXbyUshhXezoKVrzwGC1EK4ZMS7s9HB83wAcLnzFsB8ubKeJjiEnKeMYU1zUmEiZk8 UL5cRGOoplKHRVoMoxiQR1Bc/U7z/Bk9ule2Qgsob+I1q1TFSe9nY51qGMxHPORybmf8 8GZOlir0FWAdiF03o+0BeQ+xemU6vfYkckq9Vy/muM/gUxT+b6TTWCZuOxkkA2ouKHpm DdDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=TK0Xpdg9ffeSnI4JfWA4NZJIh35qDOpwn7t6jdwP8v8=; b=o13aR8GIDd9D9TyMnx+twrYCs+eZAsjKwQgNUkBHWDgXwLwTRML2tZXkys/rLxrhMG QiWhhr4llFnTFLsS3XYHAZTA1mCQ2h1zD2SGu2RJ4D37X+aAk8JBwGsuhif9hv0OYiiC C5+Sha0HhVzRYYxzaC9/JrDikmuxIQTK7XBKjHu7GG3Sf6qfoc0JU5IuMjj8KxZWNTOb CHU8Oed3QB1gqK3jYnraXxvMtQ3SzzR1UVCGvEWOtRgjIJMaESPvmnzGxreSJl38efOX QDGY07kiNg3QXFrY04UcZM+/fWT9n76WjOGRSpYB9jnVZsyE5OZLqztZ2fUysF2JdZzu Z97g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=FqAsmdZp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r14si376882pgs.604.2018.02.22.11.01.25; Thu, 22 Feb 2018 11:01:40 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=FqAsmdZp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751338AbeBVTAg (ORCPT + 99 others); Thu, 22 Feb 2018 14:00:36 -0500 Received: from mail-wm0-f67.google.com ([74.125.82.67]:38117 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751155AbeBVTAe (ORCPT ); Thu, 22 Feb 2018 14:00:34 -0500 Received: by mail-wm0-f67.google.com with SMTP id z9so332198wmb.3 for ; Thu, 22 Feb 2018 11:00:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TK0Xpdg9ffeSnI4JfWA4NZJIh35qDOpwn7t6jdwP8v8=; b=FqAsmdZpfQ0YLCSOH5E3RGST64teARjmi/s8GscKhdGEywHhByTw9tn4zc7EVL8Ggd vYNB+WDsgWXJf3OkGByTFPcrB9snnkcps/bLRd2bTOGak7f3gTdxV36sSKn2V3HFT9m0 4GW8B70mX/Upzp6JT7/J/LoaCbM+6RsLtx+oJP8yFs+PSePnAV8ciyP0RUjwqjdhcAoq r/7CYZXkRsrcneUsoSdHIpbwHhB53USr+bRSUWnJjX5lS/HWlUPPZOHZ5414HzXWk5JQ hymx9hZ0TCYMCyyPJ1wCh67vydeCgVo1I7SeDfOzC3BU5QTKSCuaKqqkHO+7pRlr6ksi 3ciw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TK0Xpdg9ffeSnI4JfWA4NZJIh35qDOpwn7t6jdwP8v8=; b=MaTc49sftkL39MOqbDE3MZ5eNK6ueep+v9MOaaKreLVMz4nmY7uM+YlvoSgc9fX/BF 3yaCYdrfybx7Z8g/HhJcosXOeVHb8wkQfjmNIUb1JGkxuerBZwPB4HFDaRofQ+LxRaP+ PvArrfeBYff7YGX5dNtJP2wA9Zg2C7t2+qlZBWnSPom/elmF6+0u1KKbgef0+OAKi/wB oRYLmPTuuF9WxrFYWc8dR+2pUvDBAlDqzpHVEew72mfkk3kcUq62///l7TzDR/nUPzDp 8LeMRBusvnSQFOTCanF3hC8YG08yVYH9gq+chBVklY8HbOhw39BvbsIGUlyhQ4UJmxSg 7oeg== X-Gm-Message-State: APf1xPBqn/d2Wjq+1CdkoQnLekvqWO7l/bNblP3l2iC7yyM8rICC6iyN nVgnz7V8Jc2hWYtLafI9dFfAvh2qMaVEkuBqJ+nUJA== X-Received: by 10.28.41.3 with SMTP id p3mr172506wmp.140.1519326032897; Thu, 22 Feb 2018 11:00:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.55.204 with HTTP; Thu, 22 Feb 2018 11:00:25 -0800 (PST) In-Reply-To: <20180222144844.g4p2diu3cnbr7sx3@quack2.suse.cz> References: <20180221030101.221206-1-shakeelb@google.com> <20180221030101.221206-4-shakeelb@google.com> <20180222134944.GK30681@dhcp22.suse.cz> <20180222144844.g4p2diu3cnbr7sx3@quack2.suse.cz> From: Shakeel Butt Date: Thu, 22 Feb 2018 11:00:25 -0800 Message-ID: Subject: Re: [PATCH v2 3/3] fs: fsnotify: account fsnotify metadata to kmemcg To: Jan Kara Cc: Michal Hocko , Amir Goldstein , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Andrew Morton , Greg Thelen , Johannes Weiner , Vladimir Davydov , Mel Gorman , Vlastimil Babka , linux-fsdevel , Linux MM , Cgroups , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 22, 2018 at 6:48 AM, Jan Kara wrote: > On Thu 22-02-18 14:49:44, Michal Hocko wrote: >> On Tue 20-02-18 19:01:01, Shakeel Butt wrote: >> > A lot of memory can be consumed by the events generated for the huge or >> > unlimited queues if there is either no or slow listener. This can cause >> > system level memory pressure or OOMs. So, it's better to account the >> > fsnotify kmem caches to the memcg of the listener. >> >> How much memory are we talking about here? > > 32 bytes per event (on 64-bit) which is small but the number of events is > not limited in any way (if the creator uses a special flag and has > CAP_SYS_ADMIN). In the thread [1] a guy from Alibaba wanted this feature so > among cloud people there is apparently some demand to have a way to limit > memory usage of such application... > >> > There are seven fsnotify kmem caches and among them allocations from >> > dnotify_struct_cache, dnotify_mark_cache, fanotify_mark_cache and >> > inotify_inode_mark_cachep happens in the context of syscall from the >> > listener. So, SLAB_ACCOUNT is enough for these caches. >> > >> > The objects from fsnotify_mark_connector_cachep are not accounted as >> > they are small compared to the notification mark or events and it is >> > unclear whom to account connector to since it is shared by all events >> > attached to the inode. >> > >> > The allocations from the event caches happen in the context of the event >> > producer. For such caches we will need to remote charge the allocations >> > to the listener's memcg. Thus we save the memcg reference in the >> > fsnotify_group structure of the listener. >> >> Is it typical that the listener lives in a different memcg and if yes >> then cannot this cause one memcg to OOM/DoS the one with the listener? > > We have been through these discussions already in [1] back in November :). > I can understand the wish to limit memory usage of an application using > unlimited fanotify queues. And yes, it may mean that it will be easier for > an attacker to get it oom-killed (currently the malicious app would drive > the whole system oom which will presumably take a bit more effort as there > is more memory to consume). But then I expect this is what admin prefers > when he limits memory usage of fanotify listener. > Just one clarification, currently the kernel does not trigger oom-killer for allocations hitting memcg limit in the context of syscalls but rather return an ENOMEM (after trying memcg reclaim). Jan has already posted a patch to handle those ENOMEMs.