Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp402758imu; Wed, 2 Jan 2019 23:24:30 -0800 (PST) X-Google-Smtp-Source: ALg8bN5qEg7qw8yrXMGTjVHwJKYgOrDH8ua9jEcNPo/JdYwzOypJOkZrBVhGf7oW3XUvCgxTL7lr X-Received: by 2002:a63:a553:: with SMTP id r19mr15987255pgu.53.1546500270543; Wed, 02 Jan 2019 23:24:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546500270; cv=none; d=google.com; s=arc-20160816; b=nrZVC9+vbnwqKPXYPuoQWZn9dLwHwG7Ey+pEJsSgpHX3jJlJmLWX+n2YJdlCai5hM2 jZgmaFy0H3OuPt18qON13oQHAV+NbVouEAfS0jMEwFTj9ny7SLzyC04HuS1GAcllBsmB IL2CqLSsjmpmP4hK4J11EJ80TzPyEYJXhVbrM2NDwecrUIiA3fyFQr+C24t8tILCt2O7 kKkWuE85MsV43SpFDUja9kvwq0mwY/BZmtgjCzgSjNBJ71oKRx4b5Oslc7bzw33GbL0i s+6eGNRf9Jqnz4p07GDDrHD2ODx05ih6Pd79ClZXYqMD3LrRwXGBEqC9f+9x6ND0iKdD RFCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:mime-version :message-id:date:dkim-signature; bh=LBYMDCbBA3NW41N7ApDqhkDWIbRHpdiaiS5pDRmTU0c=; b=Va+D22t5sbTZdOZJXvfxotOFFT3DjswdNF4BsV3VtmX1WhGjdqvFTCaCI4hsSAYIzb XyRar4q2u3HKgROhLFYbRzj3b3yrrozx1+dAydgdchDuCiwvwan6WqSew9gLNvClYMZK nlQLj5XjSI9c+sxwxVG/ZYsOnG626XQT3afYXeZ3grPkx8lvx9ElDisCdm2DAZ766RPL zpBdlSnVxOK/ROXxGqJxr5GZ+olQ+bkECM7TZ4tYUp4m+cRYSQshYL1GHRx1T5GCQ0Wm UlzUUmLd310RJn9WNn5utfJD2hhLIm7w9H5FgAKgWe92V2nGBu3KiCZp4+OfX46+RFm0 eeUw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iTqiOAwE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n3si52079849pld.36.2019.01.02.23.24.12; Wed, 02 Jan 2019 23:24:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=iTqiOAwE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729902AbfACDOn (ORCPT + 99 others); Wed, 2 Jan 2019 22:14:43 -0500 Received: from mail-qt1-f201.google.com ([209.85.160.201]:42963 "EHLO mail-qt1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730045AbfACDOk (ORCPT ); Wed, 2 Jan 2019 22:14:40 -0500 Received: by mail-qt1-f201.google.com with SMTP id n50so41031087qtb.9 for ; Wed, 02 Jan 2019 19:14:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=LBYMDCbBA3NW41N7ApDqhkDWIbRHpdiaiS5pDRmTU0c=; b=iTqiOAwEtmzx3502zPCqdPgvcXLNwz4HTbRKYhwJsFyOnPRo/g6n0AILOfliy/qjuL 3tVx78BpK4nsjlTIuxF54IsHOSC2grti05o7bDgSCF6IsjYm5La1e5Aa/vf4/YLGbQN7 O9OJsYhIQk2iLMgpyW/GKEOMLdNyOs0lRpjAwNQ1yLwDOtCyRyMk3XMLPjWg6zPu1rdE RzlLyI1Vh+bwuVKcEwKMNvQ5XuPQ6t18pzC5zTcH2NEAbR/voOiAIYcB/Kd/VYsMd919 5I98cCRTXQivucvkT9l7n6EHg8j8iB2+S2Cx3BQOV7xk5ACuqsp9je0gJP0jNNiPWdMc X4mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=LBYMDCbBA3NW41N7ApDqhkDWIbRHpdiaiS5pDRmTU0c=; b=c3Mi8RuduX9r0rsURM8wPK83AUDqFo9pNOMadIWv+rYS4CvaqUFQxCx3wEdiJnf/gB ExRUk4oNPzm5WPlCTUPOjxmSmLbn49kY1jfbIEE0/CvmMiKszYRrTTfOT5tgdJpQHibN gALYRyzHnCXbn1MxOWeNAWewMoZyZflfT3M2k6J5sUNkoGrIyjR2m1anagcH4fyy8b72 +Ywtcx73Vhx1FgM0DJqwot5fCOExk4DQF2VueUrjzVYjulUocqzLNKSTZrEPUyPo4ajp 6Ji2wAhk0dc631OtpgJXr4YnvUz9hEeAZGVZvnVs1Babv/RFoQdeWqkZnDaCFjRUj0kn Nysg== X-Gm-Message-State: AA+aEWaH49xIv5yiY3PMwQ7r3JPOuJmIRYnGaMH1Ud1WkpCiweIEcT5C szwaMxdSetdICLVJYEHnBTkoqbNt5l+bJg== X-Received: by 2002:aed:22cb:: with SMTP id q11mr34452744qtc.31.1546485279505; Wed, 02 Jan 2019 19:14:39 -0800 (PST) Date: Wed, 2 Jan 2019 19:14:31 -0800 Message-Id: <20190103031431.247970-1-shakeelb@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.20.1.415.g653613c723-goog Subject: [PATCH v2] netfilter: account ebt_table_info to kmemcg From: Shakeel Butt To: Michal Hocko , Andrew Morton , Florian Westphal , Kirill Tkhai Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Shakeel Butt , syzbot+7713f3aa67be76b1552c@syzkaller.appspotmail.com, Pablo Neira Ayuso , Jozsef Kadlecsik , Roopa Prabhu , Nikolay Aleksandrov , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, bridge@lists.linux-foundation.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The [ip,ip6,arp]_tables use x_tables_info internally and the underlying memory is already accounted to kmemcg. Do the same for ebtables. The syzbot, by using setsockopt(EBT_SO_SET_ENTRIES), was able to OOM the whole system from a restricted memcg, a potential DoS. By accounting the ebt_table_info, the memory used for ebt_table_info can be contained within the memcg of the allocating process. However the lifetime of ebt_table_info is independent of the allocating process and is tied to the network namespace. So, the oom-killer will not be able to relieve the memory pressure due to ebt_table_info memory. The memory for ebt_table_info is allocated through vmalloc. Currently vmalloc does not handle the oom-killed allocating process correctly and one large allocation can bypass memcg limit enforcement. So, with this patch, at least the small allocations will be contained. For large allocations, we need to fix vmalloc. Reported-by: syzbot+7713f3aa67be76b1552c@syzkaller.appspotmail.com Signed-off-by: Shakeel Butt Cc: Florian Westphal Cc: Michal Hocko Cc: Kirill Tkhai Cc: Pablo Neira Ayuso Cc: Jozsef Kadlecsik Cc: Roopa Prabhu Cc: Nikolay Aleksandrov Cc: Andrew Morton Cc: Linux MM Cc: netfilter-devel@vger.kernel.org Cc: coreteam@netfilter.org Cc: bridge@lists.linux-foundation.org Cc: LKML --- Changelog since v1: - More descriptive commit message. net/bridge/netfilter/ebtables.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 491828713e0b..5e55cef0cec3 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c @@ -1137,14 +1137,16 @@ static int do_replace(struct net *net, const void __user *user, tmp.name[sizeof(tmp.name) - 1] = 0; countersize = COUNTER_OFFSET(tmp.nentries) * nr_cpu_ids; - newinfo = vmalloc(sizeof(*newinfo) + countersize); + newinfo = __vmalloc(sizeof(*newinfo) + countersize, GFP_KERNEL_ACCOUNT, + PAGE_KERNEL); if (!newinfo) return -ENOMEM; if (countersize) memset(newinfo->counters, 0, countersize); - newinfo->entries = vmalloc(tmp.entries_size); + newinfo->entries = __vmalloc(tmp.entries_size, GFP_KERNEL_ACCOUNT, + PAGE_KERNEL); if (!newinfo->entries) { ret = -ENOMEM; goto free_newinfo; -- 2.20.1.415.g653613c723-goog