Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3852155imu; Mon, 7 Jan 2019 10:37:22 -0800 (PST) X-Google-Smtp-Source: ALg8bN7cu1fb5xR2ohMKCHUiM9ClhZLVKbVbWA2pIq2Et0wzwj6HRAp3q7uOeiOMSJM1ChsZCew6 X-Received: by 2002:a63:d50f:: with SMTP id c15mr30923467pgg.287.1546886242449; Mon, 07 Jan 2019 10:37:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546886242; cv=none; d=google.com; s=arc-20160816; b=hfBqIfgHeAYgC9lpeQbsJwowEE8jYu/6WdMxTIq/8GB8qLrUvUabnBGLc0eolILaRW ynriPy2GjMaDclDm+Td4rNqZv+LYwg/u3p2ulq3FB/zyHdR8clGTK5HheLjUsXJK9OV4 u1voVQCC6RfCPaMLlq9SvQ+88IK1jbWdttPNTYF3x4Y4iITSAFM+NXUL5KJYvzMqgL/q vmDK3CccxaElcIIjnjO2X2e8R4RwNUoUY/sUKuGK8sOfsPQyBa4sBAy3C5v1q3MOTYQa PY+KlHeupZ2smtGdUe4tPJ9vbsnv5Lw6uqO9AWb2IMfZoD5gITvtMKh9oBijhZI4bcxK A6+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=55NTT07eRl9Jvbq7bt8GJTcM7OZDvoqCukvddKO2pJA=; b=p62k6Rt/N/MzfFhiW1CICVxH1xVoLdcKQY9V3iUS4YJyP0Y29BH61o6CfQqU489tRF dQpD9ioELUCpiO6jx+kdztvRrB80PYXDcbfsf44/VZKHEmxA4CHLe23+Hffz24+l5HYI Di7aTPmQPJWK1xAZTlCRFXHwUQlyRi1H+0Cvv71t0fFUX0k1f3t+4n7nLBMDSf7ICSYL iwySD5L9gLbzXy/7h/lOtg6jDR6PlnH5h5kGhCv+5sX/W51I2YsDcqEF7pAiwQ+0Jw5t H7QCL1oDPn2BYrlovR2dFlCfQbGiYMwk7RzfMhm4u6LvYYnoPumbpbeW/VlOuvlcx5xi Lm9w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XUgOiymF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z8si62065931pgk.183.2019.01.07.10.37.07; Mon, 07 Jan 2019 10:37:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XUgOiymF; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728587AbfAGSWj (ORCPT + 99 others); Mon, 7 Jan 2019 13:22:39 -0500 Received: from mail-qt1-f202.google.com ([209.85.160.202]:32992 "EHLO mail-qt1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727304AbfAGSWj (ORCPT ); Mon, 7 Jan 2019 13:22:39 -0500 Received: by mail-qt1-f202.google.com with SMTP id k90so1082329qte.0 for ; Mon, 07 Jan 2019 10:22:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=55NTT07eRl9Jvbq7bt8GJTcM7OZDvoqCukvddKO2pJA=; b=XUgOiymFTCfp+ZEx13K79sevEb6Hbt3YH//NFvV3cfURyVwwj0rf52anrcQfcF3GuN grXbEdQydgvYJ4UPdDndyh94uWS4DZLAkKzgy10FcOrpvN/0siRRXMnbZVjyD7RvNzm4 qrXGbHgsW/x3ir6rtCXDhLTBgbtvxYnir0EAF7qnbLSLxUk4hlt7uYgUR+m5fv7pD8Lg BoSuSMYxSGUhKDjM/hLAotPRF2Cv4YyLTf7G7/bPDjZ8m8u73O2IicePdUqnUuXvw2QQ NzWA0thjkUHrknwhiqp1+I3GgQyUIWn1N/PwBYd+ErCEiKgjJ61Vr6BgZIuaOW1NM5a/ cAUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=55NTT07eRl9Jvbq7bt8GJTcM7OZDvoqCukvddKO2pJA=; b=nft8vmDnVvd82e4/qQbb1E92WUmZVU83rn4Bps3919cS4Lt3fNTy6sd3JanRk+w6Cq wPkrjlfqsnZgR4unuzy0alZtbcX28Ji29KbA4rBpofDQOCWf2FW+tpZT6hz2TczuB6vT YIcZNlY83BR9H2PH9JrKyA2A6/AUo2jcPeli9UmePAilzGdClQfTtxlh0e/ywmRZTu3B Xh34US5MS/d5bWzpeZpXE+RezhrNfN6nfw/TiR1Vl2dtNf4FDxJNCWzE6Ssniqh11IoS DNh//iQJSa/Ykm7TeYJNzRwty+DjVh4bT6yEc/SXSplnvoa1JGU1JwhYHx+vVnCUYrOx LKdw== X-Gm-Message-State: AJcUukdjEM76ddC8hRitPFTvIe+nv6yM9rMRUgLoBTF8foUQMLWVbVbV F698N1+x2jgqF007p+RICFCbBO/yWDEXOw== X-Received: by 2002:ac8:7244:: with SMTP id l4mr1476652qtp.21.1546885357814; Mon, 07 Jan 2019 10:22:37 -0800 (PST) Date: Mon, 7 Jan 2019 10:22:24 -0800 In-Reply-To: Message-Id: <20190107182224.32380-1-shakeelb@google.com> Mime-Version: 1.0 References: X-Mailer: git-send-email 2.20.1.97.g81188d93c3-goog Subject: Re: general protection fault in put_pid From: Shakeel Butt To: Manfred Spraul Cc: Dmitry Vyukov , syzbot+1145ec2e23165570c3ac@syzkaller.appspotmail.com, Andrew Morton , David Howells , "Eric W . Biederman" , ktsanaktsidis@zendesk.com, LKML , Michal Hocko , Mike Rapoport , Stephen Rothwell , syzkaller-bugs , Matthew Wilcox , Davidlohr Bueso , Shakeel Butt Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 7, 2019 at 10:04 AM Manfred Spraul wrote: > > On 1/3/19 11:18 PM, Shakeel Butt wrote: > > Hi Manfred, > > > > On Sun, Dec 23, 2018 at 4:26 AM Manfred Spraul > > wrote: > >> Hello Dmitry, > >> > >> On 12/23/18 10:57 AM, Dmitry Vyukov wrote: > >>> I can reproduce this infinite memory consumption with the C > >>> program: > >>> https://gist.githubusercontent.com/dvyukov/03ec54b3429ade16fa07bf8b2379aff3/raw/ae4f654e279810de2505e8fa41b73dc1d77778e6/gistfile1.txt > >>> > >>> But this is working as intended, right? It just creates infinite > >>> number of large semaphore sets, which reasonably consumes infinite > >>> amount of memory. > >>> Except that it also violates the memcg bound and a process can > >>> have > >>> effectively unlimited amount of such "drum memory" in semaphores. > >> Yes, this is as intended: > >> > >> If you call semget(), then you can use memory, up to the limits in > >> /proc/sys/kernel/sem. > >> > >> Memcg is not taken into account, an admin must set > >> /proc/sys/kernel/sem. > >> > >> The default are "infinite amount of memory allowed", as this is the > >> most > >> sane default: We had a logic that tried to autotune (i.e.: a new > >> namespace "inherits" a fraction of the parent namespaces memory > >> limits), > >> but this we more or less always wrong. > >> > >> > > What's the disadvantage of setting the limits in > > /proc/sys/kernel/sem > > high and let the task's memcg limits the number of semaphore a > > process > > can create? Please note that the memory underlying shmget and msgget > > is already accounted to memcg. > > Nothing, it it just a question of implementing it. > I think it should be something like following: --- ipc/sem.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ipc/sem.c b/ipc/sem.c index 745dc6187e84..ad63df2658aa 100644 --- a/ipc/sem.c +++ b/ipc/sem.c @@ -494,7 +494,7 @@ static struct sem_array *sem_alloc(size_t nsems) return NULL; size = sizeof(*sma) + nsems * sizeof(sma->sems[0]); - sma = kvmalloc(size, GFP_KERNEL); + sma = kvmalloc(size, GFP_KERNEL_ACCOUNT); if (unlikely(!sma)) return NULL; @@ -1897,7 +1897,8 @@ static struct sem_undo *find_alloc_undo(struct ipc_namespace *ns, int semid) rcu_read_unlock(); /* step 2: allocate new undo structure */ - new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, GFP_KERNEL); + new = kzalloc(sizeof(struct sem_undo) + sizeof(short)*nsems, + GFP_KERNEL_ACCOUNT); if (!new) { ipc_rcu_putref(&sma->sem_perm, sem_rcu_free); return ERR_PTR(-ENOMEM); -- 2.20.1.97.g81188d93c3-goog