Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp3123890ybi;
        Thu, 18 Jul 2019 21:30:04 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzmcJRfvbnAX8+EU9+ZWekAkbDB9IC8ylPy3Hj/KmwysD5Fc137DE+3D8E0wfQGrQ1vm8F+
X-Received: by 2002:a17:902:549:: with SMTP id 67mr54248709plf.86.1563510604209;
        Thu, 18 Jul 2019 21:30:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1563510604; cv=none;
        d=google.com; s=arc-20160816;
        b=F45LJK9J9lvOycML1LY+U7FG9dHsntr0/7esriVzzyfQMjmfxPgbd/sRrkK5LHirxJ
         DTU1Dg9X2pul1LYqb62Q6+Ol/W0mTYYSWJjv7Va+iYJrfPU2+Oca2ZNPl4h0fe5RYOGU
         Nt6Sp+o9QeTXZhubaiIOaTCJ0EIQie+aSDBqOWI3V1zeKiTO1n0weoaIfrnoSAz+sJZJ
         gN/TQNI7g1PY0+taeadhbl078BhzLd23aPpwqzs9FR72FjCrGwuQgu2mev92XCH2WWtq
         gBAn1yITt2ul/Rb7ZFDYLLri52h9Vc9KQ/Lcdx+ixlBbanYzYvNfYu/xrEiAbGVv9CIZ
         svHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=nnyVYbt4tM6Y5Q+0eaLGnDD1sybu2jGdyh83mmyxL2A=;
        b=R9s3Y29kq6m9SFfWLx+ZuoTrQL9WABVMDiqbZcuhTpE7jw9FzrgBTmDfQZ+bUGXjtO
         m1uxoy4MngphRD4jrBPlPVV2et5hilTH3Hae+iWJb94aS4a2t0zxMeTKuZ6NwUXB9lbf
         FZ+yf8wQdrFg98wAOaxQfSnNWaV4HNZrPNusW27t2HJP+dtFYXTsDorcLIumvZBpLYHs
         7Hpb+tF3m7tNHVP01NPTeJoZbcVAaEP14bir7fwdwvDJQg+ioJXPtUudiLz6macFJ17Q
         A5XTawNms3/RA4svGlW01su1HmSOI5E+FubKvxJcymK+fAkG6y/cJQ8leJHrqdqbdm5V
         9+bQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Rq++uQhS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m63si233346pld.385.2019.07.18.21.29.48;
        Thu, 18 Jul 2019 21:30:04 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=Rq++uQhS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387402AbfGSE1b (ORCPT <rfc822;noahbdev@gmail.com> + 99 others);
        Fri, 19 Jul 2019 00:27:31 -0400
Received: from mail.kernel.org ([198.145.29.99]:40372 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1729157AbfGSEG4 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Jul 2019 00:06:56 -0400
Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 30AB6218A6;
        Fri, 19 Jul 2019 04:06:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1563509215;
        bh=mjpXVKodQX07mlOxhWXJOjjSgftRWp5qKcdqRVQpF+c=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=Rq++uQhSfs3SRs5LVZs+ZkgCKbxfGxA7mS8hwh0D7/6ErrmhfBh0ZspYZ+hJfrGv3
         mIzPq01kInkP6FZKH3GzDXBrEKEpRh5jkaILuLdMWQq6JOCIhaI8VlHz3IO09mjN/Z
         RJ6ioQ5GqCts683vPRuoq3/YEiSd1QZXMatN7JvQ=
From:   Sasha Levin <sashal@kernel.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Shakeel Butt <shakeelb@google.com>, Roman Gushchin <guro@fb.com>,
        Jan Kara <jack@suse.cz>, Johannes Weiner <hannes@cmpxchg.org>,
        Vladimir Davydov <vdavydov.dev@gmail.com>,
        Michal Hocko <mhocko@suse.com>,
        Amir Goldstein <amir73il@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Sasha Levin <sashal@kernel.org>, linux-fsdevel@vger.kernel.org
Subject: [PATCH AUTOSEL 5.1 131/141] memcg, fsnotify: no oom-kill for remote memcg charging
Date:   Fri, 19 Jul 2019 00:02:36 -0400
Message-Id: <20190719040246.15945-131-sashal@kernel.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190719040246.15945-1-sashal@kernel.org>
References: <20190719040246.15945-1-sashal@kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Shakeel Butt <shakeelb@google.com>

[ Upstream commit ec165450968b26298bd1c373de37b0ab6d826b33 ]

Commit d46eb14b735b ("fs: fsnotify: account fsnotify metadata to
kmemcg") added remote memcg charging for fanotify and inotify event
objects.  The aim was to charge the memory to the listener who is
interested in the events but without triggering the OOM killer.
Otherwise there would be security concerns for the listener.

At the time, oom-kill trigger was not in the charging path.  A parallel
work added the oom-kill back to charging path i.e.  commit 29ef680ae7c2
("memcg, oom: move out_of_memory back to the charge path").  So to not
trigger oom-killer in the remote memcg, explicitly add
__GFP_RETRY_MAYFAIL to the fanotigy and inotify event allocations.

Link: http://lkml.kernel.org/r/20190514212259.156585-2-shakeelb@google.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Roman Gushchin <guro@fb.com>
Acked-by: Jan Kara <jack@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/notify/fanotify/fanotify.c        | 5 ++++-
 fs/notify/inotify/inotify_fsnotify.c | 8 ++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
index 8c286f8228e5..d5db722ac272 100644
--- a/fs/notify/fanotify/fanotify.c
+++ b/fs/notify/fanotify/fanotify.c
@@ -288,10 +288,13 @@ struct fanotify_event *fanotify_alloc_event(struct fsnotify_group *group,
 	/*
 	 * For queues with unlimited length lost events are not expected and
 	 * can possibly have security implications. Avoid losing events when
-	 * memory is short.
+	 * memory is short. For the limited size queues, avoid OOM killer in the
+	 * target monitoring memcg as it may have security repercussion.
 	 */
 	if (group->max_events == UINT_MAX)
 		gfp |= __GFP_NOFAIL;
+	else
+		gfp |= __GFP_RETRY_MAYFAIL;
 
 	/* Whoever is interested in the event, pays for the allocation. */
 	memalloc_use_memcg(group->memcg);
diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c
index ff30abd6a49b..ca1a9dfff0b5 100644
--- a/fs/notify/inotify/inotify_fsnotify.c
+++ b/fs/notify/inotify/inotify_fsnotify.c
@@ -99,9 +99,13 @@ int inotify_handle_event(struct fsnotify_group *group,
 	i_mark = container_of(inode_mark, struct inotify_inode_mark,
 			      fsn_mark);
 
-	/* Whoever is interested in the event, pays for the allocation. */
+	/*
+	 * Whoever is interested in the event, pays for the allocation. Do not
+	 * trigger OOM killer in the target monitoring memcg as it may have
+	 * security repercussion.
+	 */
 	memalloc_use_memcg(group->memcg);
-	event = kmalloc(alloc_len, GFP_KERNEL_ACCOUNT);
+	event = kmalloc(alloc_len, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
 	memalloc_unuse_memcg();
 
 	if (unlikely(!event)) {
-- 
2.20.1