Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp3793601ybi;
        Mon, 29 Jul 2019 12:44:48 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx6GHAM1gcOKHPKK6ROGCKSBeNS+9zNkYyHYVttKiSgHcQpAOPW6X41U8XdrnIvExhCnAyj
X-Received: by 2002:a17:90a:2343:: with SMTP id f61mr115140545pje.130.1564429488278;
        Mon, 29 Jul 2019 12:44:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564429488; cv=none;
        d=google.com; s=arc-20160816;
        b=w1QWaLRp9iKS7c8IsmEIr5FfmKkJzTKBOWZQaA1u+DxAYtMwwgrzYxXPh90b49dpm8
         WAWJMlPup9d8xE9Li1yqv3K/dYvnFjJLkn9Y9GFpMkc0V5vc3Nzfavbb6WtrNIeu7x3V
         MPwAcltEYviM7Z66LskpQjqAb6RqVAzLc643ssiwZn3msazhmkaQJW800oY0xx9nPHDG
         ssNitvlouqV74nvod9978/JHAeHRzmxkkOx93m2/W+87AW5araYl6LyIahBpjw0RLRl/
         Mj7WTncjR15YSpuG+TUBB90nUoaxtCmWKeH1oJCsRXiC48O+/RZTZx7v6ft08RLMWqZ9
         KeqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=XQJ5XD6siS6Jfgi7+vM4juhUEjmFXFl1R6aI6/mtjIU=;
        b=YJYmpTpx6MoDSL3TcCaOwT+3rfg0rwOo2ZY4G4hZOfBD2F8vpuHD6YhTxAR5rNIZp9
         HsK4GUL8LtcseqNqLD6yyuW+8Jt2ljJSklXCKuUCSqHMURCJqyFyXaHqfhZUOy9BJgZL
         gJiXt8J/qVXdBZ/J4is8R+pFcFmUb9IOlaCsWKt1gajo88DuCGATc8zgtoszaf08lHh6
         NTDdEyrjJXnzEv3VHokK9hLbcDbHGYjk49roahX47OGt3yMvhtwEbtY9W0mOZLrYfInS
         VJwy/7taXYxjvDZI0TvuJm2FKlFG5yryWZX6fgriiPi2nB4jje4uz550fdf1BBQ8U753
         hrKA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=hfXjZlv3;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o3si23497plb.238.2019.07.29.12.44.33;
        Mon, 29 Jul 2019 12:44:48 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=hfXjZlv3;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2389645AbfG2TnZ (ORCPT <rfc822;rao.subba.venkata@gmail.com>
        + 99 others); Mon, 29 Jul 2019 15:43:25 -0400
Received: from mail.kernel.org ([198.145.29.99]:59632 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2389639AbfG2TnY (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Jul 2019 15:43:24 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id BE31A2054F;
        Mon, 29 Jul 2019 19:43:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1564429403;
        bh=EyK6gRJlxAvJzXu89B1/5FdgCOahdnNn1sjhMN82MkY=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=hfXjZlv35bc7R72ujLkIBP6YZLOmMUP+xlGsa6pKVWaDCcAGUIb99OoyOz5EA4bMH
         m8E/txlplzLfig+DOj79PM2Q0smmK1JZ7Vx+gpkltTGO+aXo0zsl0kL5xxYSyfo38q
         Qrb9y8FzETsKPplttIMRk2n6Jun/MSGQGBxZkDvU=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Shakeel Butt <shakeelb@google.com>,
        Roman Gushchin <guro@fb.com>, Jan Kara <jack@suse.cz>,
        Johannes Weiner <hannes@cmpxchg.org>,
        Vladimir Davydov <vdavydov.dev@gmail.com>,
        Michal Hocko <mhocko@suse.com>,
        Amir Goldstein <amir73il@gmail.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 087/113] memcg, fsnotify: no oom-kill for remote memcg charging
Date:   Mon, 29 Jul 2019 21:22:54 +0200
Message-Id: <20190729190716.336041721@linuxfoundation.org>
X-Mailer: git-send-email 2.22.0
In-Reply-To: <20190729190655.455345569@linuxfoundation.org>
References: <20190729190655.455345569@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

[ Upstream commit ec165450968b26298bd1c373de37b0ab6d826b33 ]

Commit d46eb14b735b ("fs: fsnotify: account fsnotify metadata to
kmemcg") added remote memcg charging for fanotify and inotify event
objects.  The aim was to charge the memory to the listener who is
interested in the events but without triggering the OOM killer.
Otherwise there would be security concerns for the listener.

At the time, oom-kill trigger was not in the charging path.  A parallel
work added the oom-kill back to charging path i.e.  commit 29ef680ae7c2
("memcg, oom: move out_of_memory back to the charge path").  So to not
trigger oom-killer in the remote memcg, explicitly add
__GFP_RETRY_MAYFAIL to the fanotigy and inotify event allocations.

Link: http://lkml.kernel.org/r/20190514212259.156585-2-shakeelb@google.com
Signed-off-by: Shakeel Butt <shakeelb@google.com>
Reviewed-by: Roman Gushchin <guro@fb.com>
Acked-by: Jan Kara <jack@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/notify/fanotify/fanotify.c        | 5 ++++-
 fs/notify/inotify/inotify_fsnotify.c | 8 ++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/fs/notify/fanotify/fanotify.c b/fs/notify/fanotify/fanotify.c
index 29dee9630eec..a18b8d7a3075 100644
--- a/fs/notify/fanotify/fanotify.c
+++ b/fs/notify/fanotify/fanotify.c
@@ -148,10 +148,13 @@ struct fanotify_event_info *fanotify_alloc_event(struct fsnotify_group *group,
 	/*
 	 * For queues with unlimited length lost events are not expected and
 	 * can possibly have security implications. Avoid losing events when
-	 * memory is short.
+	 * memory is short. For the limited size queues, avoid OOM killer in the
+	 * target monitoring memcg as it may have security repercussion.
 	 */
 	if (group->max_events == UINT_MAX)
 		gfp |= __GFP_NOFAIL;
+	else
+		gfp |= __GFP_RETRY_MAYFAIL;
 
 	/* Whoever is interested in the event, pays for the allocation. */
 	memalloc_use_memcg(group->memcg);
diff --git a/fs/notify/inotify/inotify_fsnotify.c b/fs/notify/inotify/inotify_fsnotify.c
index f4184b4f3815..16b8702af0e7 100644
--- a/fs/notify/inotify/inotify_fsnotify.c
+++ b/fs/notify/inotify/inotify_fsnotify.c
@@ -99,9 +99,13 @@ int inotify_handle_event(struct fsnotify_group *group,
 	i_mark = container_of(inode_mark, struct inotify_inode_mark,
 			      fsn_mark);
 
-	/* Whoever is interested in the event, pays for the allocation. */
+	/*
+	 * Whoever is interested in the event, pays for the allocation. Do not
+	 * trigger OOM killer in the target monitoring memcg as it may have
+	 * security repercussion.
+	 */
 	memalloc_use_memcg(group->memcg);
-	event = kmalloc(alloc_len, GFP_KERNEL_ACCOUNT);
+	event = kmalloc(alloc_len, GFP_KERNEL_ACCOUNT | __GFP_RETRY_MAYFAIL);
 	memalloc_unuse_memcg();
 
 	if (unlikely(!event)) {
-- 
2.20.1